Discussion of technical issues relating to NetBSD's networking subsystem

John Klos | 1 Jun 2008 23:41

Can't use gif in -current

Hi,

Does anyone know what's changed which might've broken gif in -current? 
After switching from NetBSD-4 to current, I get this:

ifconfig gif0 inet6 2610:1f8::1:10:d86 2610:1f8::1:10:d85 prefixlen 128
ifconfig: SIOCAIFADDR_IN6: Invalid argument

My /etc/ifconfig.gif0 looks like this:

create
tunnel 192.80.49.1 209.212.68.38
inet6 2610:1f8::1:10:d86 2610:1f8::1:10:d85 prefixlen 128

But it configures to this:

gif0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1280
         tunnel inet 192.80.49.1 --> 209.212.68.38

...and now all of my IPv6 is gone... Any ideas?

John Klos

Jeremy C. Reed | 4 Jun 2008 01:31

USB and RNDIS?

I have a AT&T Tilt phone (aka HTC TyTN II) device that is recognized as

ugen1 at uhub1 port 1
ugen1: HTC Generic RNDIS, rev 2.00/0.00, addr 3

And with usbdevs -v

addr 1: full speed, self powered, config 1, OHCI root hub(0x0000), ATI 
Technologie(0x1002), rev 1.00
 port 1 addr 3: full speed, self powered, config 1, Generic RNDIS(0x0b0b), 
HTC(0x0bb4), rev 0.00, serial 3fbf5000-7351-0801-3543-840138922290

It can be used for sharing network.

http://www.microsoft.com/whdc/device/network/ndis/rmndis.mspx

Any ideas on how to have an rndis network device?

Is this related to cdce(4)?

(I wonder if OpenBSD's cdce(4) has code to be pulled into NetBSD's.)

Petar Bogdanovic | 4 Jun 2008 15:03

ipfilter, return-icmp and RFC1122

Hi,

I recently noticed that ipfilter with `block return-icmp' is returning
ICMP Type 3 Code 0 (Network unreachable) to the sender of a blocked
broadcast:

	130.3.3.3 ---------[UDP <at> 130.3.3.255]--------> 130.3.3.4
	130.3.3.3 <----[ICMP Network unreachable]---- 130.3.3.4

This seems wrong, considering RFC1122, page 39:

         An ICMP error message MUST NOT be sent as the result of
         receiving:

         *    an ICMP error message, or

         *    a datagram destined to an IP broadcast or IP multicast
              address, or

         *    a datagram sent as a link-layer broadcast, or

         *    a non-initial fragment, or

         *    a datagram whose source address does not define a single
              host -- e.g., a zero address, a loopback address, a
              broadcast address, a multicast address, or a Class E
              address.

Is this desired behaviour?

(Continue reading)

Petar Bogdanovic | 4 Jun 2008 16:46

Re: ipfilter, return-icmp and RFC1122

On Wed, Jun 04, 2008 at 03:03:06PM +0200, Petar Bogdanovic wrote:
> Hi,
> 
> I recently noticed that ipfilter with `block return-icmp' is returning
> ICMP Type 3 Code 0 (Network unreachable) to the sender of a blocked
> broadcast:
> 
> 	130.3.3.3 ---------[UDP <at> 130.3.3.255]--------> 130.3.3.4
> 	130.3.3.3 <----[ICMP Network unreachable]---- 130.3.3.4
> 
> 
> This seems wrong, considering RFC1122, page 39:
> 
>          An ICMP error message MUST NOT be sent as the result of
>          receiving:
> 
>          *    an ICMP error message, or
> 
>          *    a datagram destined to an IP broadcast or IP multicast
>               address, or
> 
>          *    a datagram sent as a link-layer broadcast, or
> 
>          *    a non-initial fragment, or
> 
>          *    a datagram whose source address does not define a single
>               host -- e.g., a zero address, a loopback address, a
>               broadcast address, a multicast address, or a Class E
>               address.
>

(Continue reading)

der Mouse | 4 Jun 2008 17:16

Picon

Re: ipfilter, return-icmp and RFC1122

>> I recently noticed that ipfilter with `block return-icmp' is
>> returning ICMP Type 3 Code 0 (Network unreachable) to the sender of
>> a blocked broadcast:

>> 	130.3.3.3 ---------[UDP <at> 130.3.3.255]--------> 130.3.3.4
>> 	130.3.3.3 <----[ICMP Network unreachable]---- 130.3.3.4

>> This seems wrong, considering RFC1122, page 39:

>>          An ICMP error message MUST NOT be sent as the result of
>>          receiving:
[...]
>>          *    a datagram destined to an IP broadcast or IP multicast
>>               address, [...]

> 	+block return-icmp in proto udp

I would say that the resulting behaviour is, strictly, wrong, but that
it's not ipf's fault: it's doing exactly what you told it to do.

I do not see any reason why ipf - or most other pieces of software, for
that matter - have to make it impossible, or even difficult, to violate
standards.  Just as I don't expect to be prevented from deleting the
postmaster alias in my mailer, or running 127.0.5.0/24 as an "ordinary"
Ethernet if I try, I don't expect ipf to impose all the Host
Requirements on me.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse <at> rodents.montreal.qc.ca

(Continue reading)

Steven M. Bellovin | 5 Jun 2008 03:22

Re: ipfilter, return-icmp and RFC1122

On Wed, 4 Jun 2008 15:03:06 +0200
Petar Bogdanovic <petar <at> smokva.net> wrote:

> Hi,
> 
> I recently noticed that ipfilter with `block return-icmp' is returning
> ICMP Type 3 Code 0 (Network unreachable) to the sender of a blocked
> broadcast:
> 
> 	130.3.3.3 ---------[UDP <at> 130.3.3.255]--------> 130.3.3.4
> 	130.3.3.3 <----[ICMP Network unreachable]---- 130.3.3.4
> 
> 
> This seems wrong, considering RFC1122, page 39:
> 
>          An ICMP error message MUST NOT be sent as the result of
>          receiving:
> 
>          *    an ICMP error message, or
> 
>          *    a datagram destined to an IP broadcast or IP multicast
>               address, or
> 
>          *    a datagram sent as a link-layer broadcast, or
> 
>          *    a non-initial fragment, or
> 
>          *    a datagram whose source address does not define a single
>               host -- e.g., a zero address, a loopback address, a
>               broadcast address, a multicast address, or a Class E

(Continue reading)

John Nemeth | 5 Jun 2008 10:34

Picon

Re: ipfilter, return-icmp and RFC1122

On Oct 25,  3:57pm, "Steven M. Bellovin" wrote:
} On Wed, 4 Jun 2008 15:03:06 +0200
} Petar Bogdanovic <petar <at> smokva.net> wrote:
} 
} > I recently noticed that ipfilter with `block return-icmp' is returning
} > ICMP Type 3 Code 0 (Network unreachable) to the sender of a blocked
} > broadcast:
} > 
} > 	130.3.3.3 ---------[UDP <at> 130.3.3.255]--------> 130.3.3.4
} > 	130.3.3.3 <----[ICMP Network unreachable]---- 130.3.3.4
} > 
} > 
} > This seems wrong, considering RFC1122, page 39:
} > 
} >          An ICMP error message MUST NOT be sent as the result of
} >          receiving:
} > 
} >          *    an ICMP error message, or
} > 
} >          *    a datagram destined to an IP broadcast or IP multicast
} >               address, or
} > 
} >          *    a datagram sent as a link-layer broadcast, or
} > 
} >          *    a non-initial fragment, or
} > 
} >          *    a datagram whose source address does not define a single
} >               host -- e.g., a zero address, a loopback address, a
} >               broadcast address, a multicast address, or a Class E
} >               address.

(Continue reading)

Petar Bogdanovic | 5 Jun 2008 14:08

Re: ipfilter, return-icmp and RFC1122

On Thu, Jun 05, 2008 at 01:34:26AM -0700, John Nemeth wrote:
> On Oct 25,  3:57pm, "Steven M. Bellovin" wrote:
> } On Wed, 4 Jun 2008 15:03:06 +0200
> } Petar Bogdanovic <petar <at> smokva.net> wrote:
> } 
> } > I recently noticed that ipfilter with `block return-icmp' is returning
> } > ICMP Type 3 Code 0 (Network unreachable) to the sender of a blocked
> } > broadcast:
> } > 
> } > 	130.3.3.3 ---------[UDP <at> 130.3.3.255]--------> 130.3.3.4
> } > 	130.3.3.3 <----[ICMP Network unreachable]---- 130.3.3.4
> } > 
> } > 
> } > This seems wrong, considering RFC1122, page 39:
> } > 
> } >          An ICMP error message MUST NOT be sent as the result of
> } >          receiving:
> } > 
> } >          *    an ICMP error message, or
> } > 
> } >          *    a datagram destined to an IP broadcast or IP multicast
> } >               address, or
> } > 
> } >          *    a datagram sent as a link-layer broadcast, or
> } > 
> } >          *    a non-initial fragment, or
> } > 
> } >          *    a datagram whose source address does not define a single
> } >               host -- e.g., a zero address, a loopback address, a
> } >               broadcast address, a multicast address, or a Class E

(Continue reading)

Jim Wise | 5 Jun 2008 15:33

Re: ipfilter, return-icmp and RFC1122

On Wed, 4 Jun 2008, Petar Bogdanovic wrote:

>Hi,
>
>I recently noticed that ipfilter with `block return-icmp' is returning
>ICMP Type 3 Code 0 (Network unreachable) to the sender of a blocked
>broadcast:
>
>	130.3.3.3 ---------[UDP <at> 130.3.3.255]--------> 130.3.3.4
>	130.3.3.3 <----[ICMP Network unreachable]---- 130.3.3.4
>
>
>This seems wrong, considering RFC1122, page 39:

Note that IPF makes the return ICMP code configurable.  Try:

	block return-icmp-as-dest(port-unr) 

As noted down-thread, the default return value is perfectly appropriate 
for a router, but less so for an end host.

By the way, I think it's a bad idea to configure IPF to return 
'administratively prohibited' for blocked ports -- doing so allows a 
remote host to easily differentiate between blocked ports and open ports 
on which no daemon is currently running.

--

-- 
				Jim Wise
				jwise <at> draga.com

(Continue reading)

Petar Bogdanovic | 5 Jun 2008 15:41

Re: ipfilter, return-icmp and RFC1122

On Thu, Jun 05, 2008 at 09:33:05AM -0400, Jim Wise wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 4 Jun 2008, Petar Bogdanovic wrote:
> 
> >Hi,
> >
> >I recently noticed that ipfilter with `block return-icmp' is returning
> >ICMP Type 3 Code 0 (Network unreachable) to the sender of a blocked
> >broadcast:
> >
> >	130.3.3.3 ---------[UDP <at> 130.3.3.255]--------> 130.3.3.4
> >	130.3.3.3 <----[ICMP Network unreachable]---- 130.3.3.4
> >
> >
> >This seems wrong, considering RFC1122, page 39:
> 
> Note that IPF makes the return ICMP code configurable.  Try:
> 
> 	block return-icmp-as-dest(port-unr) 
> 
> As noted down-thread, the default return value is perfectly appropriate 
> for a router, but less so for an end host.

I don't think that changing the return code would make ipfilter stop
responding to broadcasts. Or did you mean something else?

Petar

(Continue reading)

Group

gmane.os.netbsd.devel.network.

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7

Articles in period: 68

June 2008

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

PATCH to only announce RTM_NEWADDR once IPv6 DAD completes (15 May 2013)
net.inet6.ip6.v6only (18 Apr 2013)
Seeking opinion on where networking-related user space code should go (17 Apr 2013)
Bug in FAST_IPSEC (4 Apr 2013)
Patch to implement SIOCGIFINDEX (2 Apr 2013)
Increase tcp initial window (29 Mar 2013)
RFC 3390 in netbsd (29 Mar 2013)
tcp_minmss (27 Mar 2013)
mapping ICMP codes to Unix errno code numbers (25 Mar 2013)
network locking strategy questions (12 Mar 2013)
locking errors in IPF in netbsd-6 (10 Mar 2013)
altq and multi-core processing (1 Mar 2013)
ipv6 IPSEC TCP ISSUE (1 Mar 2013)
Mini pci-e wlan adapters supporting hostap? (1 Mar 2013)
ipv6 IPSEC TCP ISSUE (27 Feb 2013)
download rate to slow tith 1000BaseT (27 Feb 2013)
download rate to slow tith 1000BaseT (26 Feb 2013)
download rate to slow tith 1000BaseT (26 Feb 2013)
2nd stab at ptree documentation (20 Feb 2013)
1st stab at ptree documentation (19 Feb 2013)
Driver for Marvell sdio sd8686 chipset (18 Feb 2013)

Archives

9	May 2013
44	April 2013
38	March 2013
89	February 2013
47	January 2013
22	December 2012
54	November 2012
31	October 2012
31	September 2012
26	August 2012
62	July 2012
122	June 2012
66	May 2012
69	April 2012
69	March 2012
44	February 2012
26	January 2012
27	December 2011
141	November 2011
78	October 2011
39	September 2011
36	August 2011
12	July 2011
45	June 2011
62	May 2011
40	April 2011
73	March 2011
34	February 2011
56	January 2011
24	December 2010
32	November 2010
31	October 2010
10	September 2010
40	August 2010
18	July 2010
85	June 2010
44	May 2010
62	April 2010
79	March 2010
48	February 2010
33	January 2010
62	December 2009
35	November 2009
27	October 2009
36	September 2009
97	August 2009
90	July 2009
94	June 2009
86	May 2009
85	April 2009
99	March 2009
88	February 2009
49	January 2009
60	December 2008
23	November 2008
38	October 2008
91	September 2008
75	August 2008
55	July 2008
66	June 2008
45	May 2008
170	April 2008
78	March 2008
46	February 2008
204	January 2008
65	December 2007
82	November 2007
80	October 2007
106	September 2007
78	August 2007
124	July 2007
91	June 2007
69	May 2007
76	April 2007
57	March 2007
51	February 2007
140	January 2007
107	December 2006
168	November 2006
167	October 2006
126	September 2006
87	August 2006
101	July 2006
169	June 2006
105	May 2006
178	April 2006
110	March 2006
211	February 2006
143	January 2006
97	December 2005
84	November 2005
105	October 2005
143	September 2005
158	August 2005
191	July 2005
254	June 2005
168	May 2005
241	April 2005
190	March 2005
98	February 2005
194	January 2005
156	December 2004
160	November 2004
176	October 2004
150	September 2004
72	August 2004
93	July 2004
94	June 2004
194	May 2004
159	April 2004
76	March 2004
100	February 2004
100	January 2004
111	December 2003
166	November 2003
120	October 2003
228	September 2003
287	August 2003
131	July 2003
318	June 2003
129	May 2003
119	April 2003
99	March 2003
151	February 2003
160	January 2003
73	December 2002
179	November 2002
107	October 2002
106	September 2002
171	August 2002
116	July 2002
178	June 2002
226	May 2002
124	April 2002
69	March 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template