search for: netgraph

I would like to request that some useful work on networking be MFCed from -CURRENT to -STABLE in time for the release of FreeBSD 6.3. In particular, I'd like to see some of the Netgraph nodes which are new or which have seen extensive development brought in -- ng_nat and ng_car in particular. Bringing in the latest version of ng_nat would allow more flexible in-kernel NAT, while ng_car (which doesn't seem to be in 6-STABLE at all) would allow burstable traffic shaping -- somet...

Hi, FreeBSD has netgraph - graph based kernel networking subsystem which work with nodes and hooks. With netgraph is posible to make Layer 3 switch and more. E.g. In some node I capture raw datagram packet and encapsulate it in udp packet and send to next hook. So I can bridge any packet over routed network. Is something s...

...d message from John <strgout@mail.unixjunkie.com> ----- Date: Mon, 15 Dec 2003 17:58:15 -0600 From: John <strgout@mail.unixjunkie.com> To: freebsd-stable@freebsd.org Subject: interface bonding User-Agent: Mutt/1.4i Is there any way to bond sniffer interfaces? I've read a little on netgraph and it seems like i maybe able to use that but i'm not sure how to go about that. Basicly the end result is to have snort listen on a virtual interface, which will have data sent to it from say fxp0 and fxp1. I also want to make sure that data from fxp0, fxp1 or $VIRTUAL doesn't get sen...

...e performe such large scale tinc-vpn tests.. There are platforms like Imunes or CORE to do generic Ethernet and IP testing and routing, but I found that at least on Imunes it is problematic to start TAP iface on vimage on FreeBSD (at least 4.11 with I use). To fix that, I think about coding in BSD NetGraph support to tinc. But first I need to do testing if actualy netgraph nodes ng_iface can be easly maintained within vimage. Additionaly, ng_iface does not support Ethernet, so Im stuck with IP. Regards, Borg

...t socket. Another option nowadays is to use network namespaces to containerize just the network part of each tinc instance. You can then run any networking tools in those namespaces as well, without having to result to network {si,e}mulator frameworks. > To fix that, I think about coding in BSD NetGraph support > to tinc. But first I need to do testing if actualy netgraph > nodes ng_iface can be easly maintained within vimage. > Additionaly, ng_iface does not support Ethernet, so Im stuck > with IP. Isn't there ng_ether? Anyway, if you want to do this, have a look at src/dummy_dev...

...et my degree. I need to know about SSH (specially, SSH 2.0 protocol) so I've been studing deeply openssh-3.5 source code, because it could help me a lot to develop my work. I'm going to crypt communications between a close machine group within a bigger network. The task takes place over a Netgraph architecture at FreeBSD (between network interfaces and devices drivers). It means that I develop at link layer although I crypt over network layer. The main problem I have is I find difficult to understand the source code so I would thank any help you may give me. I need to know speciall...

...an just set BER=1 to kill links and see how things happen etc.. Nice spot about ng_eiface indeed. I'll check it out.. As for using one machine, I dont really understand how I could achieve this.. yeah, namespacing is an option.. never used it tho :) I will probably then go with implementing netgraph. Should not be too hard using BSD tap as template. ---------- Original message ---------- From: Guus Sliepen <guus at tinc-vpn.org> To: tinc-devel at tinc-vpn.org Subject: Re: Large scale tinc tests Date: Wed, 23 Sep 2015 15:47:00 +0200 Message-ID: <20150923134700.GJ17506 at sliepen.org&...

...s a fix for a serious bug in the OHCI code that was present for a very long time in FreeBSD and NetBSD: The attach/detach routines have a bug that makes the usbd hang in the kernel (unkillable). Also some minor fixes are included, ported from NetBSD 1.6.1. http://www.clabsms.de/FreeBSD/patch.sys.netgraph.ng_ksocket.c This patch makes the connect() function of ng_ksocket work. http://www.clabsms.de/FreeBSD/patch.contrib.libobjc.objc.hash.h http://www.clabsms.de/FreeBSD/patch.contrib.libobjc.objc.thr.h Patches for the ObjC include headers that are required, if you use GCC with all warnings turned on...

...net if.c if_atmsubr.c if_fwsubr.c if_gif.c > if_gif.h if_gre.c if_gre.h > if_iso88025subr.c if_stf.c if_var.h > route.c route.h rtsock.c > sys/netatalk at_extern.h at_proto.c > sys/netgraph/netflow netflow.c > sys/netinet if_atm.c if_ether.c in_gif.c in_mcast.c > in_pcb.c in_pcb.h in_rmx.c in_var.h > ip_fastfwd.c ip_fw.h ip_fw2.c ip_icmp.c > ip_input.c ip_mroute.c ip_mroute.h >...

...ion of WAN covering some cities with use of routers on a basis of FreeBSD, Cisco, Allied Telesyn, D-Link. Configuration of dynamic routing protocols OSPF and RIP (FreeBSD's routed/zebra). Use of policy routing (Cisco, FreeBSD's ipfw fwd) and GRE tunnels (Cisco, FreeBSD's netgraph) in special cases. LANs security by stat?full/stateless firewalls (Cisco access lists, FreeBSD's ipfw) and configuration of NAT/PAT if necessary. Configuration of ip accounting at key points of network (Cisco, FreeBSD's netgraph based ip accounting) and importing it to t...

...e the default threading package in FreeBSD. Many other projects are in the works to improve performance, enhance the user experience, and expand FreeBSD into new areas. Take a look below at the impressive summary of work! Scott Long, Robert Watson * Bluetooth stack for FreeBSD (Netgraph implementation) * ACPI Status Report * AMD64 Porting * ATAPI/CAM Status Report * Binary security updates for FreeBSD * bsd.java.mk version 2.0 * Compile FreeBSD with Intels C compiler (icc) * Cryptographic Support * Device_t locking * Disk I/O * Dy...

I upgraded a week ago from 4.6-STABLE to 4.8-STABLE, and subsequently my mpd-based VPN ceased to function, giving me all kinds of "protocol rejected" messages. I haven't seen any such reports lately on this list or questions about it on freebsd-questions, so I'm wondering what it's related to. I can provide more details on request, but I first wanted to see if anyone knows

--- Darren Reed <avalon@caligula.anu.edu.au> wrote: > I'm curious, can you use netgraph, like this or > similar, to make > sf2/sf3 redundant interfaces on the same LAN ? > (Load balancing > traffic in/out of an NFS server, say.) > > Darren Hi Darren, I think that's the real purpose behind ng_one2many: http://www.freebsd.org/cgi/man.cgi?query=ng_one2many&amp...

Hi, looking at the messages i see errors with ntp everytime i reboot my server: shiva2# tail /var/log/messages Apr 5 15:32:46 shiva2 kernel: Trying to mount root from ufs:/dev/da0s1a Apr 5 15:32:46 shiva2 ntpd[385]: ntpd 4.2.0-a Tue Mar 14 04:43:54 UTC 2006 (1) Apr 5 15:32:46 shiva2 ntpd[385]: bind() fd 6, family 28, port 123, addr fe80:1::20b:cdff:fe42:3d63, in6_is_addr_multicast=0 flags=0

...25 13:46:46 <daemon.info> cap mpd: [pptp0] ppp node is "mpd142-pptp0" Jun 25 13:46:46 <daemon.info> cap mpd: mpd: local IP address for PPTP is x.x.0.222 Jun 25 13:46:46 <daemon.info> cap mpd: [pptp0] using interface ng0 And as I would expect, ifconfig now shows the new netgraph interface, there are no changes to the routing table. ng0: flags=8890<POINTOPOINT,NOARP,SIMPLEX,MULTICAST> mtu 1500 I then connect my client, after all the authentication goes by without error, it leaves with: Jun 25 13:48:47 <daemon.info> cap mpd: [pptp0] IPCP: LayerUp Jun 25 13:48:...

...tu 16384 inet 127.0.0.1 netmask 0xff000000 freebsd:/home/gmarco> kldstat Id Refs Address Size Name 1 9 0xc0100000 1ab5ac kernel 3 2 0xc0f45000 e000 miibus.ko 4 1 0xc0f3a000 a000 if_ed.ko 5 1 0xc0f61000 4000 if_tun.ko 6 4 0xc0f66000 9000 netgraph.ko 7 1 0xc0f74000 3000 ng_ether.ko 8 1 0xc0f79000 5000 ng_pppoe.ko 9 1 0xc0f7f000 3000 ng_socket.ko 10 1 0xc0fe7000 3000 daemon_saver.ko in the kernel config file I have: device miibus # MII bus support device ed options IPFIRE...

Scenario: FreeBSD box running IPFW acting as a gateway to private network. The private network is made up of entirely routeable IP addresses. External users running Win2k and XP on DSL connections with dynamic IPs. Goal: To have the FreeBSD gateway securely authenticate and encrypt the traffic between the outside users and the internal network. I've spent the last 3 days running up and

hi i have a problem with my icmp, i have a router that performs nat. i cannot ping to internet hosts from more than one stations situated behind NAT at once. if i want to ping from another station i have to stop the ping that was initiated from the first host, and after a few seconds i can ping from another station.i've checked firewll and i have no ipfw rules that could stop icmp traffic.

...y # Pseudo-ttys (telnet etc) pseudo-device md # Memory "disks" pseudo-device gif # IPv6 and IPv4 tunneling pseudo-device faith 1 # IPv6-to-IPv4 relaying (translation) pseudo-device bpf #Berkeley packet filter options NETGRAPH #netgraph(4) system options NETGRAPH_ASYNC options NETGRAPH_BPF options NETGRAPH_CISCO options NETGRAPH_ECHO options NETGRAPH_ETHER options NETGRAPH_FRAME_RELAY options NETGRAPH_HOLE options NETGRAPH_IFACE options...

...Random Early Detection options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler options ALTQ_PRIQ # Priority Queueing options ALTQ_NOPCC # Required for SMP build device ichwd device sk device netgraph options NETGRAPH_SOCKET options NETGRAPH_ETHER options NETGRAPH_PPPOE options NETGRAPH_DEFLATE device cpufreq altq in pf.conf (these are the lines i've commented out - removed ALTQ -, and the reboots had gone away) : #altq on $if_ppp hfsc bandwidth 512...