On 6/13/18 1:28 PM, Andrey V. Elsukov wrote:
On 13.06.2018 23:04, Jeff Kletsky wrote:
The kernel version of libalias uses m_megapullup() function to make
single contiguous buffer. m_megapullup() uses m_get2() function to
allocate mbuf of appropriate size. If size of packet greater than 4k it
On 6/13/18 12:01 PM, Andrey V. Elsukov wrote:
On 13.06.2018 20:16, Jeff Kletsky wrote:
When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC
tunnel to the T-Mobile provisioning servers, the reassembled, 4640-byte
return packet is silently dropped by the in-kernel NAT, e
On 6/13/18 10:22 AM, Michael Sierchio wrote:
On Wed, Jun 13, 2018 at 10:16 AM, Jeff Kletsky wrote:
When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC tunnel
to the T-Mobile provisioning servers, the reassembled, 4640-byte return
packet is silently dropped by the
When a T-Mobile "femto-cell" is trying to establish its IPv4, IPSEC
tunnel to the T-Mobile provisioning servers, the reassembled, 4640-byte
return packet is silently dropped by the in-kernel NAT, even though it
"matches" the outbound packet from less than 100 ms prior.
All other operations of
On 5/3/18 6:35 AM, Julian Elischer wrote:
On 3/5/18 12:08 am, Michael Sierchio wrote:
On Mon, Apr 30, 2018 at 10:48 AM, Jeff Kletsky
wrote:
"not recv any" doesn't seem to be helpful either
$ sudo ipfw add 64000 count ip from any to any out xmit any not
recv
any
From time to time, I rewrite my firewall rules to take advantages of
the ever-improving set of features that ipfw provides. One of the
challenges I have faced in the past was selecting packets that are
generated on the firewall host itself, as opposed to those that it
received through an interf
For several years I've been using netgraph to provide connectivity for
"service hosts" in jails on a "jail server"
Since I'm finally getting the jail server off FreeBSD 9 and solidly onto
11, I've got the chance to rewrite the scripting of how I'm handling
jail connectivity and am hoping that
I'm in the process of trying to debug a deeper question with netgraph,
but am puzzled as to why I can't seem to use tcpdump with ng_tee and
ng_eiface. I don't see any packets with tcpdump on either the ng_eiface
connected to ng_tee left2right or to ng_tee right2left when there are
packets flowing