Picon

ATTENTION: VALIDATE YOUR EMAIL NOW


ATTENTION!!!!

Your Webmail has almost exceeded quota limit,
 Login Below to confirm Webmail activity in our Database and 
authenticate the validity of your Webmail Usage to increase your quota 
to avoid temporal interruption and loss of files in your Webmail system.

Click Here To Validate Login: http://www.mlik.heliohost.org/mailer/WebMail.html

Mail Administrative HELP DESK
WEBMAIL TEAM

Dave Huang | 3 Aug 08:08 2015

How to use TCP window autosizing?

Hi, reading through
https://wiki.netbsd.org/tutorials/tuning_netbsd_for_performance/#index3h2
and http://proj.sunet.se/E2E/tcptune.html , my understanding is that
the net.inet.tcp.recvbuf_auto and net.inet.tcp.sendbuf_auto
enable/disable TCP window autosizing, and that the initial window size
is net.inet.tcp.{recv,send}space and that it'll increase by
net.inet.tcp.{recv,send}buf_inc up to net.inet.tcp.{recv,send}buf_max.
And that kern.sbmax also limits the maximum window size?

If window autosizing is enabled, is it supposed to just work
everywhere automatically, or does each program need to opt-in to it?
Because I'm not seeing anything happening.

I have a 100Mbps internet connection, and need to transfer files from
a server on the other side of the world. Round trip ping times are in
the 250ms range. So, according to the formula on the NetBSD wiki,
buffer size = RTT * bandwidth = 250ms * 100Mbps = 3.125MB.

I'm running NetBSD-alpha/7.0_RC2, with a kernel compiled with
NMBCLUSTERS=16384. The sysctls mentioned in those two webpages about TCP
tuning are set as:

kern.mbuf.nmbclusters = 16384
kern.somaxkva = 16777216
kern.sbmax = 4194304
net.inet.tcp.rfc1323 = 1
net.inet.tcp.recvspace = 32768
net.inet.tcp.sendspace = 32768
net.inet.tcp.recvbuf_auto = 1
net.inet.tcp.recvbuf_inc = 16384
(Continue reading)

Robert Swindells | 31 Jul 17:27 2015
Picon

bridge(4)


Please could someone try the following patch.

The deleted line shouldn't be doing anything useful in normal usage
plus I think it can confuse wireless devices that are members of the
bridge.

Robert Swindells

Index: if_bridge.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_bridge.c,v
retrieving revision 1.100
diff -u -r1.100 if_bridge.c
--- if_bridge.c 23 Jul 2015 10:52:34 -0000      1.100
+++ if_bridge.c 31 Jul 2015 15:23:18 -0000
 <at>  <at>  -1512,7 +1512,6  <at>  <at> 
 #endif /* ALTQ */

        len = m->m_pkthdr.len;
-       m->m_flags |= M_PROTO1;
        mflags = m->m_flags;

        IFQ_ENQUEUE(&dst_ifp->if_snd, m, &pktattr, error);

Edgar Fuß | 24 Jul 14:00 2015
Picon

ipf: interaction of "in" and "out" rules

The fist question is probably stupidly simple if you know the internals.

If I have a (non-quick) ipf rule blocking a packet on the incoming side, 
will a rule on the outgoing side "see" that packet, i.e., is it possible
to over-rule the "block in" decision with a "pass out" rule?

If not (which I would guess to be the case), how do I best handle the following:

I have a gateway machine with (amongst others) an interface in the outside net 
and another in the local DMZ net.

The rules for incoming traffic on the outside interface first block and then 
pass anything to a DMZ address. This is based on the assumption that on the 
servers with an interface in the DMZ, there's another instance of ipf running 
which decides (on the incoming side) whether to block those packets or not.
After that, I need a rule to block the subset of the packets mentioned above 
addressed to the gateway's own interface in the DMZ, because they will not be 
processed by another ipf instance. And finally, I can selectively pass a 
subset of those, i.e. packets from outside to selected ports of the gateway's 
DMZ address.

Now the question is how to handle broad/multicasts to the DMZ net. I may 
want to be able to process a subset of those on another server, where they 
will be blocked and then selectively passed by the local ipf instance. But 
therefore I need to let them pass on the gateway, and then the gateway's own 
DMZ interface will receive them by default (which I don't want).

Dave Huang | 11 Jul 22:03 2015

Any tips for tuning NetBSD for NAT?

Hi, I have a Soekris net5501 (AMD Geode LX 433MHz, VIA VT6105M Rhine
III ethernet) running NetBSD-current from June 2015 and pf as a NAT
box. I just upgraded my internet speed to 100Mbps down/10Mbps up, and
it seems that the net5501 is a bottleneck. When downloading a large
file, I'm getting about 70Mbps, and "systat vm" shows that 99%+ of the
CPU is processing interrupts (and user processes are very sluggish
too).

Is there anything I can tune to reduce the CPU load (switch to npf?
tune sysctls?), or is the hardware just not up to NATting 100Mbps?
--

-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym <at> azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 39 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++

Alice Martens | 29 Jun 12:15 2015

Business Registration 2015/2016

Ladies and Gentlemen.

In order to have your company inserted in the registry of World Businesses
for 2015/2016 edition, please print, complete and submit the attached
form (PDF file) to the following address:

World Business List
P.O. BOX 34
3700 AA, Zeist
The Netherlands

email: register <at> datacontrol-wbl.net
fax: +31 30 310 0125

Updating is free of charge!

If you are not the intended recipient, please submit an email to
remove <at> datacontrol-wbl.net
Your request shall be dealt with accordingly
Attachment (update.pdf): application/octet-stream, 29 KiB
Alain Aubord | 9 Jun 08:27 2015
Picon

NPF or PF

Hi All,                                                                                                                         
     Could you Please indicate me what are the main differences                                                                 
between the both packets filters NPF and PF?                                                                                    

Until now I use regularly (under OpenBSD) PF to create                                                                          
firewalls. What I appreciate particularly with PF is the "overload"
function and the "authpf" shell.                                                                                                

I have not seen any mentions of equivalent functions in NPF.                                                                     

For what reason does one choose NPF instead PF? Is NPF available 
in other system (freebasd, linux)? Is a documentation (beside the man pages)
available describing the use and functionalities of NPF?                                                                  

Any ideas would be greatly appreciated.                                                                                          

Thank for your help,                                                                                                            

Kind regards,                                                                                                                   

rhino64       

Dave Huang | 5 Jun 23:34 2015

A strange TCP timestamp problem?

I wanted to record a video stream (HTTP Live Streaming) with ffmpeg,
but was getting errors like "Failed to open segment of playlist 0" and
"Connection timed out". However, I didn't have any problems watching
the video the regular way through a web browser on Windows (on the
same local network as the NetBSD machine running ffmpeg), so it didn't
seem like it was a network issue.

I tried a few more experiments and found that ffmpeg on Windows worked
fine, as did ffmpeg on Linux (Debian jessie), so it didn't seem like
an ffmpeg issue either (ffmpeg 2.6.3 in the case of NetBSD and Linux,
and on Windows, a git snapshot from 20141205).

This seemed to narrow the issue down to NetBSD. I collected some
tcpdump logs, and the problem seems to be that the remote server
doesn't always respond to NetBSD's TCP SYN packets. It almost seems
like the other end is doing some sort of rate limiting, since the
initial connection generally works (in the case of HTTP Live
Streaming, the one to download the playlist file), and the next one
works most of the time (downloading the first video segment), but the
connection to download the second segment of the video takes 3 SYNs to
get a response. Actually, ffmpeg times out before it connects, since
it expects to be able to download a new video segment every 5 seconds
or so, but I increased the timeout to see what would happen. But if I
wait a few dozen seconds and try again, the connection succeeds
immediately. In any case, it doesn't make sense for the remote end to
rate limit connections so aggressively, since the whole point of HLS
is that the client continually requests small chunks of video--but it
feels like that's what it's doing.

Looking at the tcpdump from Linux and Windows shows that all SYNs are
(Continue reading)

Roy Marples | 5 Jun 17:28 2015

Setting HOPLIMIT via CMSG on IPv6 breakage

Hi List

It seems that someone broke setting HOPLIMIT via CMSG on IPv6 messages 
recently, I would guess in the last week or two as that's when my router 
was last working I think.

This change to rtadvd fixes the issue for rtadvd (and is an improvement 
anyway)
http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/rtadvd/rtadvd.c.diff?r1=1.47&r2=1.48&only_with_tag=MAIN&f=h

But obviously it should not be needed.
Any idea where this should be resolved?

Roy

Andy Ball | 3 Jun 19:50 2015

Re: retrocomputing NetBSD style


Hello Greg,

  GAW> However there were, and are, a lot of us who want(ed)
     > a modern OS to run on our old hardware because we
     > want(ed) to re-purpose that fine old hardware to do
     > something new and exciting with it.

    I don't know about "new and exciting" but I agree that
there are times when I have done something interesting or
unusual on older hardware using NetBSD.  Erasing floppies
and old SCSI disks for example.  I'd also been hanging onto
a Mac Quadra 700 with the thought of using NetBSD/mac68k to
talk to devices on an RS-422 bus.  I recently recycled that
machine though after I realised that an RS-422 card plugged
into an mITX Atom board could do the same job better.

  GAW> I started running NetBSD on Sun-3 and early sparc
     > systems because that's the hardware I had, and it
     > was good an capable hardware.

    My SPARCstations 5 was a nice machine and I was
thankful for the work that people had put into making
NetBSD/sparc work well on it.  Sadly that too has been
recycled.

Regards,
  -Andy Ball

(Continue reading)

Roy Marples | 31 May 17:18 2015

pppoectl(8) with COMPAT_NETBSD32

Hi List

Attached is a patch which should make pppoectl work with COMPAT_NETBSD32 
to make my erlite happy, but it's failing with the PPPOESETPARMS ioctl.
Infact, it doesn't even make it into the kernel as the call bails out 
with a Inappropriate ioctl for device error, but I don't easily see 
what's wrong!

Anyone have a better clue than me?

Thanks

Roy
Attachment (n32-pppoe.diff): text/x-diff, 7963 bytes

Gmane