* Re: via_rhine/qdisc Dead loop on netdevice eth1, fix it urgently!
From: James Bourne @ 2006-04-23 17:04 UTC (permalink / raw)
To: Herbert Xu; +Cc: netdev
In-Reply-To: <20060423113107.GA16193@gondor.apana.org.au>
On Sun, 23 Apr 2006, Herbert Xu wrote:
> On Fri, Apr 14, 2006 at 03:51:15PM +0000, James Bourne wrote:
>>
>> Apr 14 08:32:54 bama kernel: [<c02becbb>] netpoll_send_skb+0xa8/0x100 [<f8c4c174>] write_msg+0x140/0x181 [netconsole]
>
> This is the culprit. Disable that and the problem will go away.
That's done now, but... This has been happening for a while now, and I had
enabled netdump/netconsole to try and troubleshoot the problem if there was
a crash involved (which unfortunately there never has been).
Thanks though, and if/when it happens I'll let you know.
Regards
James
>
> Cheers,
>
--
James Bourne | Email: jbourne@hardrock.org
UNIX Systems Administration | WWW: http://www.hardrock.org
Custom UNIX Programming | Linux: The choice of a GNU generation
----------------------------------------------------------------------
"All you need's an occasional kick in the philosophy." Frank Herbert
^ permalink raw reply
* Your Awaiting Payment ...
From: Revd. Fr.Fredrick Nelson @ 2006-04-23 19:30 UTC (permalink / raw)
To: netdev
OFFICE OF REVD.FR FREDRICK NELSON
DIRECTOR SPECIAL DUTIES, UNITED NATIONS ORGANISATION
IN CONJUNCTION WITH THE INTERNATIONAL MONETARY FUND
WORLD BANK FACT-FINDING & SPECIAL DUTIES OFFICE
DAKAR, SENEGAL.
TEL: + 221 5545692
EMAIL:fr.frednelson@katamail.com
Dear Friend.
I am Revd. Fr.Fredrick Nelson, a senior staff with
the World Bank fact finding & special duties office.
I am writing you this letter based on the fact that
cool penny is better than millions of dollars means
it's better for one to live and die poor honest man
than a rich dishonest one.
I and the Chief security officer (CSO) of this
organization have arranged with an officer in the
computer section Engineer Peter Cliff to bring out
part of your total pending payment with reference
number (LM-05-371) amounting to US$10 million. Why we
did this is because according to information gathered
from the banks security computer, you have been
waiting for a long time to receive this payment
without success. As I found out that you have almost
met all the statutory requirements in respect of your
pending payment. The problem we feel you are having
is that of interest groups. A lot of people are
interested in your payment and those people are
merely doing paper works with you and that explains
why you receive different kinds of untrue email and
phone messages from different people everyday. For
security reasons you do not have to tell anybody that
your have your payment on the way until the payment
gets to you.
The said payment is been arranged in a security-proof
box weighing 75kg. In order to get this box shipped
to you I and the (CSO) Yesterday went to this four
courier companies Dhl, Ems, FedEx and Ups to make
arrangements on how to get the box shipped to you by
courier, but to no avail the above courier companies
all made us to understand that they will have to open
the box for inspection by the customs before
shipment. This is something we want to avoid because
this box is been padded with synthetic nylon and to
open it you will have to cut the pad before you will
meet the button that you will press to open the dial
code-lock. There is no way you can open the box and
be able to close it again because it was padded with
machine. We told the courier services that the box
contained film materials and when open will spoil the
materials. N B: we did not declare money because
courier does not carry money.
Today a friend of mine who is diplomat disclosed to
me that there is a security courier service company
that is specialized in sending diplomatic materials
and information from one country to another, which
also has diplomatic immunity and consignment such as
this, cannot be checked by any customs anywhere in
the world. I have therefore met the official of the
security courier service and concluded shipping
arrangement with them, which they will commence as
soon as I have your go ahead order. The diplomat who
will be bring in this consignment to you is an expert
and has been in this line of work for many years now
so we have Nothing to worry about. After all
arrangements we have concluded that you must donate
Five Hundred Thousand United States dollars
(US$500,000.00) to any charity organization I
designate as soon as you receive your money. To this
effect, you will send to us a promissory note for the
donation along with your address where you will like
the box to be delivered by courier. Please maintain
topmost secrecy as it may cause a lot of problems if
found out that we are using this way to help you. You
are advised not to inform anyone about this until you
received your money. Am helping you on this because
something in me is tells me that you are an honest
person. When you conclude this and you send our
promise, we will help to ship the final part of your
money to you.
May God be with you as i wait for your response
through this Email:fr.frednelson@katamail.com . Feel free to call
me if you will like us to discuses more on this TEL:
+ 221 5545692.
Yours Faithfully
Revd. Fr.Fredrick Nelson
Director, Special Duties. UNO/WBF
^ permalink raw reply
* Re: [Bugme-new] [Bug 6430] New: ipsec tunnel : reply is not forwarded
From: Andrew Morton @ 2006-04-23 19:53 UTC (permalink / raw)
To: bugme-daemon; +Cc: astier.raphael, netdev
In-Reply-To: <200604231526.k3NFQ5dO010175@fire-2.osdl.org>
bugme-daemon@bugzilla.kernel.org wrote:
>
> http://bugzilla.kernel.org/show_bug.cgi?id=6430
>
> Summary: ipsec tunnel : reply is not forwarded
> Kernel Version: 2.6.14.5
> Status: NEW
> Severity: normal
> Owner: shemminger@osdl.org
> Submitter: astier.raphael@free.fr
>
>
> Most recent kernel where this bug did not occur: 2.6.14
> Distribution: debian sarge 3.1
> Hardware Environment:
> Software Environment: isakmpd
> Problem Description:
> The situation is the following :
> hostA -- GW1 <==> GW2 -- hostB, with an ipsec tunnel between GW1 and GW2.
> Encryption : des-cbc, Auth : hmac-md5, and automatic keyring with isakmpd
> on GW1 and GW2.
> The tunnel is correctly mounted, with symmetrical spi on both sides GW1 and GW2.
> (I have verified with setkey)
> When hostA ping hostB, packets are correctly send to hostB, and returns
> to GW1, and are decrypted here, but are not forwarded to hostA.
> (Symmetrically when hostB ping hostA packet returned on GW2 are not
> forwarded to hostB). I have verified with tcpdump.
> I have try exactly the same configuration with standard kernel 2.6.8 from
> sarge distrib. and it works perfectly.
> I also try to echo 0 > /proc/...eth0/rp_filter where eth0 is the interface on
> GW2 "connected" to GW1 but result is the same.
> I have also try replacing GW2 by a Cisco PIX, and I have same result
> on linux (2.6.14.5) GW1.
>
> Steps to reproduce:
> Configure an ipsec tunnel between GW1 and GW2 as described above. I have done
> it with isakmpd, and with standard support of ipsec in kernel, not with
> freeswan.
>
That's quite an old kernel. Are you able to test 2.6.16?
^ permalink raw reply
* Re: [Fireflier-devel] Re: [PATCH][RFC] Security marking
From: Török Edwin @ 2006-04-23 18:57 UTC (permalink / raw)
To: netdev; +Cc: James Morris, Patrick McHardy, fireflier-devel
In-Reply-To: <Pine.LNX.4.64.0604172051510.20174@d.namei>
On Tuesday 18 April 2006 04:01, James Morris wrote:
> On Mon, 17 Apr 2006, edwin@gurde.com wrote:
> > Secmark, or skfilter is exactly what fireflier needs to solve the shared
> > socket issue. Thanks for working on this. If this gets integrated in
> > mainline, fireflier LSM will be dropped.
>
> I think you probably need skfilter as a standalone option.
I'll use skfilter then.
>
> > Is it possible to have an SELinux policy that reinjects the packets if
> > didn't match any rules? I.e. if a program that listens on port 80 doesn't
> > have access to the packet, (because it doesn't have the proper domain,)
> > and the SELinux won't allow the program to read the packet: is it
> > possible to reinject this packet in the netfilter chain, instead of
> > dropping it?
> >
> > This would allow creating rules interactively (fireflier).
>
> This could be done with nfqueue, modular policy and a pretty simple tool.
How do I determine if the policy needs to be changed? I.e. how do I determine
if the packet would be dropped? You say packets are silently dropped, won't
they generate an avc denied at least? (at least the first time?)
Once I determine that, I understand what you are saying:
catch the packet with a nfqueue target, and write a proper "allow my_t
my_packet_t:packet { recv }" to a modular policy .te file, build that as
a .pp, and load it using semodule (or libsemanage).
> > P.S.: Where can I get the full secmark patches, so I can test them to see
> > if they really fit my needs? Do you have an estimate timeline for
> > mainline integration? (in terms of n weeks, m months)
>
> The rest of the secmark related patches don't exist yet, I posted the core
> changes needed, and the others will be SELinux-specific. Mainline
> integration would hopefully be 2.6.18, if it all works out ok.
Sounds good.
>
>
> If you're looking for skfilter:
> http://people.redhat.com/jmorris/selinux/skfilter/
Thanks, I know , I tested them already.
>
> Patrick McHardy has some ideas on resolving some of the skfilter issues.
Patrick what is the status of solving the skfilter issues? Can I help with
testing patches, etc.?
On Monday 20 February 2006 18:42, Patrick McHardy wrote:
> Confirmation of conntrack entries. They shouldn't be confirmed before
> packets have passed the socket hooks. This is the tricky part because
> we don't know if packets will be delivered to a raw socket or not
> when calling the regular LOCAL_IN hook.
> The only way to solve this
> seems to be to use the socket hooks for all incoming packets, that
> way we can defer confirmation unconditionally.
Are there any problems with using socket hooks for all packets?
> The nicest way would
> be to just move the regular LOCAL_IN hook to the socket hooks, but
> this doesn't work with SNAT in LOCAL_IN because the socket lookup
> needs the already NATed address.
Move just the non SNAT part of LOCAL_IN to socket hooks?(does this make
sense?)
As you can see at http://fireflier.isgeeky.com/wiki/Ipt_fireflier_test,
skfilter is working, although my test case was a very simple one.
Could you provide a simple testcase where skfilter is not working right
(conntrack...), so that I can test it too?
I applied only the ipv4 iptables related patches , there were a few failures
due to the move to x_tables, but I think I solved them correctly. So here are
the patch I actually applied:
http://edwintorok.googlepages.com/linux-2.6.16.1-skfilter.patch, let me know
if there is something wrong there.
P.S.: Fireflier will use SELinux for labeling processes (and sockets), and
skfilter to do the actual filtering
Cheers,
Edwin
^ permalink raw reply
* Re: Congestion Avoidance Monitoring Tools
From: Hagen Paul Pfeifer @ 2006-04-23 22:52 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: piet, netdev, linux-net
In-Reply-To: <20060421081917.34ea952b@localhost.localdomain>
* Stephen Hemminger | 2006-04-21 08:19:17 [-0700]:
>2.6.13 still had lots of problems, things didn't really get working
>right till 2.6.15 or later. Especially with TSO.
--verbose?
>I have a tool using kprobe's see http://developer.osdl.org/shemminger/prototypes/tcpprobe.tar.gz
>I try to keep it up to date with current kernel and build process, last used it
>on 2.6.16.
wget http://developer.osdl.org/shemminger/prototypes/tcpprobe.tar.gz
Ended with following error code: ;-)
00:32:48 ERROR 403: Forbidden.
HGN
--
Microsoft is to software what McDonalds is to gourmet cooking.
^ permalink raw reply
* Re: TCP not retransmitting supposedly lost segment
From: Florian Zumbiehl @ 2006-04-23 23:56 UTC (permalink / raw)
To: Herbert Xu; +Cc: netdev
In-Reply-To: <20060423122718.GA16504@gondor.apana.org.au>
Hi,
> This tells us that the kernel was indeed retransmitting but the
> packet didn't make it out of the interface according to your
> tcpdump.
Well, at least the tcp part of it, it seems, yep. The debugging I've
done so far also seems to confirm that the problem is somewhere beyond
the tcp code, but I don't have any real clue yet ...
> Do you have any firewall rules? Any tc rules?
ip6tables rules, yes, but none in the filter/OUTPUT chain (and policy
ACCEPT, of course) and only counting rules in mangle/OUTPUT (using
only user-defined chains and target RETURN, with policy ACCEPT, once
again).
So i'd wonder if that'd be the cause of the problem.
BTW, other TCP/IPv6 (IRC) connections active at the same time work
without problems - but each of them fails in that way now and
then ...
Well, all in all that probably doesn't help you much - but any
hints as to how/where to further debug are welcome :-)
Florian
^ permalink raw reply
* [PATCH] compile error in ieee80211_ioctl.c
From: Alex Davis @ 2006-04-24 0:26 UTC (permalink / raw)
To: linville, netdev
Hello:
I cloned git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-dev.git
last night and got compile errors while compiling net/d80211/ieee80211_ioctl.c
into a module. This patch fixes it.
Signed-off-by: Alex Davis <alex14641@yahoo.com>
diff --git a/net/d80211/ieee80211_ioctl.c b/net/d80211/ieee80211_ioctl.c
index 42a7abe..4949e52 100644
--- a/net/d80211/ieee80211_ioctl.c
+++ b/net/d80211/ieee80211_ioctl.c
@@ -30,7 +30,7 @@ #include "aes_ccm.h"
static int ieee80211_regdom = 0x10; /* FCC */
-MODULE_PARM(ieee80211_regdom, "i");
+module_param(ieee80211_regdom, int, 0x10);
MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain; 64=MKK");
/*
@@ -40,7 +40,7 @@ MODULE_PARM_DESC(ieee80211_regdom, "IEEE
* module.
*/
static int ieee80211_japan_5ghz /* = 0 */;
-MODULE_PARM(ieee80211_japan_5ghz, "i");
+module_param(ieee80211_japan_5ghz, int, 0);
MODULE_PARM_DESC(ieee80211_japan_5ghz, "Vendor-updated firmware for 5 GHz");
I code, therefore I am
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
^ permalink raw reply related
* Re: [PATCH] compile error in ieee80211_ioctl.c
From: Randy.Dunlap @ 2006-04-24 1:53 UTC (permalink / raw)
To: Alex Davis; +Cc: linville, netdev
In-Reply-To: <20060424002639.54669.qmail@web50214.mail.yahoo.com>
On Sun, 23 Apr 2006 17:26:39 -0700 (PDT) Alex Davis wrote:
> Hello:
>
> I cloned git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-dev.git
> last night and got compile errors while compiling net/d80211/ieee80211_ioctl.c
> into a module. This patch fixes it.
>
> Signed-off-by: Alex Davis <alex14641@yahoo.com>
>
> diff --git a/net/d80211/ieee80211_ioctl.c b/net/d80211/ieee80211_ioctl.c
> index 42a7abe..4949e52 100644
> --- a/net/d80211/ieee80211_ioctl.c
> +++ b/net/d80211/ieee80211_ioctl.c
> @@ -30,7 +30,7 @@ #include "aes_ccm.h"
>
>
> static int ieee80211_regdom = 0x10; /* FCC */
> -MODULE_PARM(ieee80211_regdom, "i");
> +module_param(ieee80211_regdom, int, 0x10);
> MODULE_PARM_DESC(ieee80211_regdom, "IEEE 802.11 regulatory domain; 64=MKK");
The last parameter of module_param() is a permission value, not
an init value. The int is already initialized above.
Typical permission values are 0, 0444, 0644, ... (octal,
or use the available #defines).
> /*
> @@ -40,7 +40,7 @@ MODULE_PARM_DESC(ieee80211_regdom, "IEEE
> * module.
> */
> static int ieee80211_japan_5ghz /* = 0 */;
> -MODULE_PARM(ieee80211_japan_5ghz, "i");
> +module_param(ieee80211_japan_5ghz, int, 0);
> MODULE_PARM_DESC(ieee80211_japan_5ghz, "Vendor-updated firmware for 5 GHz");
---
~Randy
^ permalink raw reply
* Re: Netpoll checksum issue
From: Aubrey @ 2006-04-24 5:42 UTC (permalink / raw)
To: Herbert Xu; +Cc: Stephen Hemminger, netdev
In-Reply-To: <20060423113432.GA16424@gondor.apana.org.au>
[-- Attachment #1: Type: text/plain, Size: 1532 bytes --]
On 4/23/06, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Thu, Apr 20, 2006 at 09:54:54AM +0800, Aubrey wrote:
> Please send me a copy of the driver source that you were using when
> this happened.
The driver is attached.
> Could you please add a printk in checksum_udp to print out the pertinent
> values such as the expected checksum and actual checksum?
>
It seems not only "checksum_udp" in "netpoll", a few other routines
will call "__skb_checksum_complete", So the routine
"__skb_checksum_complete" must be ok.
And,
The routine "csum_tcpudp_nofold" should be ok, too. Because it's
called by many other routines, too.
But, I don't understand, why assign "psum=csum_tcpudp_nofold()" to
"skb->csum", and make "__skb_checksum_complete" to do the checksum?
Thanks for your any hints
Regards,
-Aubrey
================================================================
static int checksum_udp(struct sk_buff *skb, struct udphdr *uh,
unsigned short ulen, u32 saddr, u32 daddr)
{
unsigned int psum;
if (uh->check == 0 || skb->ip_summed == CHECKSUM_UNNECESSARY)
return 0;
psum = csum_tcpudp_nofold(saddr, daddr, ulen, IPPROTO_UDP, 0);
if (skb->ip_summed == CHECKSUM_HW &&
!(u16)csum_fold(csum_add(psum, skb->csum)))
return 0;
skb->csum = psum;
return __skb_checksum_complete(skb);
}
==================================================================
[-- Attachment #2: bfin_mac.c --]
[-- Type: text/plain, Size: 21501 bytes --]
static const char version[] =
"bf53mac.c: v1.0, Aug 27 2005 by Luke Yang <luke.yang@analog.com>\n";
/* Debugging level */
#ifndef BF537MAC_DEBUG
#define BF537MAC_DEBUG 0
#endif
#include <linux/config.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/delay.h>
#include <linux/timer.h>
#include <linux/errno.h>
#include <linux/ioport.h>
#include <linux/crc32.h>
#include <linux/device.h>
#include <linux/spinlock.h>
#include <linux/ethtool.h>
#include <linux/mii.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>
#include <linux/skbuff.h>
#include <linux/platform_device.h>
#include <linux/netdevice.h>
#include <linux/etherdevice.h>
#include <linux/skbuff.h>
#include <asm/io.h>
#include <asm/irq.h>
#include <asm/dma.h>
#include <linux/dma-mapping.h>
#include "bfin_mac.h"
#include <asm/irq.h>
#include <asm/blackfin.h>
#include <asm/delay.h>
MODULE_LICENSE("GPL");
#define CARDNAME "bfin_mac"
static void desc_list_free(void);
/* transmit net_dma_desc numbers */
#define INIT_DESC_NUM 12
#define MAX_DESC_NUM 64
#define MAX_RX_DESC_NUM 8
/* pointers to maintain transmit list */
struct net_dma_desc *tx_list_head;
struct net_dma_desc *tx_list_tail;
struct net_dma_desc *rx_list_head;
struct net_dma_desc *rx_list_tail;
struct net_dma_desc *current_rx_ptr;
struct net_dma_desc *current_tx_ptr;
int current_desc_num;
extern unsigned long l1_data_A_sram_alloc(unsigned long size);
extern unsigned long l1_data_A_sram_free(unsigned long size);
extern void get_bf537_ether_addr(char *addr);
static int desc_list_init(void)
{
struct net_dma_desc *tmp_desc;
int i;
dma_addr_t dma_handle;
/* init tx_list */
if (current_desc_num == 0) {
for (i=0;i < INIT_DESC_NUM;i++) {
tmp_desc = (struct net_dma_desc *)dma_alloc_coherent(NULL, sizeof(struct net_dma_desc), &dma_handle , GFP_DMA);
//tmp_desc = (struct net_dma_desc *)l1_data_A_sram_alloc(sizeof(struct net_dma_desc));
if (tmp_desc == NULL)
goto error;
else
memset(tmp_desc,0,sizeof(tmp_desc));
if (i == 0) {
tx_list_head = tmp_desc;
tx_list_tail = tmp_desc;
}
tmp_desc->desc_a.start_addr = (unsigned long)tmp_desc->packet;
tmp_desc->desc_a.x_count = 0;
tmp_desc->desc_a.config.b_DMA_EN = 0; //disabled
tmp_desc->desc_a.config.b_WNR = 0; //read from memory
tmp_desc->desc_a.config.b_WDSIZE = 2; //wordsize is 32 bits
tmp_desc->desc_a.config.b_NDSIZE = 6; //6 half words is desc size.
tmp_desc->desc_a.config.b_FLOW = 7; //large desc flow
tmp_desc->desc_a.next_dma_desc = &(tmp_desc->desc_b);
tmp_desc->desc_b.start_addr = (unsigned long)(&(tmp_desc->status));
tmp_desc->desc_b.x_count = 0;
tmp_desc->desc_b.config.b_DMA_EN = 1; //disabled
tmp_desc->desc_b.config.b_WNR = 1; //write to memory
tmp_desc->desc_b.config.b_WDSIZE = 2; //wordsize is 32 bits
tmp_desc->desc_b.config.b_DI_EN = 0; //disable interrupt
tmp_desc->desc_b.config.b_NDSIZE = 6;
tmp_desc->desc_b.config.b_FLOW = 7; //stop mode
tx_list_tail->desc_b.next_dma_desc = &(tmp_desc->desc_a);
tx_list_tail->next = tmp_desc;
tx_list_tail = tmp_desc;
}
tx_list_tail->next = tx_list_head; /* tx_list is a circle */
tx_list_tail->desc_b.next_dma_desc = &(tx_list_head->desc_a);
current_desc_num = INIT_DESC_NUM;
current_tx_ptr = tx_list_head;
}
/* init rx_list */
for (i = 0; i < MAX_RX_DESC_NUM; i++) {
//tmp_desc = (struct net_dma_desc *)dma_alloc_coherent(NULL, sizeof(struct net_dma_desc), &dma_handle , GFP_DMA);
tmp_desc = (struct net_dma_desc *)l1_data_A_sram_alloc(sizeof(struct net_dma_desc));
if (tmp_desc == NULL)
goto error;
else
memset(tmp_desc,0,sizeof(tmp_desc));
if (i == 0) {
rx_list_head = tmp_desc;
rx_list_tail = tmp_desc;
}
tmp_desc->desc_a.start_addr = (unsigned long)tmp_desc->packet;
tmp_desc->desc_a.x_count = 0;
tmp_desc->desc_a.config.b_DMA_EN = 1; //enabled
tmp_desc->desc_a.config.b_WNR = 1; //Write to memory
tmp_desc->desc_a.config.b_WDSIZE = 2; //wordsize is 32 bits
tmp_desc->desc_a.config.b_NDSIZE = 6; //6 half words is desc size.
tmp_desc->desc_a.config.b_FLOW = 7; //large desc flow
tmp_desc->desc_a.next_dma_desc = &(tmp_desc->desc_b);
tmp_desc->desc_b.start_addr = (unsigned long)(&(tmp_desc->status));
tmp_desc->desc_b.x_count = 0;
tmp_desc->desc_b.config.b_DMA_EN = 1; //enabled
tmp_desc->desc_b.config.b_WNR = 1; //Write to memory
tmp_desc->desc_b.config.b_WDSIZE = 2; //wordsize is 32 bits
tmp_desc->desc_b.config.b_NDSIZE = 6;
tmp_desc->desc_b.config.b_DI_EN = 1; //enable interrupt
tmp_desc->desc_b.config.b_FLOW = 7; //stop
rx_list_tail->desc_b.next_dma_desc = &(tmp_desc->desc_a);
rx_list_tail->next = tmp_desc;
rx_list_tail = tmp_desc;
}
rx_list_tail->next = rx_list_head; /* rx_list is a circle */
rx_list_tail->desc_b.next_dma_desc = &(rx_list_head->desc_a);
current_rx_ptr = rx_list_head;
return 0;
error:
desc_list_free();
printk("bf537mac: kmalloc failed. \n");
return -ENOMEM;
}
static void desc_list_free(void)
{
struct net_dma_desc *tmp_desc;
int i;
dma_addr_t dma_handle = 0;
tmp_desc = tx_list_head;
for (i = 0; i < INIT_DESC_NUM; i++) {
if (tmp_desc != NULL)
dma_free_coherent(NULL, sizeof(struct net_dma_desc), tmp_desc, dma_handle);
tmp_desc = tmp_desc->next;
}
tmp_desc = rx_list_head;
for (i = 0; i < MAX_RX_DESC_NUM; i++) {
if (tmp_desc != NULL)
l1_data_A_sram_free((unsigned long)tmp_desc);
tmp_desc = tmp_desc->next;
}
}
/*---PHY CONTROL AND CONFIGURATION-----------------------------------------*/
//
//Set FER regs to MUX in Ethernet pins
//
static void SetupPinMux(void)
{
unsigned int fer_val;
// FER reg bug work-around
// read it once
fer_val = *pPORTH_FER;
fer_val = 0xffff;
// write it twice to the same value
*pPORTH_FER = fer_val;
*pPORTH_FER = fer_val;
}
//
//Wait until the previous MDC/MDIO transaction has completed
//
static void PollMdcDone(void)
{
// poll the STABUSY bit
while((*pEMAC_STAADD) & STABUSY) {};
}
//
//Read an off-chip register in a PHY through the MDC/MDIO port
//
static u16 RdPHYReg(u16 PHYAddr, u16 RegAddr)
{
PollMdcDone();
*pEMAC_STAADD = SET_PHYAD(PHYAddr) | SET_REGAD(RegAddr) | STABUSY; // read mode
PollMdcDone();
return (u16)*pEMAC_STADAT;
}
//
//Write an off-chip register in a PHY through the MDC/MDIO port
//
static void RawWrPHYReg(u16 PHYAddr, u16 RegAddr, u32 Data)
{
*pEMAC_STADAT = Data;
*pEMAC_STAADD = SET_PHYAD(PHYAddr) | SET_REGAD(RegAddr) |
STAOP | STABUSY; //write mode
PollMdcDone();
}
static void WrPHYReg(u16 PHYAddr, u16 RegAddr, u32 Data)
{
PollMdcDone();
RawWrPHYReg(PHYAddr,RegAddr,Data);
}
//
//set up the phy
//
static int bf537mac_setphy(struct net_device *dev)
{
u16 phydat;
u32 sysctl;
struct bf537mac_local *lp = netdev_priv(dev);
//printk("bf537_mac: start settting up phy\n");
//Program PHY registers
phydat = 0;
// issue a reset
RawWrPHYReg(lp->PhyAddr, PHYREG_MODECTL, 0x8000);
// wait half a second
udelay(500);
phydat = RdPHYReg(lp->PhyAddr, PHYREG_MODECTL);
// advertise flow control supported
phydat = RdPHYReg(lp->PhyAddr, PHYREG_ANAR);
phydat |= (1 << 10);
WrPHYReg(lp->PhyAddr, PHYREG_ANAR, phydat);
phydat = 0;
if (lp->Negotiate) {
phydat |= 0x1000;// enable auto negotiation
} else {
if (lp->FullDuplex) {
phydat |= (1 << 8);// full duplex
} else {
phydat &= (~(1 << 8));// half duplex
}
if (!lp->Port10) {
phydat |= (1 << 13);// 100 Mbps
} else {
phydat &= (~(1 << 13));// 10 Mbps
}
}
if (lp->Loopback) {
phydat |= (1 << 14);// enable TX->RX loopback
//WrPHYReg(lp->PhyAddr, PHYREG_MODECTL, phydat);
}
WrPHYReg(lp->PhyAddr, PHYREG_MODECTL, phydat);
udelay(500);
phydat = RdPHYReg(lp->PhyAddr, PHYREG_MODECTL);
// check for SMSC PHY
if ((RdPHYReg(lp->PhyAddr, PHYREG_PHYID1) == 0x7) && ((RdPHYReg(lp->PhyAddr, PHYREG_PHYID2)&0xfff0 ) == 0xC0A0)) {
// we have SMSC PHY so reqest interrupt on link down condition
WrPHYReg(lp->PhyAddr, 30, 0x0ff); // enable interrupts
// enable PHY_INT
sysctl = *pEMAC_SYSCTL;
sysctl |= 0x1;
//*pEMAC_SYSCTL = sysctl;
}
}
/**************************************************************************/
void SetupSystemRegs(struct net_device *dev)
{
int PHYADDR;
unsigned short sysctl, phydat;
struct bf537mac_local *lp = netdev_priv(dev);
PHYADDR = lp->PhyAddr;
/* Enable PHY output */
*pVR_CTL |= PHYCLKOE;
/* MDC = 2.5 MHz */
sysctl = SET_MDCDIV(24);
/* Odd word alignment for Receive Frame DMA word */
/* Configure checksum support and rcve frame word alignment */
sysctl |= RXDWA;
*pEMAC_SYSCTL = sysctl;
/* auto negotiation on */
/* full duplex */
/* 100 Mbps */
phydat = PHY_ANEG_EN | PHY_DUPLEX | PHY_SPD_SET;
WrPHYReg(PHYADDR, PHYREG_MODECTL, phydat);
//*pEMAC_MMC_CTL = RSTC | CROLL | MMCE;
*pEMAC_MMC_CTL = RSTC | CROLL;
/* Initialize the TX DMA channel registers */
*pDMA2_X_COUNT = 0;
*pDMA2_X_MODIFY = 4;
*pDMA2_Y_COUNT = 0;
*pDMA2_Y_MODIFY = 0;
/* Initialize the RX DMA channel registers */
*pDMA1_X_COUNT = 0;
*pDMA1_X_MODIFY = 4;
*pDMA1_Y_COUNT = 0;
*pDMA1_Y_MODIFY = 0;
}
void SetupMacAddr(u8 *mac_addr)
{
// this depends on a little-endian machine
*pEMAC_ADDRLO = *(u32 *)&mac_addr[0];
*pEMAC_ADDRHI = *(u16 *)&mac_addr[4];
}
static void adjust_tx_list(void)
{
int i = 0;
/* current's next can not be the head, otherwise the dma will not stop as we want */
if (current_tx_ptr->next->next == tx_list_head) {
while (tx_list_head->status.status_word == 0) {
udelay(100);
i++;
if (i == 10) {
//printk("tx list error!\n");
i = 0;
tx_list_head->desc_a.config.b_DMA_EN = 0;
tx_list_head = tx_list_head->next;
break;
}
}
}
if ((tx_list_head->status.status_word != 0)) {
tx_list_head->status.status_word = 0;
tx_list_head->desc_a.config.b_DMA_EN = 0;
tx_list_head = tx_list_head->next;
}
}
static int bf537mac_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
{
struct bf537mac_local *lp = netdev_priv(dev);
unsigned int data;
/* warning: printk in this function may cause error */
// Is skb->data always 16-bit aligned? Do we need to memcpy((char *)(tail->packet + 2),skb->data,len)?
if ( (((unsigned int)(skb->data))%4) == 2 ) {
//move skb->data to current_tx_ptr payload
data = (unsigned int)(skb->data);
data -= 2;
*((unsigned short *)data) = (unsigned short)(skb->len);
current_tx_ptr->desc_a.start_addr = (unsigned long)data;
blackfin_dcache_invalidate_range(data, (data+(skb->len)) + 2); //this is important!
} else {
*((unsigned short *)(current_tx_ptr->packet)) = (unsigned short)(skb->len);
memcpy((char *)(current_tx_ptr->packet + 2),skb->data,(skb->len));
current_tx_ptr->desc_a.start_addr = (unsigned long)current_tx_ptr->packet;
/*why we need to invalidate uncached memory? */
blackfin_dcache_invalidate_range((unsigned int)current_tx_ptr->packet, (unsigned int)(current_tx_ptr->packet + skb->len) + 2);
}
current_tx_ptr->desc_a.config.b_DMA_EN = 1; //enable this packet's dma
if (*pDMA2_IRQ_STATUS & 0x08) { //tx dma is running, just return
goto out;
} else { //tx dma is not running
*pDMA2_NEXT_DESC_PTR = (&(current_tx_ptr->desc_a));
*pDMA2_CONFIG = *((unsigned short *)(&(current_tx_ptr->desc_a.config)));; // dma enabled, read from memory, size is 6
// Turn on the EMAC tx
*pEMAC_OPMODE |= TE;
}
out:
adjust_tx_list();
current_tx_ptr = current_tx_ptr->next;
dev->trans_start = jiffies;
lp->stats.tx_packets++;
lp->stats.tx_bytes += (skb->len);
dev_kfree_skb(skb);
//printk("sending one...\n");
return 0;
}
static void bf537mac_rx(struct net_device *dev, unsigned char *pkt, int len)
{
struct sk_buff *skb;
struct bf537mac_local *lp = netdev_priv(dev);
skb = dev_alloc_skb(len + 2);
if (!skb) {
printk(KERN_NOTICE "bf537mac rx: low on mem - packet dropped\n");
lp->stats.rx_dropped++;
goto out;
}
skb_reserve(skb, 2);
/*
if (len >= 300) {
printk("going to copy the big packet\n");
for (i=0;i<len;i++){
printk("%.2x-",((unsigned char *)pkt)[i]);
if (((i%8)==0) && (i!=0)) printk("\n");
}
printk("\n");
}
*/
memcpy(skb_put(skb, len), pkt+2, len);
dev->last_rx = jiffies;
skb->dev = dev;
skb->protocol = eth_type_trans(skb, dev);
skb->ip_summed = CHECKSUM_UNNECESSARY;
netif_rx(skb);
lp->stats.rx_packets++;
lp->stats.rx_bytes += len;
out:
return;
}
/* interrupt routine to handle rx and error signal */
static irqreturn_t bf537mac_interrupt(int irq, void *dev_id, struct pt_regs *regs)
{
struct net_device *dev = dev_id;
unsigned short len;
// printk("in mac_int\n");
get_one_packet:
if (current_rx_ptr->status.status_word == 0) { // no more new packet received
*pDMA1_IRQ_STATUS |= DMA_DONE|DMA_ERR;
//printk("now return..\n");
return IRQ_HANDLED;
}
len = (unsigned short)((current_rx_ptr->status.status_word) & RX_FRLEN);
bf537mac_rx(dev, (char *)(current_rx_ptr->packet), len);
current_rx_ptr->status.status_word = 0x00000000;
current_rx_ptr = current_rx_ptr->next;
goto get_one_packet;
}
#ifdef CONFIG_NET_POLL_CONTROLLER
static void bf537mac_poll(struct net_device* dev)
{
disable_irq(IRQ_MAC_RX);
bf537mac_interrupt(IRQ_MAC_RX, dev, NULL);
enable_irq(IRQ_MAC_RX);
}
#endif /* CONFIG_NET_POLL_CONTROLLER */
static void bf537mac_reset(void)
{
unsigned int opmode;
opmode = *pEMAC_OPMODE;
opmode &= (~RE);
opmode &= (~TE);
/* Turn off the EMAC */
*pEMAC_OPMODE &= opmode;
}
/*
* Enable Interrupts, Receive, and Transmit
*/
static int bf537mac_enable(struct net_device *dev)
{
u32 opmode;
//u32 pkt_status;
//printk("%s: %s\n", dev->name, __FUNCTION__);
/* Set RX DMA */
*pDMA1_NEXT_DESC_PTR = &(rx_list_head->desc_a);
*pDMA1_CONFIG = *((unsigned short *)(&(rx_list_head->desc_a.config)));
/* Wait MII done */
PollMdcDone();
/* We enable only RX here */
/* ASTP : Enable Automatic Pad Stripping
PR : Promiscuous Mode for test
PSF : Receive frames with total length less than 64 bytes.
FDMODE : Full Duplex Mode
LB : Internal Loopback for test
RE : Receiver Enable */
opmode = FDMODE|PSF;
opmode |= RE;
/* Turn on the EMAC rx */
*pEMAC_OPMODE = opmode;
return 0;
}
/* Our watchdog timed out. Called by the networking layer */
static void bf537mac_timeout(struct net_device *dev)
{
//printk("%s: %s\n", dev->name, __FUNCTION__);
bf537mac_reset();
/* reset tx queue */
tx_list_tail = tx_list_head->next;
bf537mac_enable(dev);
/* We can accept TX packets again */
dev->trans_start = jiffies;
netif_wake_queue(dev);
}
/*
* Get the current statistics.
* This may be called with the card open or closed.
*/
static struct net_device_stats *bf537mac_query_statistics(struct net_device *dev)
{
struct bf537mac_local *lp = netdev_priv(dev);
//printk("%s: %s\n", dev->name, __FUNCTION__);
return &lp->stats;
}
/*
* This routine will, depending on the values passed to it,
* either make it accept multicast packets, go into
* promiscuous mode (for TCPDUMP and cousins) or accept
* a select set of multicast packets
*/
static void bf537mac_set_multicast_list(struct net_device *dev)
{
u32 sysctl;
if (dev->flags & IFF_PROMISC) {
printk(KERN_INFO "%s: set to promisc mode\n", dev->name);
sysctl = *pEMAC_OPMODE;
sysctl |= RAF;
*pEMAC_OPMODE = sysctl;
} else if (dev->flags & IFF_ALLMULTI || dev->mc_count > 16) {
/* accept all multicast */
sysctl = *pEMAC_OPMODE;
sysctl |= PAM;
*pEMAC_OPMODE = sysctl;
} else if (dev->mc_count) {
/* set multicast */
} else {
/* clear promisc or multicast mode */
sysctl = *pEMAC_OPMODE;
sysctl &= ~(RAF | PAM);
*pEMAC_OPMODE = sysctl;
}
}
/*
* this puts the device in an inactive state
*/
static void bf537mac_shutdown(struct net_device *dev)
{
/* Turn off the EMAC */
*pEMAC_OPMODE = 0x00000000;
/* Turn off the EMAC RX DMA */
*pDMA1_CONFIG = 0x0000;
*pDMA2_CONFIG = 0x0000;
}
/*
* Open and Initialize the interface
*
* Set up everything, reset the card, etc..
*/
static int bf537mac_open(struct net_device *dev)
{
//printk("%s: %s\n", dev->name, __FUNCTION__);
/*
* Check that the address is valid. If its not, refuse
* to bring the device up. The user must specify an
* address using ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx
*/
if (!is_valid_ether_addr(dev->dev_addr)) {
printk((KERN_DEBUG "bf537mac_open: no valid ethernet hw addr\n"));
return -EINVAL;
}
/* initial rx and tx list */
desc_list_init();
bf537mac_setphy(dev);
SetupSystemRegs(dev);
bf537mac_reset();
bf537mac_enable(dev);
printk("bf537_mac: hardware init finished\n");
netif_start_queue(dev);
netif_carrier_on(dev);
return 0;
}
/*
*
* this makes the board clean up everything that it can
* and not talk to the outside world. Caused by
* an 'ifconfig ethX down'
*/
static int bf537mac_close(struct net_device *dev)
{
//printk("%s: %s\n", dev->name, __FUNCTION__);
netif_stop_queue(dev);
netif_carrier_off(dev);
/* clear everything */
bf537mac_shutdown(dev);
/* free the rx/tx buffers */
desc_list_free();
return 0;
}
static int __init bf537mac_probe(struct net_device *dev)
{
struct bf537mac_local *lp = netdev_priv(dev);
int retval;
/* Grab the MAC address in the MAC */
*(u32 *)(&(dev->dev_addr[0])) = *pEMAC_ADDRLO;
*(u16 *)(&(dev->dev_addr[4])) = (u16)*pEMAC_ADDRHI;
/* probe mac */
/*todo: how to proble? which is revision_register */
*pEMAC_ADDRLO = 0x12345678;
if (*pEMAC_ADDRLO != 0x12345678) {
//printk("bf537_mac: can't detect bf537 mac!\n");
retval = -ENODEV;
goto err_out;
}
/*Is it valid? (Did bootloader initialize it?)*/
if (!is_valid_ether_addr(dev->dev_addr)) {
/* Grab the MAC from the board somehow - this is done in the
arch/blackfin/boards/bf537/boardname.c */
get_bf537_ether_addr(dev->dev_addr);
}
/* If still not valid, get a random one */
if (!is_valid_ether_addr(dev->dev_addr)) {
random_ether_addr(dev->dev_addr);
}
SetupMacAddr(dev->dev_addr);
/* Fill in the fields of the device structure with ethernet values. */
ether_setup(dev);
dev->open = bf537mac_open;
dev->stop = bf537mac_close;
dev->hard_start_xmit = bf537mac_hard_start_xmit;
dev->tx_timeout = bf537mac_timeout;
dev->get_stats = bf537mac_query_statistics;
dev->set_multicast_list = bf537mac_set_multicast_list;
// dev->ethtool_ops = &bf537mac_ethtool_ops;
#ifdef CONFIG_NET_POLL_CONTROLLER
dev->poll_controller = bf537mac_poll;
#endif
/* fill in some of the fields */
lp->version = 1;
lp->PhyAddr = 0x01;
lp->CLKIN = 25;
lp->FullDuplex = 0;
lp->Negotiate = 1;
lp->FlowControl = 0;
// set the GPIO pins to Ethernet mode
SetupPinMux();
/* now, enable interrupts */
/* register irq handler */
if (request_irq(IRQ_MAC_RX, bf537mac_interrupt, SA_INTERRUPT|SA_SHIRQ, "BFIN537_MAC_RX",dev)) {
printk("Unable to attach BlackFin MAC RX interrupt\n");
return -EBUSY;
}
retval = register_netdev(dev);
if (retval == 0) {
/* now, print out the card info, in a short format.. */
printk(KERN_INFO "Blackfin 537 mac net device registered.\n");
}
err_out:
return retval;
}
static int bf537mac_drv_probe(struct device *dev)
{
struct net_device *ndev;
int ret=0;
ndev = alloc_etherdev(sizeof(struct bf537mac_local));
if (!ndev) {
printk("%s: could not allocate device.\n", CARDNAME);
ret = -ENOMEM;
return ret;
}
ret = bf537mac_probe(ndev);
if (ret != 0) {
dev_set_drvdata(dev, NULL);
free_netdev(ndev);
printk("%s: not found (%d).\n", CARDNAME, ret);
}
SET_MODULE_OWNER(ndev);
SET_NETDEV_DEV(ndev, dev);
dev_set_drvdata(dev, ndev);
//printk("bf537_mac: probe finished\n");
return ret;
}
static int bf537mac_drv_remove(struct device *dev)
{
struct net_device *ndev = dev_get_drvdata(dev);
dev_set_drvdata(dev, NULL);
unregister_netdev(ndev);
free_irq(IRQ_MAC_RX, ndev);
free_netdev(ndev);
return 0;
}
static int bf537mac_drv_suspend(struct device *dev, u32 state, u32 level)
{
return 0;
}
static int bf537mac_drv_resume(struct device *dev, u32 level)
{
return 0;
}
static struct device_driver bf537mac_driver = {
.name = CARDNAME,
.bus = &platform_bus_type,
.probe = bf537mac_drv_probe,
.remove = bf537mac_drv_remove,
.suspend = bf537mac_drv_suspend,
.resume = bf537mac_drv_resume,
};
static int __init bf537mac_init(void)
{
return driver_register(&bf537mac_driver);
}
static void __exit bf537mac_cleanup(void)
{
driver_unregister(&bf537mac_driver);
}
module_init(bf537mac_init);
module_exit(bf537mac_cleanup);
[-- Attachment #3: bfin_mac.h --]
[-- Type: text/plain, Size: 3647 bytes --]
// -----------------------------------------------------------------------
// PHY REGISTER NAMES //
// -----------------------------------------------------------------------
#define PHYREG_MODECTL 0x0000
#define PHYREG_MODESTAT 0x0001
#define PHYREG_PHYID1 0x0002
#define PHYREG_PHYID2 0x0003
#define PHYREG_ANAR 0x0004
#define PHYREG_ANLPAR 0x0005
#define PHYREG_ANER 0x0006
#define PHYREG_NSR 0x0010
#define PHYREG_LBREMR 0x0011
#define PHYREG_REC 0x0012
#define PHYREG_10CFG 0x0013
#define PHYREG_PHY1_1 0x0014
#define PHYREG_PHY1_2 0x0015
#define PHYREG_PHY2 0x0016
#define PHYREG_TW_1 0x0017
#define PHYREG_TW_2 0x0018
#define PHYREG_TEST 0x0019
#define PHY_RESET 0x8000
#define PHY_ANEG_EN 0x1000
#define PHY_DUPLEX 0x0100
#define PHY_SPD_SET 0x2000
typedef struct _DMA_CONFIG
{
unsigned short b_DMA_EN:1; //Bit 0 : DMA Enable
unsigned short b_WNR:1; //Bit 1 : DMA Direction
unsigned short b_WDSIZE:2; //Bit 2 & 3 : DMA Tranfer Word size
unsigned short b_DMA2D:1; //Bit 4 : DMA Mode 2D or 1D
unsigned short b_RESTART:1; //Bit 5 : Retain the FIFO
unsigned short b_DI_SEL:1; //Bit 6 : Data Interrupt Timing Select
unsigned short b_DI_EN:1; //Bit 7 : Data Interrupt Enable
unsigned short b_NDSIZE:4; //Bit 8 to 11 : Flex descriptor Size
unsigned short b_FLOW:3; //Bit 12 to 14 : FLOW
} DMA_CONFIG_REG;
struct dma_descriptor {
struct dma_descriptor *next_dma_desc;
unsigned long start_addr;
DMA_CONFIG_REG config;
unsigned short x_count;
};
/*
struct status_area {
unsigned short ip_hdr_chksum; // the IP header checksum
unsigned short ip_payload_chksum; // the IP header and payload checksum
unsigned long status_word; // the frame status word
};
*/
struct status_area {
unsigned long status_word; // the frame status word
};
/* use two descriptors for a packet */
struct net_dma_desc {
struct net_dma_desc *next;
struct dma_descriptor desc_a;
struct dma_descriptor desc_b;
volatile unsigned char packet[1560];
volatile struct status_area status;
};
struct bf537mac_local {
/*
* these are things that the kernel wants me to keep, so users
* can find out semi-useless statistics of how well the card is
* performing
*/
struct net_device_stats stats;
int version;
int FlowEnabled; // record if data flow is active
int EtherIntIVG; // IVG for the ethernet interrupt
int RXIVG; // IVG for the RX completion
int TXIVG; // IVG for the TX completion
int PhyAddr; // PHY address
int OpMode; // set these bits n the OPMODE regs
int Port10; // set port speed to 10 Mbit/s
int GenChksums; // IP checksums to be calculated
int NoRcveLnth; // dont insert recv length at start of buffer
int StripPads; // remove trailing pad bytes
int FullDuplex; // set full duplex mode
int Negotiate; // enable auto negotiation
int Loopback; // loopback at the PHY
int Cache; // Buffers may be cached
int FlowControl; // flow control active
int CLKIN; // clock in value in MHZ
unsigned short IntMask; // interrupt mask
unsigned char Mac[6]; // MAC address of the board
};
^ permalink raw reply
* Re: Fw: Bug: PPP dropouts in >=2.6.16
From: Sven Schuster @ 2006-04-24 7:41 UTC (permalink / raw)
To: Andi Kleen; +Cc: Jesse Brandeburg, Andrew Morton, netdev, Nuri Jawad
In-Reply-To: <200604220202.59434.ak@suse.de>
[-- Attachment #1: Type: text/plain, Size: 890 bytes --]
On Sat, Apr 22, 2006 at 02:02:59AM +0200, Andi Kleen told us:
> On Friday 21 April 2006 19:15, Jesse Brandeburg wrote:
> > On 4/21/06, Andrew Morton <akpm@osdl.org> wrote:
> > >
> > > We do seem to have had a few reports of ppp regressions around this
> > > timeframe.
> >
> > me too. I couldn't use 2.6.16 at home on my pppoe connected router
> > because it was so slow. I didn't have time to debug. I can probably
> > try patches and provide more data too. Tell me what is needed.
>
> I seem to have some trouble on my PPPoE too. But it's not really unusable,
> just dropouts now and then.
no problems here with pppoe, kernel is 2.6.17-rc1-mm1, ppp 2.4.4-b1.
Sven
> -Andi
> -
--
Linux zion.homelinux.com 2.6.17-rc1-mm1_31 #31 Sat Apr 8 16:18:23 CEST 2006 i686 athlon i386 GNU/Linux
09:40:22 up 1 day, 13:14, 4 users, load average: 0.34, 0.16, 0.11
[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]
^ permalink raw reply
* Re: Netpoll checksum issue
From: Aubrey @ 2006-04-24 7:46 UTC (permalink / raw)
To: Herbert Xu; +Cc: Stephen Hemminger, netdev
In-Reply-To: <6d6a94c50604232242hd091922q8a2a0c78f1163b3c@mail.gmail.com>
Hi Herbert,
Things seem to be more clear for me.
When not in netpoll mode, before an udp package passed to "udp_rcv",
the ip layer will call the routine "__skb_checksum_complete(skb);"
to do the checksum. After ip checksum, "skb->ip_summed" will be
assigned to CHECKSUM_UNNECESSARY.
============================================================
unsigned int __skb_checksum_complete(struct sk_buff *skb)
{
unsigned int sum;
sum = (u16)csum_fold(skb_checksum(skb, 0, skb->len, skb->csum));
if (likely(!sum)) {
if (unlikely(skb->ip_summed == CHECKSUM_HW))
netdev_rx_csum_fault(skb->dev);
skb->ip_summed = CHECKSUM_UNNECESSARY;
}
return sum;
}
============================================================
So, in the routine "udp_rcv", actually, the csum is not checked.
Consequently, udp has no problem in the non-netpoll mode.
When in the netpoll mode, ip checksum is implemented by the routine
"ip_fast_csum", which does not assgin CHECKSUM_UNNECESSARY to
"skb->ip_summed", so udp has to check sum. Although checksum_udp in
the netpoll mode uses the same method as non-netpoll mode(see below),
it failed still.
============================
skb->csum = csum_tcpudp_nofold(saddr, daddr, ulen, IPPROTO_UDP, 0);
return __skb_checksum_complete(skb);
============================
So, Is the udp checksum algorithm wrong? or should we add one line
------------------------------
skb->ip_summed = CHECKSUM_UNNECESSARY;
------------------------------
after/into the routine "ip_fast_csum"?
Regards,
-Aubrey
^ permalink raw reply
* 1/3rd packets dropped by tethereal
From: Abhimanyu Rapria @ 2006-04-24 7:53 UTC (permalink / raw)
To: linux-net, netdev
Hi
When i ran the below command on vicidial dialer:
[root@vicidial2 ~]# tethereal -i eth0 -a duration:300 -w sample.cap
Capturing on eth0
320167
147496 packets dropped
Machine configuration:
Linux vicidial2.esselshyam.net 2.6.11-1.1369_FC4smp #1 SMP Thu Jun 2
23:08:39 EDT 2005 i686 i686 i386 GNU/Linux
Machine Model: HP dx6120 MT
http://h50025.www5.hp.com/hpcom/in_en/14_30_146_4492_44289.html
RAM 1 GB
HDD 80 GB SATA
When i ran Acterna PVA-1000 on sample.cap it showed Max Jitter about
20 % and packet loss and echo as major cause of voice degradation. MQS
was also less 2.59 where as it should be around 5.0. are packets being
dropped at interface card or at kernel and how to correct it.
on net i found:
So "1000 packets captured" means, in Tethereal and tcpdump, "1000
packets read from libpcap and processed".
What "100 packets dropped" means is that, of all the packets supplied
to the kernel's packet capture mechanism that passed the filter, 100
of them were dropped because there wasn't enough room in the kernel's
buffer for them; this means that packets aren't being read from the
kernel's capture mechanism fast enough by the application.
dmesg output:
Linux version 2.6.11-1.1369_FC4smp
(bhcompile@decompose.build.redhat.com ) (gcc version 4.0.0 20050525
(Red Hat 4.0.0-9)) #1 SMP Thu Jun 2 23:08:39 EDT 2005
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000e8000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000003f7e4000 (usable)
BIOS-e820: 000000003f7e4000 - 0000000040000000 (reserved)
BIOS-e820: 00000000d0000000 - 00000000e0000000 (reserved)
BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)
119MB HIGHMEM available.
896MB LOWMEM available.
found SMP MP-table at 000fe700
Using x86 segment limits to approximate NX protection
On node 0 totalpages: 260068
DMA zone: 4096 pages, LIFO batch:1
Normal zone: 225280 pages, LIFO batch:31
HighMem zone: 30692 pages, LIFO batch:15
DMI 2.3 present.
Using APIC driver default
ACPI: RSDP (v000 COMPAQ ) @ 0x000e9c10
ACPI: RSDT (v001 COMPAQ CPQ0968 0x20050405 0x00000000) @ 0x3f7f4040
ACPI: FADT (v001 COMPAQ GRANTSD 0x00000001 0x00000000) @ 0x3f7f40ec
ACPI: SSDT (v001 COMPAQ PROJECT 0x00000001 MSFT 0x0100000e) @ 0x3f7f565a
ACPI: MADT (v001 COMPAQ GRANTSD 0x00000001 0x00000000) @ 0x3f7f4160
ACPI: ASF! (v032 COMPAQ GRANTSD 0x00000001 0x00000000) @ 0x3f7f41c8
ACPI: MCFG (v001 COMPAQ GRANTSD 0x00000001 0x00000000) @ 0x3f7f422b
ACPI: DSDT (v001 COMPAQ DSDT 0x00000001 MSFT 0x0100000e) @ 0x00000000
ACPI: PM-Timer IO Port: 0xf808
ACPI: Local APIC address 0xfee00000
ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] enabled)
Processor #0 15:4 APIC version 20
ACPI: LAPIC (acpi_id[0x02] lapic_id[0x01] enabled)
Processor #1 15:4 APIC version 20
ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x02] high edge lint[0x1])
ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
IOAPIC[0]: apic_id 1 already used, trying 2
IOAPIC[0]: apic_id 2, version 32, address 0xfec00000, GSI 0-23
ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
ACPI: IRQ0 used by override.
ACPI: IRQ2 used by override.
ACPI: IRQ9 used by override.
Enabling APIC mode: Flat. Using 1 I/O APICs
Using ACPI (MADT) for SMP configuration information
Allocating PCI resources starting at 40000000 (gap: 40000000:90000000)
Built 1 zonelists
Kernel command line: ro root=LABEL=/ rhgb quiet
mapped APIC to ffffd000 (fee00000)
mapped IOAPIC to ffffc000 (fec00000)
Initializing CPU#0
CPU 0 irqstacks, hard=c042a000 soft=c040a000
PID hash table entries: 4096 (order: 12, 65536 bytes)
Detected 3191.307 MHz processor.
Using pmtmr for high-res timesource
Console: colour VGA+ 80x25
Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
Memory: 1024416k/1040272k available (2084k kernel code, 14928k
reserved, 769k data, 232k init, 122768k highmem)
Checking if this processor honours the WP bit even in supervisor mode... Ok.
Calibrating delay loop... 6307.84 BogoMIPS (lpj=3153920)
Security Framework v1.0.0 initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 512
CPU: After generic identify, caps: bfebfbff 20000000 00000000 00000000
0000649d 00000000 00000000
CPU: After vendor identify, caps: bfebfbff 20000000 00000000 00000000
0000649d 00000000 00000000
monitor/mwait feature present.
using mwait in idle threads.
CPU: Trace cache: 12K uops, L1 D cache: 16K
CPU: L2 cache: 2048K
CPU: Physical Processor ID: 0
CPU: After all inits, caps: bfebf3ff 20000000 00000000 00000080
0000649d 00000000 00000000
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
CPU0: Intel P4/Xeon Extended MCE MSRs (24) available
CPU0: Thermal monitoring enabled
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Checking 'hlt' instruction... OK.
CPU0: Intel(R) Pentium(R) 4 CPU 3.20GHz stepping 03
Booting processor 1/1 eip 3000
CPU 1 irqstacks, hard=c042b000 soft=c040b000
Initializing CPU#1
Calibrating delay loop... 6422.52 BogoMIPS (lpj=3211264)
CPU: After generic identify, caps: bfebfbff 20000000 00000000 00000000
0000649d 00000000 00000000
CPU: After vendor identify, caps: bfebfbff 20000000 00000000 00000000
0000649d 00000000 00000000
monitor/mwait feature present.
CPU: Trace cache: 12K uops, L1 D cache: 16K
CPU: L2 cache: 2048K
CPU: Physical Processor ID: 0
CPU: After all inits, caps: bfebf3ff 20000000 00000000 00000080
0000649d 00000000 00000000
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#1.
CPU1: Intel P4/Xeon Extended MCE MSRs (24) available
CPU1: Thermal monitoring enabled
CPU1: Intel(R) Pentium(R) 4 CPU 3.20GHz stepping 03
Total of 2 processors activated (12730.36 BogoMIPS).
ENABLING IO-APIC IRQs
..TIMER: vector=0x31 pin1=2 pin2=-1
checking TSC synchronization across 2 CPUs: passed.
softlockup thread 0 started up.
Brought up 2 CPUs
softlockup thread 1 started up.
checking if image is initramfs... it is
Freeing initrd memory: 1169k freed
NET: Registered protocol family 16
PCI: PCI BIOS revision 2.20 entry at 0xec3b7, last bus=64
PCI: Using MMCONFIG
mtrr: v2.0 (20020519)
ACPI: Subsystem revision 20050309
ACPI: Interpreter enabled
ACPI: Using IOAPIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (0000:00)
PCI: Probing PCI hardware (bus 00)
Boot video device is 0000:00:02.0
PCI: Ignoring BAR0-3 of IDE controller 0000:00:1f.1
PCI: Transparent bridge - 0000:00:1e.0
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.PCX1._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.PCX2._PRT]
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.HUB_._PRT]
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 6 7 *10 11 14 15)
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 *5 6 7 10 11 14 15)
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 6 7 10 *11 14 15)
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 *5 6 7 10 11 14 15)
ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 6 7 10 *11 14 15)
ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 6 7 *10 11 14 15)
ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 6 7 10 *11 14 15)
ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 6 7 10 11 14 15) *0, disabled.
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI init
pnp: PnP ACPI: found 15 devices
usbcore: registered new driver usbfs
usbcore: registered new driver hub
PCI: Using ACPI for IRQ routing
PCI: If a device doesn't work, try "pci=routeirq". If it helps, post a report
pnp: 00:0b: ioport range 0x400-0x41f has been reserved
pnp: 00:0b: ioport range 0x420-0x43f has been reserved
pnp: 00:0b: ioport range 0x440-0x45f has been reserved
pnp: 00:0b: ioport range 0x460-0x47f could not be reserved
pnp: 00:0b: ioport range 0x480-0x48f has been reserved
pnp: 00:0b: ioport range 0xf800-0xf81f could not be reserved
pnp: 00:0b: ioport range 0xf820-0xf83f could not be reserved
pnp: 00:0b: ioport range 0xf840-0xf85f has been reserved
pnp: 00:0c: ioport range 0x4d0-0x4d1 has been reserved
apm: BIOS not found.
audit: initializing netlink socket (disabled)
audit(1145875179.134:1): initialized
highmem bounce pool size: 64 pages
Total HugeTLB memory allocated, 0
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
SELinux: Registering netfilter hooks
Initializing Cryptographic API
ksign: Installing public key data
Loading keyring
- Added public key 42BD35A990375F72
- User ID: Red Hat, Inc. (Kernel Module GPG key)
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
PCI: Setting latency timer of device 0000:00:1c.0 to 64
pcie_portdrv_probe->Dev[2660:8086] has invalid IRQ. Check vendor BIOS
assign_interrupt_mode Found MSI capability
Allocate Port Service[pcie00]
Allocate Port Service[pcie02]
Allocate Port Service[pcie03]
ACPI: PCI Interrupt 0000:00:1c.1[B] -> GSI 17 (level, low) -> IRQ 185
PCI: Setting latency timer of device 0000:00:1c.1 to 64
assign_interrupt_mode Found MSI capability
Allocate Port Service[pcie00]
Allocate Port Service[pcie02]
Allocate Port Service[pcie03]
ACPI: Processor [CPU0] (supports 8 throttling states)
ACPI: Processor [CPU1] (supports 8 throttling states)
isapnp: Scanning for PnP cards...
isapnp: No Plug & Play device found
Real Time Clock Driver v1.12
Linux agpgart interface v0.101 (c) Dave Jones
agpgart: Detected an Intel 915G Chipset.
agpgart: Detected 7932K stolen memory.
agpgart: AGP aperture is 256M @ 0xe0000000
PNP: PS/2 Controller [PNP0303:KBD,PNP0f0e:PS2M] at 0x60,0x64 irq 1,12
serio: i8042 AUX port at 0x60,0x64 irq 12
serio: i8042 KBD port at 0x60,0x64 irq 1
Serial: 8250/16550 driver $Revision: 1.90 $ 76 ports, IRQ sharing enabled
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered
RAMDISK driver initialized: 16 RAM disks of 16384K size 1024 blocksize
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
ICH6: IDE controller at PCI slot 0000:00:1f.1
ACPI: PCI Interrupt 0000:00:1f.1[A] -> GSI 17 (level, low) -> IRQ 185
ICH6: chipset revision 3
ICH6: not 100% native mode: will probe irqs later
ide0: BM-DMA at 0x34e0-0x34e7, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0x34e8-0x34ef, BIOS settings: hdc:pio, hdd:pio
Probing IDE interface ide0...
hda: HL-DT-ST CD-ROM GCR-8523B, ATAPI CD/DVD-ROM drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Probing IDE interface ide1...
Probing IDE interface ide1...
hda: ATAPI 52X CD-ROM drive, 128kB Cache, DMA
Uniform CD-ROM driver Revision: 3.20
ide-floppy driver 0.99.newide
usbcore: registered new driver hiddev
usbcore: registered new driver usbhid
drivers/usb/input/hid-core.c: v2.01:USB HID core driver
mice: PS/2 mouse device common for all mice
md: md driver 0.90.1 MAX_MD_DEVS=256, MD_SB_DISKS=27
NET: Registered protocol family 2
IP: routing cache hash table of 4096 buckets, 64Kbytes
TCP established hash table entries: 131072 (order: 9, 2097152 bytes)
TCP bind hash table entries: 65536 (order: 7, 786432 bytes)
TCP: Hash tables configured (established 131072 bind 65536)
Initializing IPsec netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 17
ACPI wakeup devices:
PCI0 PEG1 PCX1 PCX2 PCX4 HUB COM1 USB1 USB2 USB3 USB4 EUSB PBTN
ACPI: (supports S0 S1 S3 S4 S5)
CPU0 attaching sched-domain:
domain 0: span 00000003
groups: 00000001 00000002
domain 1: span 00000003
groups: 00000003
CPU1 attaching sched-domain:
domain 0: span 00000003
groups: 00000002 00000001
domain 1: span 00000003
groups: 00000003
Freeing unused kernel memory: 232k freed
SCSI subsystem initialized
libata version 1.10 loaded.
ata_piix version 1.03
ACPI: PCI Interrupt 0000:00:1f.2[B] -> GSI 19 (level, low) -> IRQ 201
PCI: Setting latency timer of device 0000:00:1f.2 to 64
ata1: SATA max UDMA/133 cmd 0x3818 ctl 0x3832 bmdma 0x34F0 irq 201
ata2: SATA max UDMA/133 cmd 0x3820 ctl 0x3836 bmdma 0x34F8 irq 201
ata1: dev 0 cfg 49:2f00 82:7069 83:7c01 84:4023 85:7069 86:3c01 87:4023 88:203f
ata1: dev 0 ATA, max UDMA/100, 156301488 sectors: lba48
ata1: dev 0 configured for UDMA/100
scsi0 : ata_piix
ATA: abnormal status 0x7F on port 0x3827
ata2: disabling port
scsi1 : ata_piix
Vendor: ATA Model: WDC WD800JD-60LU Rev: 07.0
Type: Direct-Access ANSI SCSI revision: 05
SCSI device sda: 156301488 512-byte hdwr sectors (80026 MB)
SCSI device sda: drive cache: write back
SCSI device sda: 156301488 512-byte hdwr sectors (80026 MB)
SCSI device sda: drive cache: write back
sda: sda1 sda2
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
kjournald starting. Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
security: 3 users, 6 roles, 764 types, 87 bools
security: 55 classes, 180131 rules
SELinux: Completing initialization.
SELinux: Setting up existing superblocks.
SELinux: initialized (dev sda1, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), not configured for labeling
SELinux: initialized (dev hugetlbfs, type hugetlbfs), not configured
for labeling
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev eventpollfs, type eventpollfs), uses genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev cpuset, type cpuset), not configured for labeling
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
tg3.c:v3.29 (May 23, 2005)
ACPI: PCI Interrupt 0000:40:00.0[A] -> GSI 17 (level, low) -> IRQ 185
PCI: Setting latency timer of device 0000:40:00.0 to 64
eth0: Tigon3 [partno(BCM95751) rev 4001 PHY(5750)]
(PCIX:100MHz:32-bit) 10/100/1000BaseT Ethernet 00:0f:fe:25:5a:0a
eth0: RXcsums[1] LinkChgREG[0] MIirq[0] ASF[0] Split[0] WireSpeed[1] TSOcap[1]
eth0: dma_rwctrl[76180000]
snd_intel8x0: Unknown parameter `'
ACPI: PCI Interrupt 0000:00:1e.2[A] -> GSI 21 (level, low) -> IRQ 209
PCI: Setting latency timer of device 0000:00:1e.2 to 64
intel8x0_measure_ac97_clock: measured 50021 usecs
intel8x0: clocking to 48000
hw_random hardware driver 1.0.0 loaded
shpchp: acpi_shpchprm:\_SB_.PCI0 evaluate _BBN fail=0x5
shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x5
shpchp: acpi_shpchprm:\_SB_.PCI0 evaluate _BBN fail=0x5
shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x5
Zapata Telephony Interface Registered on major 196
Zaptel Version: 1.2.4 Echo Canceller: KB1
ACPI: PCI Interrupt 0000:05:04.0[A] -> GSI 16 (level, low) -> IRQ 217
wcfxo: DAA mode is 'FCC'
Found a Wildcard FXO: Wildcard X100P
ACPI: PCI Interrupt 0000:00: 1d.7[A] -> GSI 20 (level, low) -> IRQ 225
PCI: Setting latency timer of device 0000:00:1d.7 to 64
ehci_hcd 0000:00:1d.7: EHCI Host Controller
ehci_hcd 0000:00:1d.7: debug port 1
ehci_hcd 0000:00:1d.7: new USB bus registered, assigned bus number 1
ehci_hcd 0000:00:1d.7: irq 225, io mem 0xcfdc0000
PCI: cache line size of 128 is not supported by device 0000:00:1d.7
ehci_hcd 0000:00:1d.7: USB 2.0 initialized, EHCI 1.00, driver 10 Dec 2004
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 8 ports detected
USB Universal Host Controller Interface driver v2.2
SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
ACPI: PCI Interrupt 0000:00:1d.0[A] -> GSI 20 (level, low) -> IRQ 225
PCI: Setting latency timer of device 0000:00:1d.0 to 64
uhci_hcd 0000:00:1d.0: UHCI Host Controller
uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 2
uhci_hcd 0000:00:1d.0: irq 225, io base 0x00003440
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 2 ports detected
ACPI: PCI Interrupt 0000:00:1d.1[B] -> GSI 18 (level, low) -> IRQ 233
PCI: Setting latency timer of device 0000:00:1d.1 to 64
uhci_hcd 0000:00: 1d.1: UHCI Host Controller
uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 3
uhci_hcd 0000:00:1d.1: irq 233, io base 0x00003460
hub 3-0:1.0: USB hub found
hub 3-0:1.0: 2 ports detected
ACPI: PCI Interrupt 0000:00: 1d.2[C] -> GSI 21 (level, low) -> IRQ 209
PCI: Setting latency timer of device 0000:00:1d.2 to 64
uhci_hcd 0000:00:1d.2: UHCI Host Controller
uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 4
uhci_hcd 0000:00:1d.2: irq 209, io base 0x00003480
hub 4-0:1.0: USB hub found
hub 4-0:1.0: 2 ports detected
ACPI: PCI Interrupt 0000:00:1d.3[D] -> GSI 22 (level, low) -> IRQ 50
PCI: Setting latency timer of device 0000:00: 1d.3 to 64
uhci_hcd 0000:00:1d.3: UHCI Host Controller
uhci_hcd 0000:00:1d.3: new USB bus registered, assigned bus number 5
uhci_hcd 0000:00:1d.3: irq 50, io base 0x000034a0
hub 5-0:1.0: USB hub found
hub 5-0: 1.0: 2 ports detected
ACPI: Power Button (FF) [PWRF]
ibm_acpi: ec object not found
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
device-mapper: 4.4.0-ioctl (2005-01-12) initialised: dm-devel@redhat.com
EXT3 FS on sda1, internal journal
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
Adding 6466152k swap on /dev/sda2. Priority:-1 extents:1
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts
tg3: eth0: Link is up at 1000 Mbps, full duplex.
tg3: eth0: Flow control is on for TX and on for RX.
SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts
i2c /dev entries driver
SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
NET: Registered protocol family 10
Disabled Privacy Extensions on device c037d640(lo)
IPv6 over IPv4 tunneling driver
eth0: no IPv6 routers present
Freed a Wildcard
Zapata Telephony Interface Unloaded
Zapata Telephony Interface Registered on major 196
Zaptel Version: 1.2.4 Echo Canceller: KB1
ACPI: PCI Interrupt 0000:05:04.0[A] -> GSI 16 (level, low) -> IRQ 217
wcfxo: DAA mode is 'FCC'
Found a Wildcard FXO: Wildcard X100P
Registered tone zone 0 (United States / North America)
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
device eth0 entered promiscuous mode
device eth0 left promiscuous mode
^ permalink raw reply
* Re: Netpoll checksum issue
From: Aubrey @ 2006-04-24 8:04 UTC (permalink / raw)
To: Herbert Xu; +Cc: Stephen Hemminger, netdev
In-Reply-To: <6d6a94c50604240046gcdcefev1c9c390c83ee5f7@mail.gmail.com>
Hi Herbert,
The following change works properly on my side, it just do the same
thing as the driver not in netpoll mode. Let me know it's acceptable,
please.
Thanks,
-Aubrey
======================================================
int __netpoll_rx(struct sk_buff *skb)
{
----snip----
if (ip_fast_csum((u8 *)iph, iph->ihl) != 0)
goto out;
+++ skb->ip_summed = CHECKSUM_UNNECESSARY;
len = ntohs(iph->tot_len);
if (skb->len < len || len < iph->ihl*4)
goto out;
----snip----
}
^ permalink raw reply
* Re: ipsec tunnel asymmetrical mtu
From: Marco Berizzi @ 2006-04-24 9:23 UTC (permalink / raw)
To: herbert; +Cc: netdev
In-Reply-To: <E1FXVdb-0003Tt-00@gondolin.me.apana.org.au>
Herbert Xu wrote:
>Marco Berizzi <pupilla@hotmail.com> wrote:
> >
> > Is there any news about this issue?
>
>Sorry for the delay, I've been travelling.
Ciao Herbert. Nice hearing you again.
>The fact that tcpdump with "host 172.16.0.138" does not fix it tells
>us that this is related to the NAT that you're doing to the 172.16
>side of the network.
>
>Looking at your packet dump your setup is definitely suboptimal in
>that correct MTU information is not being provided to either side
>of the connection.
>
>The result is that the 10.16 end is sending fragments which have to
>be reassembled at mimosa before immediately getting refragmented on
>its way to pleiadi.
>
>So if it was my network this would be the first issue I'd try to
>address, possibly through MSS clamping.
What should I do? Mangling MSS with iptables --set-mss ?
Altering MSS to 1440 did the trick. See:
http://marc.theaimsgroup.com/?l=linux-netdev&m=114373067423528&w=2
>However, the fact that the tcpdump causes more chunky packets to
>make it through could be an indication that there is a bug somewhere
>in our NAT/IPsec code or at least a suboptimal memory allocation
>strategy that's somehow avoided when AF_PACKET pins the skb down.
>
>So I would like your help in tracking that down before you fix your
>network properly.
Sure!
>For a start could you please send me the complete kern.log messages
>on mimosa from boot time to the point after a slow connection has
>occured.
Here is. However syslog doesn't log anything relevant when a
connection is 'freezed'.
root@Mimosa:/var/log# cat kernel
Apr 24 09:28:23 Mimosa kernel: klogd 1.4.1, log source = /proc/kmsg started.
Apr 24 09:28:23 Mimosa kernel: Linux version 2.6.16.9 (root@Mimosa) (gcc
version 3.3.5) #1 Wed Apr 19 17:19:19 CEST 2006
Apr 24 09:28:23 Mimosa kernel: BIOS-provided physical RAM map:
Apr 24 09:28:23 Mimosa kernel: BIOS-e820: 0000000000000000 -
000000000009f800 (usable)
Apr 24 09:28:23 Mimosa kernel: BIOS-e820: 000000000009f800 -
00000000000a0000 (reserved)
Apr 24 09:28:23 Mimosa kernel: BIOS-e820: 00000000000dc000 -
00000000000e0000 (reserved)
Apr 24 09:28:23 Mimosa kernel: BIOS-e820: 00000000000f0000 -
0000000000100000 (reserved)
Apr 24 09:28:23 Mimosa kernel: BIOS-e820: 0000000000100000 -
000000000a000000 (usable)
Apr 24 09:28:23 Mimosa kernel: BIOS-e820: 00000000ffff0000 -
0000000100000000 (reserved)
Apr 24 09:28:23 Mimosa kernel: 160MB LOWMEM available.
Apr 24 09:28:23 Mimosa kernel: On node 0 totalpages: 40960
Apr 24 09:28:23 Mimosa kernel: DMA zone: 4096 pages, LIFO batch:0
Apr 24 09:28:23 Mimosa kernel: DMA32 zone: 0 pages, LIFO batch:0
Apr 24 09:28:23 Mimosa kernel: Normal zone: 36864 pages, LIFO batch:7
Apr 24 09:28:23 Mimosa kernel: HighMem zone: 0 pages, LIFO batch:0
Apr 24 09:28:23 Mimosa kernel: DMI 2.1 present.
Apr 24 09:28:23 Mimosa kernel: Allocating PCI resources starting at 10000000
(gap: 0a000000:f5ff0000)
Apr 24 09:28:23 Mimosa kernel: Built 1 zonelists
Apr 24 09:28:23 Mimosa kernel: Kernel command line: auto BOOT_IMAGE=Linux ro
root=301
Apr 24 09:28:23 Mimosa kernel: Local APIC disabled by BIOS -- you can enable
it with "lapic"
Apr 24 09:28:23 Mimosa kernel: mapped APIC to ffffd000 (01141000)
Apr 24 09:28:23 Mimosa kernel: Enabling fast FPU save and restore... done.
Apr 24 09:28:23 Mimosa kernel: Initializing CPU#0
Apr 24 09:28:23 Mimosa kernel: PID hash table entries: 1024 (order: 10,
16384 bytes)
Apr 24 09:28:23 Mimosa kernel: Detected 267.322 MHz processor.
Apr 24 09:28:23 Mimosa kernel: Using tsc for high-res timesource
Apr 24 09:28:23 Mimosa kernel: Console: colour VGA+ 80x25
Apr 24 09:28:23 Mimosa kernel: Dentry cache hash table entries: 32768
(order: 5, 131072 bytes)
Apr 24 09:28:23 Mimosa kernel: Inode-cache hash table entries: 16384 (order:
4, 65536 bytes)
Apr 24 09:28:23 Mimosa kernel: Memory: 159220k/163840k available (1886k
kernel code, 4204k reserved, 481k data, 144k init, 0k highmem)
Apr 24 09:28:23 Mimosa kernel: Checking if this processor honours the WP bit
even in supervisor mode... Ok.
Apr 24 09:28:23 Mimosa kernel: Calibrating delay using timer specific
routine.. 535.84 BogoMIPS (lpj=1071691)
Apr 24 09:28:23 Mimosa kernel: Mount-cache hash table entries: 512
Apr 24 09:28:23 Mimosa kernel: CPU: After generic identify, caps: 0183f9ff
00000000 00000000 00000000 00000000 00000000 00000000
Apr 24 09:28:23 Mimosa kernel: CPU: After vendor identify, caps: 0183f9ff
00000000 00000000 00000000 00000000 00000000 00000000
Apr 24 09:28:23 Mimosa kernel: CPU: L1 I cache: 16K, L1 D cache: 16K
Apr 24 09:28:23 Mimosa kernel: CPU: After all inits, caps: 0183f9ff 00000000
00000000 00000040 00000000 00000000 00000000
Apr 24 09:28:23 Mimosa kernel: CPU: Intel Celeron (Covington) stepping 00
Apr 24 09:28:23 Mimosa kernel: Checking 'hlt' instruction... OK.
Apr 24 09:28:23 Mimosa kernel: NET: Registered protocol family 16
Apr 24 09:28:23 Mimosa kernel: PCI: PCI BIOS revision 2.10 entry at 0xfda61,
last bus=1
Apr 24 09:28:23 Mimosa kernel: PCI: Using configuration type 1
Apr 24 09:28:23 Mimosa kernel: PCI: Probing PCI hardware
Apr 24 09:28:23 Mimosa kernel: PCI: Probing PCI hardware (bus 00)
Apr 24 09:28:23 Mimosa kernel: PCI quirk: region 6100-613f claimed by PIIX4
ACPI
Apr 24 09:28:23 Mimosa kernel: PCI quirk: region 5f00-5f0f claimed by PIIX4
SMB
Apr 24 09:28:23 Mimosa kernel: Boot video device is 0000:01:00.0
Apr 24 09:28:23 Mimosa kernel: PCI: Using IRQ router PIIX/ICH [8086/7110] at
0000:00:07.0
Apr 24 09:28:23 Mimosa kernel: PCI: Bridge: 0000:00:01.0
Apr 24 09:28:23 Mimosa kernel: IO window: b000-bfff
Apr 24 09:28:23 Mimosa kernel: MEM window: efe00000-efefffff
Apr 24 09:28:23 Mimosa kernel: PREFETCH window: e5c00000-e7cfffff
Apr 24 09:28:23 Mimosa kernel: SGI XFS with no debug enabled
Apr 24 09:28:23 Mimosa kernel: Initializing Cryptographic API
Apr 24 09:28:23 Mimosa kernel: io scheduler noop registered
Apr 24 09:28:23 Mimosa kernel: io scheduler deadline registered (default)
Apr 24 09:28:23 Mimosa kernel: Limiting direct PCI/PCI transfers.
Apr 24 09:28:23 Mimosa kernel: serio: i8042 AUX port at 0x60,0x64 irq 12
Apr 24 09:28:23 Mimosa kernel: serio: i8042 KBD port at 0x60,0x64 irq 1
Apr 24 09:28:23 Mimosa kernel: Uniform Multi-Platform E-IDE driver Revision:
7.00alpha2
Apr 24 09:28:23 Mimosa kernel: ide: Assuming 33MHz system bus speed for PIO
modes; override with idebus=xx
Apr 24 09:28:23 Mimosa kernel: PIIX4: IDE controller at PCI slot
0000:00:07.1
Apr 24 09:28:23 Mimosa kernel: PIIX4: chipset revision 1
Apr 24 09:28:23 Mimosa kernel: PIIX4: not 100%% native mode: will probe irqs
later
Apr 24 09:28:23 Mimosa kernel: ide0: BM-DMA at 0xffa0-0xffa7, BIOS
settings: hda:DMA, hdb:pio
Apr 24 09:28:23 Mimosa kernel: ide1: BM-DMA at 0xffa8-0xffaf, BIOS
settings: hdc:DMA, hdd:pio
Apr 24 09:28:23 Mimosa kernel: Probing IDE interface ide0...
Apr 24 09:28:23 Mimosa kernel: hda: QUANTUM FIREBALL EX3.2A, ATA DISK drive
Apr 24 09:28:23 Mimosa kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Apr 24 09:28:23 Mimosa kernel: Probing IDE interface ide1...
Apr 24 09:28:23 Mimosa kernel: hdc: CRD-8160B, ATAPI CD/DVD-ROM drive
Apr 24 09:28:23 Mimosa kernel: ide1 at 0x170-0x177,0x376 on irq 15
Apr 24 09:28:23 Mimosa kernel: hda: max request size: 128KiB
Apr 24 09:28:23 Mimosa kernel: hda: 6306048 sectors (3228 MB) w/418KiB
Cache, CHS=6256/16/63, UDMA(33)
Apr 24 09:28:23 Mimosa kernel: hda: cache flushes not supported
Apr 24 09:28:23 Mimosa kernel: hda: hda1 hda2 < hda5 hda6 hda7 hda8 hda9 >
Apr 24 09:28:23 Mimosa kernel: mice: PS/2 mouse device common for all mice
Apr 24 09:28:23 Mimosa kernel: NET: Registered protocol family 2
Apr 24 09:28:23 Mimosa kernel: input: AT Translated Set 2 keyboard as
/class/input/input0
Apr 24 09:28:23 Mimosa kernel: IP route cache hash table entries: 2048
(order: 1, 8192 bytes)
Apr 24 09:28:23 Mimosa kernel: TCP established hash table entries: 8192
(order: 3, 32768 bytes)
Apr 24 09:28:23 Mimosa kernel: TCP bind hash table entries: 8192 (order: 3,
32768 bytes)
Apr 24 09:28:23 Mimosa kernel: TCP: Hash tables configured (established 8192
bind 8192)
Apr 24 09:28:23 Mimosa kernel: TCP reno registered
Apr 24 09:28:23 Mimosa kernel: ip_conntrack version 2.4 (1280 buckets, 10240
max) - 232 bytes per conntrack
Apr 24 09:28:23 Mimosa kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Apr 24 09:28:23 Mimosa kernel: TCP bic registered
Apr 24 09:28:23 Mimosa kernel: Initializing IPsec netlink socket
Apr 24 09:28:23 Mimosa kernel: NET: Registered protocol family 1
Apr 24 09:28:23 Mimosa kernel: NET: Registered protocol family 17
Apr 24 09:28:23 Mimosa kernel: NET: Registered protocol family 15
Apr 24 09:28:23 Mimosa kernel: Using IPI Shortcut mode
Apr 24 09:28:23 Mimosa kernel: XFS mounting filesystem hda1
Apr 24 09:28:23 Mimosa kernel: Ending clean XFS mount for filesystem: hda1
Apr 24 09:28:23 Mimosa kernel: VFS: Mounted root (xfs filesystem) readonly.
Apr 24 09:28:23 Mimosa kernel: Freeing unused kernel memory: 144k freed
Apr 24 09:28:23 Mimosa kernel: Adding 330584k swap on /dev/hda9.
Priority:-1 extents:1 across:330584k
Apr 24 09:28:23 Mimosa kernel: PCI: Found IRQ 10 for device 0000:00:09.0
Apr 24 09:28:23 Mimosa kernel: 3c59x: Donald Becker and others.
www.scyld.com/network/vortex.html
Apr 24 09:28:23 Mimosa kernel: 0000:00:09.0: 3Com PCI 3c905 Boomerang
100baseTx at 0001dc00. Vers LK1.1.19
Apr 24 09:28:23 Mimosa kernel: PCI: Found IRQ 11 for device 0000:00:0a.0
Apr 24 09:28:23 Mimosa kernel: 0000:00:0a.0: 3Com PCI 3c905 Boomerang
100baseTx at 0001da00. Vers LK1.1.19
Apr 24 09:28:23 Mimosa kernel: PCI: Found IRQ 9 for device 0000:00:0b.0
Apr 24 09:28:23 Mimosa kernel: PCI: Sharing IRQ 9 with 0000:00:07.2
Apr 24 09:28:23 Mimosa kernel: 0000:00:0b.0: 3Com PCI 3c905 Boomerang
100baseTx at 0001d800. Vers LK1.1.19
Apr 24 09:28:23 Mimosa kernel: ip_conntrack_pptp version 3.1 loaded
Apr 24 09:28:23 Mimosa kernel: ip_nat_pptp version 3.0 loaded
Apr 24 09:28:23 Mimosa kernel: XFS mounting filesystem hda5
Apr 24 09:28:23 Mimosa kernel: Ending clean XFS mount for filesystem: hda5
Apr 24 09:28:23 Mimosa kernel: XFS mounting filesystem hda6
Apr 24 09:28:23 Mimosa kernel: Ending clean XFS mount for filesystem: hda6
Apr 24 09:28:23 Mimosa kernel: XFS mounting filesystem hda7
Apr 24 09:28:23 Mimosa kernel: Ending clean XFS mount for filesystem: hda7
Apr 24 09:28:23 Mimosa kernel: XFS mounting filesystem hda8
Apr 24 09:28:23 Mimosa kernel: Ending clean XFS mount for filesystem: hda8
Apr 24 09:28:23 Mimosa kernel: PCI: Found IRQ 10 for device 0000:00:09.0
Apr 24 09:28:23 Mimosa kernel: PCI: Found IRQ 11 for device 0000:00:0a.0
Apr 24 09:28:23 Mimosa kernel: PCI: Found IRQ 9 for device 0000:00:0b.0
Apr 24 09:28:23 Mimosa kernel: PCI: Sharing IRQ 9 with 0000:00:07.2
> I'd also like to see /proc/net/snmp at that point.
Here is /proc/net/snmp few minutes after a reboot:
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams
InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes
ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 1 64 2493 0 31 746 0 0 1198 1586 2 0 1 27 13 1 14 0 0
Icmp: InMsgs InErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs
InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks
InAddrMaskReps OutMsgs OutErrors OutDestUnreachs OutTimeExcds OutParmProbs
OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps
OutTimestampReps OutAddrMasks OutAddrMaskReps
Icmp: 1 0 0 0 0 0 0 1 0 0 0 0 0 719 0 718 0 0 0 0 0 1 0 0 0 0
Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens
AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts
Tcp: 1 200 120000 -1 45 47 0 0 91 426 358 0 0 0
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 100 5 0 101
here is snmp when the connection is freezed:
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams
InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes
ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 1 64 75417 0 31 45889 0 0 36721 53933 2 0 2 182 90 2 84 0 112
Icmp: InMsgs InErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs
InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks
InAddrMaskReps OutMsgs OutErrors OutDestUnreachs OutTimeExcds OutParmProbs
OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps
OutTimestampReps OutAddrMasks OutAddrMaskReps
Icmp: 7 0 6 0 0 0 0 1 0 0 0 0 0 3049 0 3048 0 0 0 0 0 1 0 0 0 0
Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens
AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts
Tcp: 1 200 120000 -1 81 82 0 18 91 3785 3648 0 0 45
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 197 5 0 187
and here is snmp when the sapgui client has told me that the
connections has been reset:
root@Mimosa:/var/log# cat SNMP-CONN-RESET
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams
InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes
ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip: 1 64 79257 0 31 48139 0 0 38799 56650 2 0 2 182 90 2 90 0 124
Icmp: InMsgs InErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs
InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks
InAddrMaskReps OutMsgs OutErrors OutDestUnreachs OutTimeExcds OutParmProbs
OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps
OutTimestampReps OutAddrMasks OutAddrMaskReps
Icmp: 7 0 6 0 0 0 0 1 0 0 0 0 0 3073 0 3072 0 0 0 0 0 1 0 0 0 0
Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens
AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts
Tcp: 1 200 120000 -1 81 82 0 18 91 4114 3845 1 0 45
Udp: InDatagrams NoPorts InErrors OutDatagrams
Udp: 197 5 0 187
Some other info you may need:
root@Mimosa:/var/log# ip x s
src mimosa dst checkpoint
proto esp spi 0x58216bd1 reqid 16417 mode tunnel
replay-window 32
auth md5 0x22137787b56689beb2319f7abc657975
enc des3_ede 0x4b593c1b5bc4e4b4c02d79967d982a5912ac9812de1903a6
src mimosa dst checkpoint
proto esp spi 0x978f4fc9 reqid 16417 mode tunnel
replay-window 32
auth md5 0x643172106050837ce9d3eeaf9e0ff622
enc des3_ede 0x84919cf37ec2fbd737abe55d12e1a92ed10ff3a261ef6924
src checkpoint dst mimosa
proto esp spi 0x1cd874d8 reqid 16417 mode tunnel
replay-window 32
auth md5 0x7ee288d719287808b92ee2c5e4e01bbe
enc des3_ede 0x525d1b6ed65aad5f7d2052fd66548f713327ce28c94ed0fd
src pleiadi dst mimosa
proto esp spi 0xdca32a9c reqid 16433 mode transport
replay-window 32
auth sha1 0x41ffc9e8fae8811b6695629fc637315ebb076371
enc aes 0xf27ca4f79274e15d0030e0b5940bb802
src pleiadi dst mimosa
proto comp spi 0x00002718 reqid 16434 mode tunnel
replay-window 0
comp deflate 0x
src pleiadi dst mimosa
proto esp spi 0x37f93e11 reqid 16437 mode transport
replay-window 32
auth sha1 0x6458e50d01a63f6bfdfe0a1741a492bc050fca5a
enc aes 0x853b5f4a30611d0a9c653bf716cd6f0f
src pleiadi dst mimosa
proto comp spi 0x0000ae6a reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src pleiadi dst mimosa
proto esp spi 0x5c02ac38 reqid 16437 mode transport
replay-window 32
auth sha1 0xe75763df2eb2d261eca6adc1f373dabf06c5171c
enc aes 0xc41bc0b482cc6bda335ae15ee2636743
src pleiadi dst mimosa
proto comp spi 0x00003e90 reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src pleiadi dst mimosa
proto esp spi 0x415ecc00 reqid 16437 mode transport
replay-window 32
auth sha1 0x48b5320e71a3e162599e8c6d68716e9f4bf2feee
enc aes 0x76983f2e9106f3ee21975d09a19a6497
src pleiadi dst mimosa
proto comp spi 0x00004a2d reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src pleiadi dst mimosa
proto esp spi 0x563a307a reqid 16437 mode transport
replay-window 32
auth sha1 0x0f2705729a774b0d7054082c3bb6f3d5bb3a4f5d
enc aes 0xf3e7c29bb77b4c2957d404ba05622e59
src pleiadi dst mimosa
proto comp spi 0x00009a7d reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src pleiadi dst mimosa
proto esp spi 0xab5313af reqid 16437 mode transport
replay-window 32
auth sha1 0x109e790581a3650db4cad4c4dbeda2af69a0b745
enc aes 0xe470ce8d38b2434e8025befe6738d217
src pleiadi dst mimosa
proto comp spi 0x000035e1 reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src pleiadi dst mimosa
proto esp spi 0x4c29eff3 reqid 16437 mode transport
replay-window 32
auth sha1 0x7ac7f98d075a123dce9e81e112cd55128c525bbe
enc aes 0xe55d41e08ce307fcb0addb3e430b58af
src pleiadi dst mimosa
proto comp spi 0x00008e46 reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src pleiadi dst mimosa
proto esp spi 0x0462260a reqid 16437 mode transport
replay-window 32
auth sha1 0xe0c3d0334b880f823a9a4769dbf411139a82ebbb
enc aes 0x89e8e48aaa7cb8027cc9e3122c39c7dc
src pleiadi dst mimosa
proto comp spi 0x0000bf03 reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src pleiadi dst mimosa
proto (null) spi 0x50ccebfe reqid 0 mode tunnel
replay-window 0
src checkpoint dst mimosa
proto esp spi 0xe0c22b0c reqid 16417 mode tunnel
replay-window 32
auth md5 0xa90478ede92c8d1988552972feeabeb3
enc des3_ede 0xc5befbfd6004568008b711f83d8fcd90fb0123737ba00acf
src mimosa dst pleiadi
proto esp spi 0x5e795c12 reqid 16433 mode transport
replay-window 32
auth sha1 0x11ddb67e9dfb1187330c64ffaf37da254a98c9f2
enc aes 0xe6fd0aea6b7855816c94338399491ccf
src mimosa dst pleiadi
proto comp spi 0x0000e91c reqid 16434 mode tunnel
replay-window 0
comp deflate 0x
src mimosa dst pleiadi
proto esp spi 0xe18dbbbf reqid 16437 mode transport
replay-window 32
auth sha1 0x2c52b29a38b1b79ef45690b8755cd2e483c6923f
enc aes 0x660be4e4e8484417f0c051508c6909d7
src mimosa dst pleiadi
proto comp spi 0x00007821 reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src mimosa dst pleiadi
proto esp spi 0x18995573 reqid 16437 mode transport
replay-window 32
auth sha1 0xb9d144c522cb1b180dba2cb2d2a95420d1d791a3
enc aes 0x2833ac713fad3186810b2c4f78ef1787
src mimosa dst pleiadi
proto comp spi 0x000020b9 reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src mimosa dst pleiadi
proto esp spi 0xb8f7f1e4 reqid 16437 mode transport
replay-window 32
auth sha1 0x4b4cab49bcbbf799cf88879e010c17621a759d9b
enc aes 0xaf313a96f5748181b6672d81a1004321
src mimosa dst pleiadi
proto comp spi 0x00002555 reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src mimosa dst pleiadi
proto esp spi 0xbc4b5fc7 reqid 16437 mode transport
replay-window 32
auth sha1 0xa5b72352881350114a6f1acb322e669691c82fb3
enc aes 0x2ee23e00685b09b66b0df72eb25a3518
src mimosa dst pleiadi
proto comp spi 0x00006f4a reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src mimosa dst pleiadi
proto esp spi 0xe33f92b4 reqid 16437 mode transport
replay-window 32
auth sha1 0xcc61874dc2519009aad5df812db28572db2d987c
enc aes 0x9e4c947a89a4da0461af8124e1e9151c
src mimosa dst pleiadi
proto comp spi 0x0000593d reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src mimosa dst pleiadi
proto esp spi 0x03d8b176 reqid 16437 mode transport
replay-window 32
auth sha1 0x2c5a87b63b6e9526f3f38657b52cc0a0c381ccaa
enc aes 0xdaea0fb6c321f949b54e7341d87a6cf9
src mimosa dst pleiadi
proto comp spi 0x0000059f reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src mimosa dst pleiadi
proto esp spi 0x1d74794c reqid 16437 mode transport
replay-window 32
auth sha1 0x7958d5c52d984b969e4bc06e865bf3a12609e365
enc aes 0x864921b8a25a16da20543e630e91c84e
src mimosa dst pleiadi
proto comp spi 0x000092aa reqid 16438 mode tunnel
replay-window 0
comp deflate 0x
src mimosa dst pleiadi
proto (null) spi 0x5520231e reqid 0 mode tunnel
replay-window 0
root@Mimosa:/var/log# iptables -vxnL
Chain INPUT (policy DROP 2356 packets, 226776 bytes)
pkts bytes target prot opt in out source
destination
13680 2441479 ACCEPT all -- * * pleiadi 0.0.0.0/0
1735 91284 ACCEPT tcp -- * * 172.16.1.247
0.0.0.0/0 tcp dpt:23
553 41367 ACCEPT all -- * * 127.0.0.1
127.0.0.1
23984 10034025 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
2480 232720 green-me all -- eth2 * 172.18.1.0/24
0.0.0.0/0
0 0 dmz-me all -- eth1 * milano-dmz/27
0.0.0.0/0
9712 921094 red-me all -- eth0 * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 802 packets, 151528 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth0 * 151.25.90.31
172.18.1.0/24
0 0 ACCEPT all -- * eth0 172.18.1.0/24
151.25.90.31
0 0 ACCEPT udp -- * * milano-dmz.14
0.0.0.0/0 multiport dports 53,500,2746,18231,18232,18233,18234
0 0 ACCEPT tcp -- * * milano-dmz.14
0.0.0.0/0 multiport dports 264,500,1723
0 0 ACCEPT ah -- * * 0.0.0.0/0
milano-dmz.14
0 0 ACCEPT ah -- * * milano-dmz.14
0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0
milano-dmz.14
0 0 ACCEPT esp -- * * milano-dmz.14
0.0.0.0/0
0 0 ACCEPT 47 -- * * 0.0.0.0/0
milano-dmz.14
0 0 ACCEPT 47 -- * * milano-dmz.14
0.0.0.0/0
0 0 ACCEPT udp -- * * milano-dmz.13
0.0.0.0/0 multiport dports 53,500,2746,18231,18232,18233,18234
0 0 ACCEPT tcp -- * * milano-dmz.13
0.0.0.0/0 multiport dports 264,500,1723
0 0 ACCEPT ah -- * * 0.0.0.0/0
milano-dmz.13
0 0 ACCEPT ah -- * * milano-dmz.13
0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0
milano-dmz.13
0 0 ACCEPT esp -- * * milano-dmz.13
0.0.0.0/0
0 0 ACCEPT 47 -- * * 0.0.0.0/0
milano-dmz.13
0 0 ACCEPT 47 -- * * milano-dmz.13
0.0.0.0/0
0 0 ACCEPT udp -- * * milano-dmz.12
0.0.0.0/0 multiport dports 53,500,2746,18231,18232,18233,18234
0 0 ACCEPT tcp -- * * milano-dmz.12
0.0.0.0/0 multiport dports 264,500,1723
0 0 ACCEPT ah -- * * 0.0.0.0/0
milano-dmz.12
0 0 ACCEPT ah -- * * milano-dmz.12
0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0
milano-dmz.12
0 0 ACCEPT esp -- * * milano-dmz.12
0.0.0.0/0
0 0 ACCEPT 47 -- * * 0.0.0.0/0
milano-dmz.12
0 0 ACCEPT 47 -- * * milano-dmz.12
0.0.0.0/0
0 0 ACCEPT udp -- * * milano-dmz.11
0.0.0.0/0 multiport dports 53,500,2746,18231,18232,18233,18234
0 0 ACCEPT tcp -- * * milano-dmz.11
0.0.0.0/0 multiport dports 264,500,1723
0 0 ACCEPT ah -- * * 0.0.0.0/0
milano-dmz.11
0 0 ACCEPT ah -- * * milano-dmz.11
0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0
milano-dmz.11
0 0 ACCEPT esp -- * * milano-dmz.11
0.0.0.0/0
0 0 ACCEPT 47 -- * * 0.0.0.0/0
milano-dmz.11
0 0 ACCEPT 47 -- * * milano-dmz.11
0.0.0.0/0
0 0 ACCEPT udp -- * * milano-dmz.10
0.0.0.0/0 multiport dports 53,500,2746,18231,18232,18233,18234
0 0 ACCEPT tcp -- * * milano-dmz.10
0.0.0.0/0 multiport dports 264,500,1723
0 0 ACCEPT ah -- * * 0.0.0.0/0
milano-dmz.10
0 0 ACCEPT ah -- * * milano-dmz.10
0.0.0.0/0
0 0 ACCEPT esp -- * * 0.0.0.0/0
milano-dmz.10
0 0 ACCEPT esp -- * * milano-dmz.10
0.0.0.0/0
0 0 ACCEPT 47 -- * * 0.0.0.0/0
milano-dmz.10
0 0 ACCEPT 47 -- * * milano-dmz.10
0.0.0.0/0
0 0 ACCEPT all -- * * napoli-phone/27
10.0.0.0/8
2339 431385 ACCEPT all -- * * 172.16.0.0/12
10.0.0.0/8
0 0 ACCEPT tcp -- * * 172.18.1.0/24
83.103.72.197 multiport dports 20,21
0 0 ACCEPT tcp -- * * 172.18.1.0/24
193.221.113.0/24 multiport dports 554,1755
0 0 ACCEPT tcp -- * * 0.0.0.0/0
151.9.17.169 multiport dports 20,21
0 0 ACCEPT tcp -- * * 0.0.0.0/0
213.26.116.140 multiport dports 20,21
0 0 ACCEPT tcp -- * * 0.0.0.0/0
81.112.114.154 multiport dports 20,21
0 0 ACCEPT tcp -- * * 0.0.0.0/0
212.131.138.194 multiport dports 20,21
49571 27662418 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
244 35765 ACCEPT all -- * * 172.18.1.0/24
172.16.0.0/23
371 53064 ACCEPT all -- * * 172.16.0.0/23
172.18.1.0/24
0 0 ACCEPT all -- * * 172.18.1.0/24
192.168.0.0/24
0 0 ACCEPT all -- * * 192.168.0.0/24
172.18.1.0/24
214 17191 ACCEPT all -- * * 172.18.1.0/24
172.23.0.0/23
333 22798 ACCEPT all -- * * 172.23.0.0/23
172.18.1.0/24
36 3780 ACCEPT all -- * * 172.18.1.0/24
172.25.1.0/24
0 0 ACCEPT all -- * * 172.25.1.0/24
172.18.1.0/24
0 0 ACCEPT all -- * * 172.18.1.0/24
172.25.5.0/24
0 0 ACCEPT all -- * * 172.25.5.0/24
172.18.1.0/24
0 0 ACCEPT all -- * * 172.18.1.0/24
172.25.255.0/24
0 0 ACCEPT all -- * * 172.25.255.0/24
172.18.1.0/24
50 8179 ACCEPT all -- * * 172.18.1.0/24
172.17.1.0/24
46 5878 ACCEPT all -- * * 172.17.1.0/24
172.18.1.0/24
15 3855 ACCEPT all -- * * 172.18.1.0/24
172.22.1.0/24
0 0 ACCEPT all -- * * 172.22.1.0/24
172.18.1.0/24
18 4013 ACCEPT all -- * * 172.18.1.0/24
172.21.1.0/24
3 158 ACCEPT all -- * * 172.21.1.0/24
172.18.1.0/24
0 0 ACCEPT all -- * * 172.18.1.0/24
napoli-phone/27
30 5195 ACCEPT all -- * * napoli-phone/27
172.18.1.0/24
0 0 ACCEPT all -- * * 172.18.1.0/24
192.168.77.0/24
0 0 ACCEPT all -- * * 192.168.77.0/24
172.18.1.0/24
0 0 ACCEPT all -- * * 172.18.1.0/24
172.23.2.0/23
0 0 ACCEPT all -- * * 172.23.2.0/23
172.18.1.0/24
0 0 ACCEPT all -- * * 172.18.1.0/24
172.23.4.0/23
0 0 ACCEPT all -- * * 172.23.4.0/23
172.18.1.0/24
3319 273661 green-red all -- eth2 eth0 172.18.1.0/24
0.0.0.0/0
0 0 green-dmz all -- eth2 eth1 172.18.1.0/24
milano-dmz/27
15 995 dmz-red all -- eth1 eth0 milano-dmz/27
0.0.0.0/0
0 0 dmz-green all -- eth1 eth2 milano-dmz/27
172.18.1.0/24
482 136099 syn-flood-dmz all -- eth0 eth1 0.0.0.0/0
milano-dmz/27
541 26369 syn-flood-green all -- eth0 eth2 0.0.0.0/0
172.18.1.0/24
Chain OUTPUT (policy DROP 2 packets, 138 bytes)
pkts bytes target prot opt in out source
destination
553 41367 ACCEPT all -- * * 127.0.0.1
127.0.0.1
42536 27618087 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
43 2540 me-green all -- * eth2 0.0.0.0/0
172.18.1.0/24
5 372 me-dmz all -- * eth1 0.0.0.0/0
milano-dmz/27
169 14658 me-red all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain dmz-green (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * milano-dmz.28
172.18.1.13 multiport dports 20,21,25,389
0 0 ACCEPT tcp -- * * milano-dmz.28
172.18.1.208 tcp dpt:80
0 0 ACCEPT tcp -- * * milano-dmz.28
172.18.1.219 tcp dpt:80
0 0 ACCEPT tcp -- * * milano-dmz.28
172.18.1.211 tcp dpt:80
0 0 ACCEPT tcp -- * * milano-dmz.28
172.18.1.210 tcp dpt:2311
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
Chain dmz-me (1 references)
pkts bytes target prot opt in out source
destination
Chain dmz-red (1 references)
pkts bytes target prot opt in out source
destination
0 0 icmp-me icmp -- * * 0.0.0.0/0
0.0.0.0/0
1 60 ACCEPT tcp -- * * milano-dmz.28
0.0.0.0/0 multiport dports 20,21,80
5 220 ACCEPT all -- * * milano-dmz/27
venezia-dmz/27
0 0 ACCEPT all -- * * milano-dmz/27
firenze-dmz/28
0 0 ACCEPT all -- * * milano-dmz/27
roma-dmz/27
0 0 ACCEPT all -- * * milano-dmz/27
napoli-dmz/28
0 0 ACCEPT all -- * * milano-dmz/27
napoli-phone/27
0 0 ACCEPT all -- * * milano-dmz/27
bologna-dmz/27
0 0 ACCEPT all -- * * milano-dmz/27
piacenza-dmz/27
0 0 ACCEPT all -- * * milano-dmz/27
genova-dmz/27
0 0 ACCEPT all -- * * milano-dmz/27
sbt-dmz/28
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 25,53,123
9 715 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 53,123
Chain green-dmz (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 172.18.1.13
milano-dmz.28
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:23
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain green-me (1 references)
pkts bytes target prot opt in out source
destination
0 0 icmp-me icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT tcp -- * * 172.18.1.13
0.0.0.0/0 tcp dpt:23
0 0 ACCEPT icmp -- * * 172.18.1.30
0.0.0.0/0 icmp type 8
156 8880 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:7777
Chain green-red (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 172.18.1.233
0.0.0.0/0 tcp dpt:1863
0 0 ACCEPT tcp -- * * 172.18.1.232
0.0.0.0/0 tcp dpt:1863
0 0 ACCEPT tcp -- * * 172.18.1.230
0.0.0.0/0 tcp dpt:1863
0 0 ACCEPT tcp -- * * 172.18.1.204
0.0.0.0/0 tcp dpt:1863
0 0 ACCEPT tcp -- * * 172.18.1.190
0.0.0.0/0 multiport dports 25,110
0 0 ACCEPT tcp -- * * 172.18.1.194
0.0.0.0/0 multiport dports 25,110
0 0 ACCEPT all -- * * 172.18.1.0/24
172.16.0.0/12
0 0 ACCEPT all -- * * 172.18.1.0/24
venezia-dmz/27
0 0 ACCEPT tcp -- * * 172.18.1.0/24
0.0.0.0/0 multiport dports
23,922,1494,1503,1720,3200,3299,3300,3389,5040,5631,5632,5900,8999,10000
0 0 ACCEPT tcp -- * * 172.18.1.0/24
0.0.0.0/0 multiport dports 3201,6667,3390,22,1723
0 0 ACCEPT udp -- * * 172.18.1.0/24
0.0.0.0/0 multiport dports 500,1025,4500,5631,5632,10000
0 0 ACCEPT all -- * * 172.18.1.0/24
firenze-dmz.123
0 0 ACCEPT tcp -- * * 172.18.1.208
0.0.0.0/0 multiport dports 25
3319 273661 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-unreachable
Chain icmp-me (5 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
Chain me-dmz (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
5 372 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
Chain me-green (1 references)
pkts bytes target prot opt in out source
destination
0 0 icmp-me icmp -- * * 0.0.0.0/0
0.0.0.0/0
43 2540 ACCEPT tcp -- * * 0.0.0.0/0
172.18.1.13 tcp dpt:139
Chain me-red (1 references)
pkts bytes target prot opt in out source
destination
0 0 icmp-me icmp -- * * 0.0.0.0/0
0.0.0.0/0
39 5928 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
10 1512 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 500,4500
118 7080 ACCEPT tcp -- * * 0.0.0.0/0
!172.16.0.0/12 multiport dports 20,21,80,123,443,8000,81
0 0 ACCEPT udp -- * * 0.0.0.0/0
!172.16.0.0/12 multiport dports 123
Chain red-dmz (4 references)
pkts bytes target prot opt in out source
destination
0 0 DROP tcp -- * * 172.16.0.0/12
0.0.0.0/0 tcp dpt:23
0 0 ACCEPT all -- * * 172.16.0.0/12
0.0.0.0/0
4 200 ACCEPT all -- * * venezia-dmz/27
milano-dmz/27
0 0 ACCEPT all -- * * firenze-dmz/28
milano-dmz/27
0 0 ACCEPT all -- * * roma-dmz/27
milano-dmz/27
0 0 ACCEPT all -- * * napoli-dmz/28
milano-dmz/27
0 0 ACCEPT all -- * * napoli-phone/27
milano-dmz/27
0 0 ACCEPT all -- * * bologna-dmz/27
milano-dmz/27
0 0 ACCEPT all -- * * piacenza-dmz/27
milano-dmz/27
0 0 ACCEPT all -- * * genova-dmz/27
milano-dmz/27
0 0 ACCEPT all -- * * sbt-dmz/28
milano-dmz/27
2 128 ACCEPT tcp -- * * 0.0.0.0/0
milano-dmz.28 multiport dports 20,21,80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 53
1 64 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 53
Chain red-green (4 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 172.16.0.0/12
0.0.0.0/0
0 0 ACCEPT tcp -- * * venezia-dmz.240
172.18.1.13 multiport dports 135,139,1252,1262
19 912 ACCEPT tcp -- * * 0.0.0.0/0
172.18.1.13 multiport dports 110,143
0 0 ACCEPT tcp -- * * 0.0.0.0/0
172.18.1.15 multiport dports 3200,3220
0 0 ACCEPT tcp -- * * 0.0.0.0/0
172.18.1.216 multiport dports 20,21
192 9492 ACCEPT tcp -- * * 0.0.0.0/0
172.18.1.221 multiport dports 80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
172.18.1.218 multiport dports 3389
3 144 ACCEPT tcp -- * * 0.0.0.0/0
172.18.1.208 multiport dports 25,443
0 0 ACCEPT tcp -- * * 80.205.159.108
172.18.1.17 multiport dports 3200,5900
0 0 ACCEPT tcp -- * * 85.36.47.39
172.18.1.15 multiport dports 3200,5900
Chain red-me (1 references)
pkts bytes target prot opt in out source
destination
0 0 icmp-me icmp -- * * 0.0.0.0/0
0.0.0.0/0
5 744 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
9647 910930 ACCEPT 4 -- * * 0.0.0.0/0
0.0.0.0/0
28 6484 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 multiport dports 500,4500
Chain syn-flood-dmz (1 references)
pkts bytes target prot opt in out source
destination
0 0 red-dmz all -- * * 172.16.0.0/12
0.0.0.0/0
178 9120 red-dmz tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 20/min burst 5
6 249 red-dmz tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 20/min burst 5
160 119930 red-dmz udp -- * * 0.0.0.0/0
0.0.0.0/0
Chain syn-flood-green (1 references)
pkts bytes target prot opt in out source
destination
0 0 red-green all -- * * 172.16.0.0/12
0.0.0.0/0
214 10548 red-green tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 20/min burst 5
0 0 red-green tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 20/min burst 5
1 269 red-green udp -- * * 0.0.0.0/0
0.0.0.0/0
root@Mimosa:/var/log# iptables -vxnL -t nat
Chain PREROUTING (policy ACCEPT 8465 packets, 879102 bytes)
pkts bytes target prot opt in out source
destination
19 912 DNAT tcp -- eth0 * 0.0.0.0/0
milano-dmz.24 multiport dports 110,143 to:172.18.1.13
0 0 DNAT tcp -- eth0 * 80.205.159.108
milano-dmz.22 multiport dports 3200,5900 to:172.18.1.17
0 0 DNAT tcp -- eth0 * 0.0.0.0/0
milano-dmz.22 multiport dports 3200,5900,3220 to:172.18.1.15
0 0 DNAT tcp -- eth0 * 0.0.0.0/0
milano-dmz.20 multiport dports 20,21 to:172.18.1.216
520 25140 DNAT tcp -- eth0 * 0.0.0.0/0
milano-dmz.20 multiport dports 80 to:172.18.1.221
0 0 DNAT tcp -- eth0 * 0.0.0.0/0
milano-dmz.20 multiport dports 3389 to:172.18.1.218
3 144 DNAT tcp -- eth0 * 0.0.0.0/0
milano-dmz.20 multiport dports 25,443 to:172.18.1.208
Chain POSTROUTING (policy ACCEPT 1142 packets, 111012 bytes)
pkts bytes target prot opt in out source
destination
0 0 SNAT tcp -- * * 172.18.1.0/24
83.103.72.197 multiport dports 20,21 to:www-adsl
0 0 SNAT tcp -- * * 172.18.1.0/24
193.221.113.0/24 multiport dports 554,1755 to:www-adsl
0 0 SNAT tcp -- * * 0.0.0.0/0
151.9.17.169 multiport dports 20,21 to:mimosa
0 0 SNAT tcp -- * * 0.0.0.0/0
213.26.116.140 multiport dports 20,21 to:mimosa
0 0 SNAT tcp -- * * 0.0.0.0/0
81.112.114.154 multiport dports 20,21 to:mimosa
0 0 SNAT tcp -- * * 0.0.0.0/0
212.131.138.194 multiport dports 20,21 to:mimosa
0 0 SNAT udp -- * eth0 mimosa
!172.16.0.0/12 multiport dports 123 to:www-adsl
129 7740 SNAT tcp -- * eth0 mimosa
!172.16.0.0/12 multiport dports 20,21,80,123,443,8000,81 to:www-adsl
521 61401 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 policy match dir out pol ipsec
0 0 SNAT tcp -- * eth0 172.18.1.0/24
0.0.0.0/0 multiport dports
23,922,1494,1503,1720,3200,3299,3300,3389,5040,5631,5632,5900,8999,10000
to:mimosa
0 0 SNAT tcp -- * eth0 172.18.1.0/24
0.0.0.0/0 multiport dports 3201,6667,3390,22,1723 to:mimosa
0 0 SNAT udp -- * eth0 172.18.1.0/24
0.0.0.0/0 multiport dports 500,1025,4500,5631,5632,10000 to:mimosa
0 0 SNAT all -- * eth0 172.18.1.0/24
firenze-dmz.123 to:mimosa
0 0 SNAT tcp -- * eth0 172.18.1.194
0.0.0.0/0 multiport dports 25,110 to:mimosa
0 0 SNAT tcp -- * eth0 172.18.1.190
0.0.0.0/0 multiport dports 25,110 to:mimosa
0 0 SNAT tcp -- * eth0 172.18.1.204
!172.16.0.0/12 tcp dpt:1863 to:mimosa
0 0 SNAT tcp -- * eth0 172.18.1.230
!172.16.0.0/12 tcp dpt:1863 to:mimosa
0 0 SNAT tcp -- * eth0 172.18.1.232
!172.16.0.0/12 tcp dpt:1863 to:mimosa
0 0 SNAT tcp -- * eth0 172.18.1.233
!172.16.0.0/12 tcp dpt:1863 to:mimosa
101 5410 SNAT all -- * * 172.16.0.0/12
10.0.0.0/8 to:172.29.128.1
0 0 SNAT all -- * * napoli-phone/27
10.0.0.0/8 to:172.29.128.1
Chain OUTPUT (policy ACCEPT 249 packets, 17046 bytes)
pkts bytes target prot opt in out source
destination
root@Mimosa:/etc/rc.d# iptables -vxnL -t mangle
Chain PREROUTING (policy ACCEPT 123652 packets, 46803472 bytes)
pkts bytes target prot opt in out source
destination
0 0 MARK tcp -- * * 172.18.1.0/24
83.103.72.197 multiport dports 20,21 MARK set 0x1
0 0 MARK tcp -- * * 172.18.1.0/24
193.221.113.0/24 multiport dports 554,1755 MARK set 0x1
Chain INPUT (policy ACCEPT 59131 packets, 15751259 bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 63794 packets, 30980927 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 49608 packets, 29946646 bytes)
pkts bytes target prot opt in out source
destination
0 0 MARK udp -- * * 0.0.0.0/0
!172.16.0.0/12 multiport dports 123 MARK set 0x1
4714 462744 MARK tcp -- * * 0.0.0.0/0
!172.16.0.0/12 multiport dports 20,21,80,123,443,8000,81 MARK set 0x1
Chain POSTROUTING (policy ACCEPT 106140 packets, 59828842 bytes)
pkts bytes target prot opt in out source
destination
root@Mimosa:/etc/rc.d# ip r s
151.25.90.31 dev eth0 scope link
mimosa-gateway dev eth0 scope link
www-adsl-net/29 dev eth0 proto kernel scope link src www-adsl
napoli-phone/27 via mimosa-gateway dev eth0
milano-dmz/27 dev eth1 scope link
172.22.1.0/24 via mimosa-gateway dev eth0 src 172.18.1.254
172.18.1.0/24 dev eth2 proto kernel scope link src 172.18.1.254
172.25.5.0/24 via mimosa-gateway dev eth0
172.25.1.0/24 via mimosa-gateway dev eth0
172.21.1.0/24 via mimosa-gateway dev eth0
172.17.1.0/24 via mimosa-gateway dev eth0
172.23.4.0/23 via mimosa-gateway dev eth0
172.23.2.0/23 via mimosa-gateway dev eth0
172.23.0.0/23 via mimosa-gateway dev eth0
172.16.0.0/23 via mimosa-gateway dev eth0
10.0.0.0/8 via mimosa-gateway dev eth0 src 172.29.128.1
127.0.0.0/8 dev lo scope link
default via mimosa-gateway dev eth0 metric 1
This is also my .config
root@Mimosa:/usr/src/linux# cat .config
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.16.9
# Wed Apr 19 15:51:04 2006
#
CONFIG_X86_32=y
CONFIG_SEMAPHORE_SLEEPERS=y
CONFIG_X86=y
CONFIG_MMU=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_IOMAP=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_DMI=y
#
# Code maturity level options
#
# CONFIG_EXPERIMENTAL is not set
CONFIG_BROKEN_ON_SMP=y
CONFIG_INIT_ENV_ARG_LIMIT=32
#
# General setup
#
CONFIG_LOCALVERSION=""
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_BSD_PROCESS_ACCT=y
# CONFIG_BSD_PROCESS_ACCT_V3 is not set
CONFIG_SYSCTL=y
# CONFIG_AUDIT is not set
# CONFIG_IKCONFIG is not set
CONFIG_INITRAMFS_SOURCE=""
CONFIG_UID16=y
CONFIG_VM86=y
# CONFIG_EMBEDDED is not set
CONFIG_KALLSYMS=y
# CONFIG_KALLSYMS_EXTRA_PASS is not set
CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
CONFIG_SHMEM=y
CONFIG_CC_ALIGN_FUNCTIONS=0
CONFIG_CC_ALIGN_LABELS=0
CONFIG_CC_ALIGN_LOOPS=0
CONFIG_CC_ALIGN_JUMPS=0
CONFIG_SLAB=y
# CONFIG_TINY_SHMEM is not set
CONFIG_BASE_SMALL=0
# CONFIG_SLOB is not set
#
# Loadable module support
#
CONFIG_MODULES=y
CONFIG_MODULE_UNLOAD=y
CONFIG_OBSOLETE_MODPARM=y
# CONFIG_MODVERSIONS is not set
# CONFIG_MODULE_SRCVERSION_ALL is not set
# CONFIG_KMOD is not set
#
# Block layer
#
# CONFIG_LBD is not set
#
# IO Schedulers
#
CONFIG_IOSCHED_NOOP=y
# CONFIG_IOSCHED_AS is not set
CONFIG_IOSCHED_DEADLINE=y
# CONFIG_IOSCHED_CFQ is not set
# CONFIG_DEFAULT_AS is not set
CONFIG_DEFAULT_DEADLINE=y
# CONFIG_DEFAULT_CFQ is not set
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="deadline"
#
# Processor type and features
#
CONFIG_X86_PC=y
# CONFIG_X86_ELAN is not set
# CONFIG_X86_VOYAGER is not set
# CONFIG_X86_NUMAQ is not set
# CONFIG_X86_SUMMIT is not set
# CONFIG_X86_BIGSMP is not set
# CONFIG_X86_VISWS is not set
# CONFIG_X86_GENERICARCH is not set
# CONFIG_X86_ES7000 is not set
# CONFIG_M386 is not set
# CONFIG_M486 is not set
# CONFIG_M586 is not set
# CONFIG_M586TSC is not set
# CONFIG_M586MMX is not set
# CONFIG_M686 is not set
CONFIG_MPENTIUMII=y
# CONFIG_MPENTIUMIII is not set
# CONFIG_MPENTIUMM is not set
# CONFIG_MPENTIUM4 is not set
# CONFIG_MK6 is not set
# CONFIG_MK7 is not set
# CONFIG_MK8 is not set
# CONFIG_MCRUSOE is not set
# CONFIG_MEFFICEON is not set
# CONFIG_MWINCHIPC6 is not set
# CONFIG_MWINCHIP2 is not set
# CONFIG_MWINCHIP3D is not set
# CONFIG_MGEODEGX1 is not set
# CONFIG_MGEODE_LX is not set
# CONFIG_MCYRIXIII is not set
# CONFIG_MVIAC3_2 is not set
# CONFIG_X86_GENERIC is not set
CONFIG_X86_CMPXCHG=y
CONFIG_X86_XADD=y
CONFIG_X86_L1_CACHE_SHIFT=5
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_X86_WP_WORKS_OK=y
CONFIG_X86_INVLPG=y
CONFIG_X86_BSWAP=y
CONFIG_X86_POPAD_OK=y
CONFIG_X86_CMPXCHG64=y
CONFIG_X86_GOOD_APIC=y
CONFIG_X86_INTEL_USERCOPY=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_TSC=y
# CONFIG_HPET_TIMER is not set
# CONFIG_SMP is not set
CONFIG_PREEMPT_NONE=y
# CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_PREEMPT is not set
CONFIG_X86_UP_APIC=y
CONFIG_X86_UP_IOAPIC=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_MCE is not set
# CONFIG_TOSHIBA is not set
# CONFIG_I8K is not set
# CONFIG_X86_REBOOTFIXUPS is not set
# CONFIG_MICROCODE is not set
# CONFIG_X86_MSR is not set
# CONFIG_X86_CPUID is not set
#
# Firmware Drivers
#
# CONFIG_DELL_RBU is not set
# CONFIG_DCDBAS is not set
CONFIG_NOHIGHMEM=y
# CONFIG_HIGHMEM4G is not set
# CONFIG_HIGHMEM64G is not set
CONFIG_PAGE_OFFSET=0xC0000000
CONFIG_FLATMEM=y
CONFIG_FLAT_NODE_MEM_MAP=y
# CONFIG_SPARSEMEM_STATIC is not set
CONFIG_SPLIT_PTLOCK_CPUS=4
# CONFIG_MATH_EMULATION is not set
# CONFIG_MTRR is not set
CONFIG_SECCOMP=y
# CONFIG_HZ_100 is not set
CONFIG_HZ_250=y
# CONFIG_HZ_1000 is not set
CONFIG_HZ=250
CONFIG_PHYSICAL_START=0x100000
CONFIG_DOUBLEFAULT=y
#
# Power management options (ACPI, APM)
#
# CONFIG_PM is not set
#
# ACPI (Advanced Configuration and Power Interface) Support
#
# CONFIG_ACPI is not set
#
# CPU Frequency scaling
#
# CONFIG_CPU_FREQ is not set
#
# Bus options (PCI, PCMCIA, EISA, MCA, ISA)
#
CONFIG_PCI=y
# CONFIG_PCI_GOBIOS is not set
# CONFIG_PCI_GOMMCONFIG is not set
# CONFIG_PCI_GODIRECT is not set
CONFIG_PCI_GOANY=y
CONFIG_PCI_BIOS=y
CONFIG_PCI_DIRECT=y
# CONFIG_PCIEPORTBUS is not set
# CONFIG_PCI_MSI is not set
# CONFIG_PCI_LEGACY_PROC is not set
CONFIG_ISA_DMA_API=y
# CONFIG_ISA is not set
# CONFIG_MCA is not set
# CONFIG_SCx200 is not set
#
# PCCARD (PCMCIA/CardBus) support
#
# CONFIG_PCCARD is not set
#
# PCI Hotplug Support
#
#
# Executable file formats
#
CONFIG_BINFMT_ELF=y
# CONFIG_BINFMT_AOUT is not set
# CONFIG_BINFMT_MISC is not set
#
# Networking
#
CONFIG_NET=y
#
# Networking options
#
# CONFIG_NETDEBUG is not set
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
CONFIG_UNIX=y
CONFIG_XFRM=y
CONFIG_XFRM_USER=y
CONFIG_NET_KEY=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_ASK_IP_FIB_HASH=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
# CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
CONFIG_SYN_COOKIES=y
# CONFIG_INET_AH is not set
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_INET_TUNNEL=y
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_BIC=y
#
# IP: Virtual Server Configuration
#
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_DCCP=y
CONFIG_NETFILTER_XT_MATCH_HELPER=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
CONFIG_NETFILTER_XT_MATCH_REALM=y
CONFIG_NETFILTER_XT_MATCH_SCTP=y
CONFIG_NETFILTER_XT_MATCH_STATE=y
CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
#
# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_FTP=m
# CONFIG_IP_NF_IRC is not set
CONFIG_IP_NF_TFTP=m
# CONFIG_IP_NF_AMANDA is not set
CONFIG_IP_NF_PPTP=m
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
# CONFIG_IP_NF_MATCH_RECENT is not set
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_HASHLIMIT=y
CONFIG_IP_NF_MATCH_POLICY=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_TTL=y
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# CONFIG_BRIDGE is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
#
# QoS and/or fair queueing
#
# CONFIG_NET_SCHED is not set
CONFIG_NET_CLS_ROUTE=y
#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
# CONFIG_HAMRADIO is not set
# CONFIG_IRDA is not set
# CONFIG_BT is not set
# CONFIG_IEEE80211 is not set
#
# Device Drivers
#
#
# Generic Driver Options
#
CONFIG_STANDALONE=y
# CONFIG_PREVENT_FIRMWARE_BUILD is not set
# CONFIG_FW_LOADER is not set
#
# Connector - unified userspace <-> kernelspace linker
#
# CONFIG_CONNECTOR is not set
#
# Memory Technology Devices (MTD)
#
# CONFIG_MTD is not set
#
# Parallel port support
#
# CONFIG_PARPORT is not set
#
# Plug and Play support
#
#
# Block devices
#
CONFIG_BLK_DEV_FD=m
# CONFIG_BLK_CPQ_DA is not set
# CONFIG_BLK_CPQ_CISS_DA is not set
# CONFIG_BLK_DEV_DAC960 is not set
# CONFIG_BLK_DEV_COW_COMMON is not set
# CONFIG_BLK_DEV_LOOP is not set
# CONFIG_BLK_DEV_NBD is not set
# CONFIG_BLK_DEV_SX8 is not set
# CONFIG_BLK_DEV_RAM is not set
CONFIG_BLK_DEV_RAM_COUNT=16
# CONFIG_CDROM_PKTCDVD is not set
# CONFIG_ATA_OVER_ETH is not set
#
# ATA/ATAPI/MFM/RLL support
#
CONFIG_IDE=y
CONFIG_BLK_DEV_IDE=y
#
# Please see Documentation/ide.txt for help/info on IDE drives
#
# CONFIG_BLK_DEV_IDE_SATA is not set
# CONFIG_BLK_DEV_HD_IDE is not set
CONFIG_BLK_DEV_IDEDISK=y
# CONFIG_IDEDISK_MULTI_MODE is not set
CONFIG_BLK_DEV_IDECD=m
# CONFIG_BLK_DEV_IDEFLOPPY is not set
# CONFIG_IDE_TASK_IOCTL is not set
#
# IDE chipset support/bugfixes
#
# CONFIG_IDE_GENERIC is not set
# CONFIG_BLK_DEV_CMD640 is not set
CONFIG_BLK_DEV_IDEPCI=y
CONFIG_IDEPCI_SHARE_IRQ=y
# CONFIG_BLK_DEV_OFFBOARD is not set
# CONFIG_BLK_DEV_GENERIC is not set
# CONFIG_BLK_DEV_RZ1000 is not set
CONFIG_BLK_DEV_IDEDMA_PCI=y
# CONFIG_BLK_DEV_IDEDMA_FORCED is not set
CONFIG_IDEDMA_PCI_AUTO=y
CONFIG_IDEDMA_ONLYDISK=y
# CONFIG_BLK_DEV_AEC62XX is not set
# CONFIG_BLK_DEV_ALI15X3 is not set
# CONFIG_BLK_DEV_AMD74XX is not set
# CONFIG_BLK_DEV_ATIIXP is not set
# CONFIG_BLK_DEV_CMD64X is not set
# CONFIG_BLK_DEV_TRIFLEX is not set
# CONFIG_BLK_DEV_CY82C693 is not set
# CONFIG_BLK_DEV_CS5530 is not set
# CONFIG_BLK_DEV_CS5535 is not set
# CONFIG_BLK_DEV_HPT34X is not set
# CONFIG_BLK_DEV_HPT366 is not set
# CONFIG_BLK_DEV_SC1200 is not set
CONFIG_BLK_DEV_PIIX=y
# CONFIG_BLK_DEV_IT821X is not set
# CONFIG_BLK_DEV_NS87415 is not set
# CONFIG_BLK_DEV_PDC202XX_OLD is not set
# CONFIG_BLK_DEV_PDC202XX_NEW is not set
# CONFIG_BLK_DEV_SVWKS is not set
# CONFIG_BLK_DEV_SIIMAGE is not set
# CONFIG_BLK_DEV_SIS5513 is not set
# CONFIG_BLK_DEV_SLC90E66 is not set
# CONFIG_BLK_DEV_TRM290 is not set
# CONFIG_BLK_DEV_VIA82CXXX is not set
# CONFIG_IDE_ARM is not set
CONFIG_BLK_DEV_IDEDMA=y
# CONFIG_IDEDMA_IVB is not set
CONFIG_IDEDMA_AUTO=y
# CONFIG_BLK_DEV_HD is not set
#
# SCSI device support
#
# CONFIG_RAID_ATTRS is not set
# CONFIG_SCSI is not set
#
# Multi-device support (RAID and LVM)
#
# CONFIG_MD is not set
#
# Fusion MPT device support
#
# CONFIG_FUSION is not set
#
# IEEE 1394 (FireWire) support
#
# CONFIG_IEEE1394 is not set
#
# I2O device support
#
# CONFIG_I2O is not set
#
# Network device support
#
CONFIG_NETDEVICES=y
CONFIG_DUMMY=m
# CONFIG_BONDING is not set
# CONFIG_EQUALIZER is not set
# CONFIG_TUN is not set
#
# ARCnet devices
#
# CONFIG_ARCNET is not set
#
# PHY device support
#
# CONFIG_PHYLIB is not set
#
# Ethernet (10 or 100Mbit)
#
CONFIG_NET_ETHERNET=y
CONFIG_MII=m
# CONFIG_HAPPYMEAL is not set
# CONFIG_SUNGEM is not set
# CONFIG_CASSINI is not set
CONFIG_NET_VENDOR_3COM=y
CONFIG_VORTEX=m
CONFIG_TYPHOON=m
#
# Tulip family network device support
#
# CONFIG_NET_TULIP is not set
# CONFIG_HP100 is not set
CONFIG_NET_PCI=y
# CONFIG_PCNET32 is not set
# CONFIG_AMD8111_ETH is not set
# CONFIG_ADAPTEC_STARFIRE is not set
# CONFIG_DGRS is not set
CONFIG_EEPRO100=m
CONFIG_E100=m
# CONFIG_FEALNX is not set
# CONFIG_NATSEMI is not set
# CONFIG_NE2K_PCI is not set
# CONFIG_8139TOO is not set
# CONFIG_SIS900 is not set
# CONFIG_EPIC100 is not set
# CONFIG_SUNDANCE is not set
# CONFIG_TLAN is not set
# CONFIG_VIA_RHINE is not set
#
# Ethernet (1000 Mbit)
#
# CONFIG_ACENIC is not set
# CONFIG_DL2K is not set
# CONFIG_E1000 is not set
# CONFIG_NS83820 is not set
# CONFIG_HAMACHI is not set
# CONFIG_R8169 is not set
# CONFIG_SIS190 is not set
# CONFIG_SKGE is not set
# CONFIG_SK98LIN is not set
# CONFIG_VIA_VELOCITY is not set
# CONFIG_TIGON3 is not set
# CONFIG_BNX2 is not set
#
# Ethernet (10000 Mbit)
#
# CONFIG_CHELSIO_T1 is not set
# CONFIG_IXGB is not set
# CONFIG_S2IO is not set
#
# Token Ring devices
#
# CONFIG_TR is not set
#
# Wireless LAN (non-hamradio)
#
# CONFIG_NET_RADIO is not set
#
# Wan interfaces
#
# CONFIG_WAN is not set
# CONFIG_FDDI is not set
# CONFIG_PPP is not set
# CONFIG_SLIP is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
#
# ISDN subsystem
#
# CONFIG_ISDN is not set
#
# Telephony Support
#
# CONFIG_PHONE is not set
#
# Input device support
#
CONFIG_INPUT=y
#
# Userland interfaces
#
CONFIG_INPUT_MOUSEDEV=y
# CONFIG_INPUT_MOUSEDEV_PSAUX is not set
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
# CONFIG_INPUT_JOYDEV is not set
# CONFIG_INPUT_TSDEV is not set
# CONFIG_INPUT_EVDEV is not set
# CONFIG_INPUT_EVBUG is not set
#
# Input Device Drivers
#
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_SUNKBD is not set
# CONFIG_KEYBOARD_LKKBD is not set
# CONFIG_KEYBOARD_XTKBD is not set
# CONFIG_KEYBOARD_NEWTON is not set
# CONFIG_INPUT_MOUSE is not set
# CONFIG_INPUT_JOYSTICK is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
# CONFIG_INPUT_MISC is not set
#
# Hardware I/O ports
#
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
# CONFIG_SERIO_SERPORT is not set
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PCIPS2 is not set
CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_RAW is not set
# CONFIG_GAMEPORT is not set
#
# Character devices
#
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_HW_CONSOLE=y
# CONFIG_SERIAL_NONSTANDARD is not set
#
# Serial drivers
#
# CONFIG_SERIAL_8250 is not set
#
# Non-8250 serial port support
#
# CONFIG_SERIAL_JSM is not set
CONFIG_UNIX98_PTYS=y
# CONFIG_LEGACY_PTYS is not set
#
# IPMI
#
# CONFIG_IPMI_HANDLER is not set
#
# Watchdog Cards
#
# CONFIG_WATCHDOG is not set
# CONFIG_HW_RANDOM is not set
# CONFIG_NVRAM is not set
# CONFIG_RTC is not set
# CONFIG_GEN_RTC is not set
# CONFIG_DTLK is not set
# CONFIG_R3964 is not set
# CONFIG_APPLICOM is not set
#
# Ftape, the floppy tape device driver
#
# CONFIG_FTAPE is not set
# CONFIG_AGP is not set
# CONFIG_DRM is not set
# CONFIG_MWAVE is not set
# CONFIG_CS5535_GPIO is not set
# CONFIG_RAW_DRIVER is not set
# CONFIG_HANGCHECK_TIMER is not set
#
# TPM devices
#
#
# I2C support
#
# CONFIG_I2C is not set
#
# SPI support
#
# CONFIG_SPI is not set
# CONFIG_SPI_MASTER is not set
#
# Dallas's 1-wire bus
#
# CONFIG_W1 is not set
#
# Hardware Monitoring support
#
# CONFIG_HWMON is not set
# CONFIG_HWMON_VID is not set
#
# Misc devices
#
#
# Multimedia Capabilities Port drivers
#
#
# Multimedia devices
#
# CONFIG_VIDEO_DEV is not set
#
# Digital Video Broadcasting Devices
#
# CONFIG_DVB is not set
#
# Graphics support
#
# CONFIG_FB is not set
# CONFIG_VIDEO_SELECT is not set
#
# Console display driver support
#
CONFIG_VGA_CONSOLE=y
CONFIG_DUMMY_CONSOLE=y
#
# Sound
#
# CONFIG_SOUND is not set
#
# USB support
#
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB_ARCH_HAS_OHCI=y
# CONFIG_USB is not set
#
# NOTE: USB_STORAGE enables SCSI, and 'SCSI disk support'
#
#
# USB Gadget Support
#
# CONFIG_USB_GADGET is not set
#
# MMC/SD Card support
#
# CONFIG_MMC is not set
#
# InfiniBand support
#
# CONFIG_INFINIBAND is not set
#
# EDAC - error detection and reporting (RAS) (EXPERIMENTAL)
#
#
# File systems
#
CONFIG_EXT2_FS=m
# CONFIG_EXT2_FS_XATTR is not set
# CONFIG_EXT2_FS_XIP is not set
# CONFIG_EXT3_FS is not set
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
# CONFIG_FS_POSIX_ACL is not set
CONFIG_XFS_FS=y
# CONFIG_XFS_QUOTA is not set
# CONFIG_XFS_SECURITY is not set
# CONFIG_XFS_POSIX_ACL is not set
# CONFIG_MINIX_FS is not set
# CONFIG_ROMFS_FS is not set
CONFIG_INOTIFY=y
# CONFIG_QUOTA is not set
CONFIG_DNOTIFY=y
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set
# CONFIG_FUSE_FS is not set
#
# CD-ROM/DVD Filesystems
#
CONFIG_ISO9660_FS=m
CONFIG_JOLIET=y
# CONFIG_ZISOFS is not set
# CONFIG_UDF_FS is not set
#
# DOS/FAT/NT Filesystems
#
CONFIG_FAT_FS=m
CONFIG_MSDOS_FS=m
CONFIG_VFAT_FS=m
CONFIG_FAT_DEFAULT_CODEPAGE=437
CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
# CONFIG_NTFS_FS is not set
#
# Pseudo filesystems
#
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_SYSFS=y
# CONFIG_TMPFS is not set
# CONFIG_HUGETLBFS is not set
# CONFIG_HUGETLB_PAGE is not set
CONFIG_RAMFS=y
# CONFIG_RELAYFS_FS is not set
#
# Miscellaneous filesystems
#
# CONFIG_HFSPLUS_FS is not set
# CONFIG_CRAMFS is not set
# CONFIG_VXFS_FS is not set
# CONFIG_HPFS_FS is not set
# CONFIG_QNX4FS_FS is not set
# CONFIG_SYSV_FS is not set
# CONFIG_UFS_FS is not set
#
# Network File Systems
#
# CONFIG_NFS_FS is not set
# CONFIG_NFSD is not set
# CONFIG_SMB_FS is not set
# CONFIG_CIFS is not set
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
#
# Partition Types
#
# CONFIG_PARTITION_ADVANCED is not set
CONFIG_MSDOS_PARTITION=y
#
# Native Language Support
#
CONFIG_NLS=m
CONFIG_NLS_DEFAULT="iso8859-1"
CONFIG_NLS_CODEPAGE_437=m
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
CONFIG_NLS_CODEPAGE_850=m
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
# CONFIG_NLS_CODEPAGE_863 is not set
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_936 is not set
# CONFIG_NLS_CODEPAGE_950 is not set
# CONFIG_NLS_CODEPAGE_932 is not set
# CONFIG_NLS_CODEPAGE_949 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
CONFIG_NLS_ISO8859_1=m
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_13 is not set
# CONFIG_NLS_ISO8859_14 is not set
CONFIG_NLS_ISO8859_15=m
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
# CONFIG_NLS_UTF8 is not set
#
# Kernel hacking
#
# CONFIG_PRINTK_TIME is not set
# CONFIG_MAGIC_SYSRQ is not set
# CONFIG_DEBUG_KERNEL is not set
CONFIG_LOG_BUF_SHIFT=14
CONFIG_DEBUG_BUGVERBOSE=y
CONFIG_EARLY_PRINTK=y
CONFIG_X86_FIND_SMP_CONFIG=y
CONFIG_X86_MPPARSE=y
#
# Security options
#
# CONFIG_KEYS is not set
# CONFIG_SECURITY is not set
#
# Cryptographic options
#
CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
# CONFIG_CRYPTO_NULL is not set
# CONFIG_CRYPTO_MD4 is not set
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
# CONFIG_CRYPTO_WP512 is not set
# CONFIG_CRYPTO_TGR192 is not set
CONFIG_CRYPTO_DES=y
CONFIG_CRYPTO_BLOWFISH=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_SERPENT=m
# CONFIG_CRYPTO_AES is not set
CONFIG_CRYPTO_AES_586=y
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_TEA is not set
# CONFIG_CRYPTO_ARC4 is not set
# CONFIG_CRYPTO_KHAZAD is not set
# CONFIG_CRYPTO_ANUBIS is not set
CONFIG_CRYPTO_DEFLATE=y
# CONFIG_CRYPTO_MICHAEL_MIC is not set
# CONFIG_CRYPTO_CRC32C is not set
# CONFIG_CRYPTO_TEST is not set
#
# Hardware crypto devices
#
# CONFIG_CRYPTO_DEV_PADLOCK is not set
#
# Library routines
#
CONFIG_CRC_CCITT=m
CONFIG_CRC16=m
CONFIG_CRC32=m
CONFIG_LIBCRC32C=m
CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y
CONFIG_TEXTSEARCH=y
CONFIG_TEXTSEARCH_KMP=y
CONFIG_TEXTSEARCH_BM=y
CONFIG_TEXTSEARCH_FSM=y
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_X86_BIOS_REBOOT=y
CONFIG_KTIME_SCALAR=y
^ permalink raw reply
* Re: ipsec tunnel asymmetrical mtu
From: Marco Berizzi @ 2006-04-24 9:26 UTC (permalink / raw)
To: herbert; +Cc: netdev
In-Reply-To: <BAY103-F290B963EE35123CC2E6DB8B2BE0@phx.gbl>
mhhhh I have forgotten to tell you that both mimosa & pleiadi
are running 2.6.16.9 driven by openswan 2.4.5
^ permalink raw reply
* Re: [patch] ipv4: initialize arp_tbl rw lock
From: Heiko Carstens @ 2006-04-24 10:18 UTC (permalink / raw)
To: David S. Miller
Cc: shemminger, jgarzik, akpm, netdev, linux-kernel, fpavlic, davem
In-Reply-To: <20060415.003457.103031290.davem@davemloft.net>
> > Tried to figure out what is causing the delays I experienced when I replaced
> > module_init() in af_inet.c with fs_initcall(). After all it turned out that
> > synchronize_net() which is basicically nothing else than synchronize_rcu()
> > sometimes takes several seconds to complete?! No idea why that is...
> >
> > callchain: inet_init() -> inet_register_protosw() -> synchronize_net()
>
> The problem can't be rcu_init(), that gets done very early
> in init/main.c
>
> Maybe it's some timer or something else specific to s390?
>
> It could also be that there's perhaps nothing to context
> switch to, thus the RCU takes forever to "happen".
Yes, it's more or less s390 specific.
What happens is the following: synchronize_rcu() enqueues an RCU callback on
cpu 0. Later on cpu 0 handles a bunch of RCU batches, but without handling
this specific request (it's in rdp->curlist). Since this cpu has nothing else
to do it enters cpu_idle() (it's a nohz idle, therefore it might be quite a
long time in idle state).
While cpu 0 is in idle state cpu 2 calls cpu_quiet() which in turn will call
rcu_start_batch(). If cpu 0 would run now, it would notice rdp->curlist moved
to rdp->donelist and that there is something to do. Unfortunately it doesn't
get notified from rcu_start_batch(). That's why I ended up waiting several
seconds until finally some interrupt arrived at cpu 0 which made things go
on finally.
Avoiding this could be done if we look at rdp->curlist before going into
a nohz idle wait, or we could send an interprocessor interrupt to idle
cpus. Sending an interrupt while looking only on nohz_cpu_mask seems to
be a bit racy, since other cpus might have entered cpu idle after
nohz_cpu_mask has been read...
At least the initcall change for inet_init() can go in, since it just
revealed a problem that we have anyway.
^ permalink raw reply
* [patch] ipv4: inet_init() -> fs_initcall
From: Heiko Carstens @ 2006-04-24 10:22 UTC (permalink / raw)
To: Andrew Morton, David S. Miller
Cc: shemminger, jgarzik, netdev, linux-kernel, fpavlic
In-Reply-To: <20060415.003457.103031290.davem@davemloft.net>
From: Heiko Carstens <heiko.carstens@de.ibm.com>
Convert inet_init to an fs_initcall to make sure its called before any device
driver's initcall.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
---
net/ipv4/af_inet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index dc206f1..0a27745 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1257,7 +1257,7 @@ out_unregister_udp_proto:
goto out;
}
-module_init(inet_init);
+fs_initcall(inet_init);
/* ------------------------------------------------------------------------ */
^ permalink raw reply related
* Re: Netpoll checksum issue
From: Herbert Xu @ 2006-04-24 10:22 UTC (permalink / raw)
To: Aubrey; +Cc: Stephen Hemminger, netdev
In-Reply-To: <6d6a94c50604232242hd091922q8a2a0c78f1163b3c@mail.gmail.com>
On Mon, Apr 24, 2006 at 01:42:12PM +0800, Aubrey wrote:
>
> dev->last_rx = jiffies;
> skb->dev = dev;
> skb->protocol = eth_type_trans(skb, dev);
> skb->ip_summed = CHECKSUM_UNNECESSARY;
> netif_rx(skb);
This doesn't make sense. First of all you're setting ip_summed to
CHECK_UNNECESSARY unconditionally which is most likely wrong.
What's more, if this was the driver that you were using, then
checksum_udp couldn't possibly fail since the first thing it does
is check ip_summed.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply
* Re: [Fireflier-devel] Re: [PATCH][RFC] Security marking
From: James Morris @ 2006-04-24 12:56 UTC (permalink / raw)
To: Török Edwin; +Cc: netdev, Patrick McHardy, fireflier-devel
In-Reply-To: <200604232157.59758.edwin@gurde.com>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 426 bytes --]
On Sun, 23 Apr 2006, Török Edwin wrote:
> > This could be done with nfqueue, modular policy and a pretty simple tool.
> How do I determine if the policy needs to be changed? I.e. how do I determine
> if the packet would be dropped? You say packets are silently dropped, won't
> they generate an avc denied at least? (at least the first time?)
Actually, yes, you'll get avc messages.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply
* Re: [PATCH 8/10] d80211: get rid of default management interface
From: Jiri Benc @ 2006-04-24 13:01 UTC (permalink / raw)
To: Jouni Malinen; +Cc: netdev
In-Reply-To: <20060422024431.GJ27215@instant802.com>
On Fri, 21 Apr 2006 19:44:31 -0700, Jouni Malinen wrote:
> On Fri, Apr 21, 2006 at 10:53:28PM +0200, Jiri Benc wrote:
> > Default management interface (wlanXap) confuses users. It is only needed for
> > AP mode (and only until interfaces are converted to use native 802.11
> > frames).
>
> Or when using user space MLME in client mode which is something that I
> just got working as far as scanning and association is concerned. In
> other words, wpa_supplicant will be needing this interface..
I think we can (and should) wait with userspace MLME until the netlink
interface is implemented.
> That sounds like something that could break multi-BSSID/SSID aware
> hostapd. Are you saying that there would be new wlanXap like interface
> for each BSS/VLAN interface? What are the problems this is fixing with
> multiple AP interfaces?
Thinking about it more, only implementation problems. I was just lazy
and implementing things the way I did seemed to be easier. My fault,
sorry, didn't realize hostapd is aware of multiple BSSes.
> So far, hostapd has been responsible for
> receiving all management from a single interface and then internally
> decide which BSS/multi-SSID entry to use for each.
>
> I would assume that hostapd could be changed to process frames from
> multiple interfaces (at least if this is only for multi-BSSID, not for
> multi-SSID/VLAN case).
There is no point in changing hostapd as this solution is temporary only
and hostapd will need to be changed for netlink anyway.
I will fix the patch.
Thanks,
Jiri
--
Jiri Benc
SUSE Labs
^ permalink raw reply
* Re: Netpoll checksum issue
From: Aubrey @ 2006-04-24 13:22 UTC (permalink / raw)
To: Herbert Xu; +Cc: Stephen Hemminger, netdev
In-Reply-To: <20060424102250.GA24437@gondor.apana.org.au>
On 4/24/06, Herbert Xu <herbert@gondor.apana.org.au> wrote:
> On Mon, Apr 24, 2006 at 01:42:12PM +0800, Aubrey wrote:
> >
> > dev->last_rx = jiffies;
> > skb->dev = dev;
> > skb->protocol = eth_type_trans(skb, dev);
> > skb->ip_summed = CHECKSUM_UNNECESSARY;
> > netif_rx(skb);
>
> This doesn't make sense. First of all you're setting ip_summed to
> CHECK_UNNECESSARY unconditionally which is most likely wrong.
>
> What's more, if this was the driver that you were using, then
> checksum_udp couldn't possibly fail since the first thing it does
> is check ip_summed.
Hmm, when I change the code in __netpoll_rx, there is no the following
one line in the driver:
==============================================
skb->ip_summed = CHECKSUM_UNNECESSARY;
==============================================
The above one line code in the driver is just a workaround.
Regards,
-Aubrey
^ permalink raw reply
* Re: Van Jacobson's net channels and real-time
From: Auke Kok @ 2006-04-24 16:42 UTC (permalink / raw)
To: Ingo Oeser
Cc: Jörn Engel, Ingo Oeser, David S. Miller, simlo, linux-kernel,
mingo, netdev
In-Reply-To: <200604230205.33668.ioe-lkml@rameria.de>
Ingo Oeser wrote:
> On Saturday, 22. April 2006 15:49, Jörn Engel wrote:
>> That was another main point, yes. And the endpoints should be as
>> little burden on the bottlenecks as possible. One bottleneck is the
>> receive interrupt, which shouldn't wait for cachelines from other cpus
>> too much.
>
> Thats right. This will be made a non issue with early demuxing
> on the NIC and MSI (or was it MSI-X?) which will select
> the right CPU based on hardware channels.
MSI-X. with MSI you still have only one cpu handling all MSI interrupts and
that doesn't look any different than ordinary interrupts. MSI-X will allow
much better interrupt handling across several cpu's.
Auke
^ permalink raw reply
* Re: Van Jacobson's net channels and real-time
From: linux-os (Dick Johnson) @ 2006-04-24 16:59 UTC (permalink / raw)
To: Auke Kok
Cc: Ingo Oeser, Jörn Engel, Ingo Oeser, David S. Miller, simlo,
linux-kernel, mingo, netdev
In-Reply-To: <444CFFE5.1020509@intel.com>
On Mon, 24 Apr 2006, Auke Kok wrote:
> Ingo Oeser wrote:
>> On Saturday, 22. April 2006 15:49, Jörn Engel wrote:
>>> That was another main point, yes. And the endpoints should be as
>>> little burden on the bottlenecks as possible. One bottleneck is the
>>> receive interrupt, which shouldn't wait for cachelines from other cpus
>>> too much.
>>
>> Thats right. This will be made a non issue with early demuxing
>> on the NIC and MSI (or was it MSI-X?) which will select
>> the right CPU based on hardware channels.
>
> MSI-X. with MSI you still have only one cpu handling all MSI interrupts and
> that doesn't look any different than ordinary interrupts. MSI-X will allow
> much better interrupt handling across several cpu's.
>
> Auke
> -
Message signaled interrupts are just a kudge to save a trace on a
PC board (read make junk cheaper still). They are not faster and
may even be slower. They will not be the salvation of any interrupt
latency problems. The solutions for increasing networking speed,
where the bit-rate on the wire gets close to the bit-rate on the
bus, is to put more and more of the networking code inside the
network board. The CPU get interrupted after most things (like
network handshakes) are complete.
Cheers,
Dick Johnson
Penguin : Linux version 2.6.16.4 on an i686 machine (5592.89 BogoMips).
Warning : 98.36% of all statistics are fiction, book release in April.
_
\x1a\x04
****************************************************************
The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to DeliveryErrors@analogic.com - and destroy all copies of this information, including any attachments, without reading or disclosing them.
Thank you.
^ permalink raw reply
* Re: Van Jacobson's net channels and real-time
From: Rick Jones @ 2006-04-24 17:19 UTC (permalink / raw)
To: linux-os (Dick Johnson)
Cc: Auke Kok, Ingo Oeser, Jörn Engel, Ingo Oeser,
David S. Miller, simlo, linux-kernel, mingo, netdev
In-Reply-To: <Pine.LNX.4.61.0604241254180.24099@chaos.analogic.com>
>>>Thats right. This will be made a non issue with early demuxing
>>>on the NIC and MSI (or was it MSI-X?) which will select
>>>the right CPU based on hardware channels.
>>
>>MSI-X. with MSI you still have only one cpu handling all MSI interrupts and
>>that doesn't look any different than ordinary interrupts. MSI-X will allow
>>much better interrupt handling across several cpu's.
>>
>>Auke
>>-
>
>
> Message signaled interrupts are just a kudge to save a trace on a
> PC board (read make junk cheaper still). They are not faster and
> may even be slower. They will not be the salvation of any interrupt
> latency problems. The solutions for increasing networking speed,
> where the bit-rate on the wire gets close to the bit-rate on the
> bus, is to put more and more of the networking code inside the
> network board. The CPU get interrupted after most things (like
> network handshakes) are complete.
if the issue is bus vs network bitrates would offloading really buy that
much? i suppose that for minimum sized packets not DMA'ing the headers
across the bus would be a decent win, but down at small packet sizes
where headers would be 1/3 to 1/2 the stuff DMA'd around, I would think
one is talking more about CPU path lengths than bus bitrates.
and up and "full size" segments, since everyone is so fond of bulk
transfer tests, the transfer saved by not shovig headers across the bus
is what 54/1448 or ~3.75%
spreading interrupts via MSI-X seems nice and all, but i keep wondering
if the header field-based distribution that is (will be) done by the
NICs is putting the cart before the horse - should the NIC essentially
be telling the system the CPU on which to run the application, or should
the CPU on which the application runs be telling "networking" where it
should be happening?
rick jones
^ permalink raw reply
* Re: [patch 2/5] s2io driver updates
From: Stephen Hemminger @ 2006-04-24 17:22 UTC (permalink / raw)
To: Francois Romieu
Cc: Ananda Raju, jgarzik, netdev, leonid.grossman, ravinandan.arakali,
rapuru.sriram, alicia.pena
In-Reply-To: <20060422092802.GD26666@electric-eye.fr.zoreil.com>
On Sat, 22 Apr 2006 11:28:02 +0200
Francois Romieu <romieu@fr.zoreil.com> wrote:
> Ananda Raju <Ananda.Raju@neterion.com> :
> [...]
> > Signed-off-by: Ananda Raju <ananda.raju@neterion.com>
> > ---
> > diff -upNr perf_fixes/drivers/net/s2io.c dmesg_param_fixes/drivers/net/s2io.c
> > --- perf_fixes/drivers/net/s2io.c 2006-04-13 08:02:56.000000000 -0700
> > +++ dmesg_param_fixes/drivers/net/s2io.c 2006-04-13 09:08:22.000000000 -0700
> [...]
> > @@ -4626,6 +4633,45 @@ static int write_eeprom(nic_t * sp, int
> > return ret;
> > }
> >
> > +static void s2io_vpd_read(nic_t *nic)
> > +{
> > + u8 vpd_data[256],data;
>
> You may consider removing vpd_data from the stack and kmallocing it.
>
Since there lsvpd tool doesn't in user space, why add more kernel code
to do it? Adding more code to just print prettier console log's is bogus.
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox