Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Julian Elischer
On 2/12/2015 12:27 AM, el...@sentor.se wrote: On Tue, 1 Dec 2015, Mark Felder wrote: On Tue, Dec 1, 2015, at 02:02, wishmaster wrote: Hi, Mark. I'm hoping someone can explain what happened here and this isn't a bug, but if it is a bug I'll gladly open a PR. I noticed in my ipfw logs th

RE: mbuf statistics

2015-12-01 Thread Hongjiang Zhang
I can observe the same phenomena on FreeBSD 10.2: current+cache==total==USED+FREE. There must be some relationship between them. $ netstat -mb|grep "mbuf clusters" 0/766/766/126146 mbuf clusters in use (current/cache/total/max) $ vmstat -z|egrep "mbuf_cluster|ITEM"|column -t ITEM SIZE

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Mark Felder
On Tue, Dec 1, 2015, at 12:08, Gary Palmer wrote: > > Have you looked at the ipfw state tables to see if a state is recorded? > > ipfw -d list > > I think > Yes, and I can see the state especially for IPv6. I think I have solved this mystery. There was a problem, and I solved it, but then w

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Gary Palmer
On Tue, Dec 01, 2015 at 12:00:47PM -0600, Mark Felder wrote: > > > On Tue, Dec 1, 2015, at 09:16, wishmaster wrote: > > > > --- Original message --- > > From: "Mark Felder" > > Date: 1 December 2015, 17:05:35 > > > > > > > > > > > > > On Tue, Dec 1, 2015, at 02:02, wishmaster wrote: >

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Mark Felder
On Tue, Dec 1, 2015, at 09:16, wishmaster wrote: > > --- Original message --- > From: "Mark Felder" > Date: 1 December 2015, 17:05:35 > > > > > > > > On Tue, Dec 1, 2015, at 02:02, wishmaster wrote: > > > > > > Hi, Mark. > > > > > > > > > > I'm hoping someone can explain what happe

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread elof2
On Tue, 1 Dec 2015, Mark Felder wrote: On Tue, Dec 1, 2015, at 10:50, el...@sentor.se wrote: Not that this helps this thread to move on, but just to clarify: In this case, the NAT that would introduce the randomized src port would be *your* NAT, not a NAT at pool.ntp.org. Deny UDP [2604:a

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Mark Felder
On Tue, Dec 1, 2015, at 10:50, el...@sentor.se wrote: > > Not that this helps this thread to move on, but just to clarify: > > In this case, the NAT that would introduce the randomized src port would > be *your* NAT, not a NAT at pool.ntp.org. > > > Deny UDP [2604:a880:800:10::bc:c004]:123 [

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread elof2
On Tue, 1 Dec 2015, Mark Felder wrote: On Tue, Dec 1, 2015, at 09:53, el...@sentor.se wrote: On Tue, 1 Dec 2015, Matthew Seaman wrote: On 2015/12/01 15:05, Mark Felder wrote: Notice how almost all of them are port 123 on both sides, but a few of them are not. Why? The RFC says that NTP is

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Mark Felder
On Tue, Dec 1, 2015, at 10:27, el...@sentor.se wrote: > On Tue, 1 Dec 2015, Mark Felder wrote: > > > > > > > On Tue, Dec 1, 2015, at 02:02, wishmaster wrote: > >> > >> Hi, Mark. > >> > >> > >>> I'm hoping someone can explain what happened here and this isn't a bug, > >>> but if it is a bug I'll

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread elof2
On Tue, 1 Dec 2015, Mark Felder wrote: On Tue, Dec 1, 2015, at 02:02, wishmaster wrote: Hi, Mark. I'm hoping someone can explain what happened here and this isn't a bug, but if it is a bug I'll gladly open a PR. I noticed in my ipfw logs that I was getting a log of "DENY" entries for an

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Mark Felder
On Tue, Dec 1, 2015, at 09:53, el...@sentor.se wrote: > > On Tue, 1 Dec 2015, Matthew Seaman wrote: > > > On 2015/12/01 15:05, Mark Felder wrote: > >> Notice how almost all of them are port 123 on both sides, but a few of > >> them are not. Why? The RFC says that NTP is supposed to be using por

mbuf statistics

2015-12-01 Thread Hooman Fazaeli
Hi, On an idle freebsd 9.3 system: vmstat -z | egrep "mbuf_cluster|ITEM" | column -t ITEM SIZE LIMIT USED FREE REQFAIL SLEEP mbuf_cluster: 2048, 10284, 1152, 56, 4237, 0,0 netstat -mb | grep "mbuf clusters in use" 512/696/1208/10284 mbuf clusters in use (cu

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread elof2
On Tue, 1 Dec 2015, Matthew Seaman wrote: On 2015/12/01 15:05, Mark Felder wrote: Notice how almost all of them are port 123 on both sides, but a few of them are not. Why? The RFC says that NTP is supposed to be using port 123 as both the source and destination port, but I clearly have somethi

Re[2]: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread wishmaster
--- Original message --- From: "Mark Felder" Date: 1 December 2015, 17:05:35 > > > On Tue, Dec 1, 2015, at 02:02, wishmaster wrote: > > > > Hi, Mark. > > > > > > > I'm hoping someone can explain what happened here and this isn't a bug, > > > but if it is a bug I'll gladly open a PR.

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Matthew Seaman
On 2015/12/01 15:05, Mark Felder wrote: > Notice how almost all of them are port 123 on both sides, but a few of > them are not. Why? The RFC says that NTP is supposed to be using port > 123 as both the source and destination port, but I clearly have > something happening on port 16205. Is somethin

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread Mark Felder
On Tue, Dec 1, 2015, at 02:02, wishmaster wrote: > > Hi, Mark. > > > > I'm hoping someone can explain what happened here and this isn't a bug, > > but if it is a bug I'll gladly open a PR. > > > > I noticed in my ipfw logs that I was getting a log of "DENY" entries for > > an NTP server > >

Re: ngrep/ixgbe bpf bug

2015-12-01 Thread el...@sentor.se
Yes, 100% of the traffic is vlan-tagged, but I get the same results with: ngrep -d ix1 "q" vlan no matches If I invert the test to show all packets that do not contain "foobar", it still matches 0 packets: ngrep -d ix1 -v "foobar" ix1: no IPv4 address assigned: Can't assign requested addre

Re: Outgoing packets being sent via wrong interface

2015-12-01 Thread Daniel Bilik
On Tue, 1 Dec 2015 18:24:18 +0800 Julian Elischer wrote: > if you reload pf it has no effect? > pf is the part of the picture I have no experience with so I'm > naturally suspicious of it. > have you tried a simple ipfw nat instead? just as a sanity check? Well, I have zero experience with ipf

Re: Outgoing packets being sent via wrong interface

2015-12-01 Thread Julian Elischer
On 1/12/2015 4:03 PM, Daniel Bilik wrote: On Mon, 30 Nov 2015 23:47:18 +0800 Julian Elischer wrote: ok next time try netstat -raAnW before and after Attached ("Internet6" part removed to reduce noise). maybe we can spot at difference. According to diff(1), entries differ only by "Use" colu

[Bug 203175] Daily kernel crashes in tcp_twclose on 10.2-p2 using VIMAGE

2015-12-01 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203175 Kubilay Kocak changed: What|Removed |Added See Also||https://bugs.freebsd.org/bu

[Bug 193724] [panic] [tcp] in tcp_discardcb (/usr/src/sys/netinet/tcp_subr.c:929)

2015-12-01 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193724 Kubilay Kocak changed: What|Removed |Added See Also||https://bugs.freebsd.org/bu

[Bug 193724] [panic] [tcp] in tcp_discardcb (/usr/src/sys/netinet/tcp_subr.c:929)

2015-12-01 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193724 --- Comment #3 from Palle Girgensohn --- (In reply to Hiren Panchasara from comment #2) It is not entirely clear to me that this is the same problem, but it might well be, and if so, it could be marked as a duplicate of PR 203175 -- You

[Bug 193724] [panic] [tcp] in tcp_discardcb (/usr/src/sys/netinet/tcp_subr.c:929)

2015-12-01 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193724 Kubilay Kocak changed: What|Removed |Added Keywords||crash -- You are receiving this m

Re: vimage and jail networking

2015-12-01 Thread Julian Elischer
On 1/12/2015 3:49 PM, Ben Woods wrote: On 1 December 2015 at 06:48, Nathan Aherne > wrote interestingly this is the first time I see this email. I think something blocked he original for me. Thank you for helping me to understand vimage better Julian! I have r

[Bug 174535] [tcp] TCP fast retransmit feature works strange

2015-12-01 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=174535 Hiren Panchasara changed: What|Removed |Added CC||hi...@freebsd.org --- Comment #

[Bug 193724] [panic] [tcp] in tcp_discardcb (/usr/src/sys/netinet/tcp_subr.c:929)

2015-12-01 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193724 Hiren Panchasara changed: What|Removed |Added CC||hi...@freebsd.org --- Comment #

Re[2]: vimage and jail networking

2015-12-01 Thread wishmaster
Hi, Nathan. > Thank you for helping me to understand vimage better Julian! I have read all > three links you posted a number of times. > > I use iocage for jail management and it uses epair. From your comments it > seems you recommend netgraph? I thing epair is more easy than netgraph for

Re: IPFW blocked my IPv6 NTP traffic

2015-12-01 Thread wishmaster
Hi, Mark. > I'm hoping someone can explain what happened here and this isn't a bug, > but if it is a bug I'll gladly open a PR. > > I noticed in my ipfw logs that I was getting a log of "DENY" entries for > an NTP server > > Nov 30 13:35:16 gw kernel: ipfw: 4540 Deny UDP > [2604:a880:800:10::

Re: Outgoing packets being sent via wrong interface

2015-12-01 Thread Daniel Bilik
On Mon, 30 Nov 2015 23:47:18 +0800 Julian Elischer wrote: > ok next time try > netstat -raAnW before and after Attached ("Internet6" part removed to reduce noise). > maybe we can spot at difference. According to diff(1), entries differ only by "Use" column between .pre and .during. The .post o