Re: TCP Initial Window 10 MFC

2015-10-09 Thread hiren panchasara 
Resurrecting this old thread.

On 04/23/15 at 01:29P, hiren panchasara wrote:
> On 03/04/14 at 10:22P, hiren panchasara wrote:
> > On Tue, Mar 4, 2014 at 7:38 PM, Lawrence Stewart  
> > wrote:
> > 
> > 
> > > I lost the battle of wills on this topic and 10.0 shipped with IW10
> > > enabled by default :(
> > >
> > > As for having it configurable, it is a trivial patch which perhaps,
> > > Hiren, you might be willing to take a stab at? I obviously did not
> > > manage to carve out the time last year to push forward with the agenda I
> > > proposed in this thread, but I will get back to it at some point.
> > 
> > Hi Lawrence,
> > 
> > Let's fix it the right way if possible.
> > 
> > Below is a rough/untested quick patch I came up with. Is this how you
> > were planning to have "nonstandard" sysctl knob designed?
> 
> A bit more updated patch:
> https://people.freebsd.org/~hiren/initcwnd.patch
> 
> How do we go about the existing knob 'sysctl
> net.inet.tcp.experimental.initcwnd10' ?
>

I am going to leave the existing sysctl initcwnd10 as is for now so
people can keep using it.

Here is the review: https://reviews.freebsd.org/D3858

Cheers,
Hiren


pgp6M0tQx4sva.pgp
Description: PGP signature

Re: Freebsd 10.2 amd64 netmap ipfw

2015-10-09 Thread Jim Thompson 

> On Oct 9, 2015, at 7:14 AM, Archy Cho  wrote:
> 
> I think I must misunderstand something , could anyone send me advise?
> Or any documents could help to build a NETMAP IPFW firewall box ?

See the last several paragraphs of: 

https://github.com/luigirizzo/netmap-ipfw/blob/next/README

Note that the "telnet localhost 5566" traffic generator hack mentioned in the 
README doesn't work without a recompile, but you won't need it for running real 
traffic.

Jim

___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Freebsd 10.2 amd64 netmap ipfw

2015-10-09 Thread Archy Cho 
Dear All

I wish to try the new netmap driver with IPFW2 and dummynet.

I have google around and could not find any documents of all steps to set a 
working filtering box.

I have recompile the kernel with the followings.
###
cpu HAMMER
ident   ROUTER

options DUMMYNET
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
device  pf
device  pflog
device  pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
options ALTQ_NOPCC
options TCP_SIGNATURE
options IPSEC
options IPSEC_FILTERTUNNEL
device  cryptodev
device  crypto
options HZ=1000
device  carp
device  netmap
###

/etc/rc.conf as follow:
###
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.conf"
firewall_quiet="YES"
firewall_logging_enable=“YES"
###

/etc/ipfw.conf
###
add 65535 pass ip from any to any
###

with command ipfw show , 
###
65535369224   135934287 allow ip from any to any
###

I have downloaded
https://github.com/luigirizzo/netmap/archive/master.zip 

https://github.com/luigirizzo/netmap-ipfw/archive/next.zip 


and compiled with the command

make NETMAP_INC=/root/netmap-master/src

after getting kipfw , and try the command ,
./kipfw netmap:ix0 netmap:ix1

all connection lost with ix0 ( I just ping the connecting IP address )

ifconfig ix0

ix0: flags=8843 metric 0 mtu 1500

options=8407bb
ether 00:1b:21:ba:89:50
inet 10.0.85.2 netmask 0xfffc broadcast 10.0.85.3 
nd6 options=29
media: Ethernet autoselect (10Gbase-SR )
status: active

I think I must misunderstand something , could anyone send me advise?
Or any documents could help to build a NETMAP IPFW firewall box ?

Thanks all for kindly helping hands.

ArchyCho
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: pf+TSO patch

2015-10-09 Thread Kristof Provost 
A quick update:
Sean Bruno tested the patch and found a problem with rdr rules.
I've managed to reproduce and fix that. The current version on
https://reviews.freebsd.org/D3779 has the fix.

I believe that version to be working correctly (to the point that I
trust it with my own e-mail), but I'd appreciate further testing and/or
review.

Regards,
Kristof

On 2015-10-02 12:08:05 (+0200), Kristof Provost  wrote:
> Hi,
> 
> I've found a little time to look at the pf TSO issue (which made pf
> unusable on Xen VMs, like Amazon EC2).
> 
> I've posted the patch here:
> https://reviews.freebsd.org/D3779
> 
> It still needs a bit more testing, but so far it looks good.
> 
> I'd be very grateful for any brave souls who want to give this a try.
> 
> This work was very kindly sponsored by RootBSD (rootbsd.net).
> 
> Regards,
> Kristof
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"