NIO + UDP + Empty Packet
Hi,
I'm in a case where I have to send an empty UDP packet.
When i send datas i use: DatagramChannel.send(...)
This method is supposed to return the number of bytes sent (0 or the size of the buffer).
However when I'm sending an empty buffer, In case of both success or failure, the returned value is 0.
I can capture my empty packet, no problem, but if my socket output buffer is full, how do I know if I sent my empty datagram package or not ?
Thanks in advance.
DrClap wrote:
I don't see the problem. In one case the server received a packet, but there wasn't anything in it. In the other case the server didn't receive a packet. In both cases the server received nothing, so there is no difference between the two cases.I'm talking about UDP, not TCP, so at receiver side there is a difference between receiving an empty packet and receiving no packet at all. However, the receiver is able to receive an empty packet so there is no problem.
ejp wrote:
I can capture my empty packet, no problem, but if my socket output buffer is full, how do I know if I sent my empty datagram package or not ?You don't.The problem is in fact at the sender side. And that answer is what i was afraid of ;-)
The probability of this happening is quite thin, however in any NIO Reactor you're supposed to handle the case where you could not send the datas and send them later again.
I wonder if this problem could be considered as a lack/bug of the nio classes.
Similar Messages
-
Hello,
Ive been looking for implementation of nio udp sockets with selectors all over the internet but i didnt get much. Does anyone here know of any websites with simple examples on nio udp sockets with selectors? (server + client),
thanks.
PaulJGroups supports UDP but only old IO.
However Grizzly Messaging uses NIO UDP. [https://grizzly.dev.java.net/nonav/xref/index.html] e.g. [https://grizzly.dev.java.net/nonav/xref/com/sun/grizzly/UDPConnectorHandler.html]
I would be interested if you get UDP working over the internet. I would have thought the packet loss rate would be too high and too unpredictable to make it worth using (compared with TCP). So if you can prove me wrong please let me know! -
Unable to receive UDP broadcast packets on PPP connection
I am struggling for two days now with no success. I have two modems (do not ask, some special stuff), that uses dial up (PPP) connection. I tried this on windows XP and it works like a charm. I am sending unicast and broadcast UPD packets. If I
repeat that on Windows 7 i can send only unicast data, broadcast packets seems to be lost somewhere. I tried to use Microsoft Network Monitor and I can see that broadcasted packets are being received on my PPP connection. But after that, they are gone. Somewhere
in the kernel. I truly do not understand why. I disabled firewall, antivirus, base filtering engine, tried to log dropped packed in Windows
Filtering Platform, tried clean WIN7 machine and all that with no success.
Here is a sample packet received on interface, but it has newer reach my app:
No. Time Source Destination Protocol Length Info
1 13:20:56.093380000 192.168.1.50 192.168.1.255 UDP 49 Source port: x11 Destination port: x11
Frame 1: 49 bytes on wire (392 bits), 49 bytes captured (392 bits)
Encapsulation type: Ethernet (1)
Arrival Time: May 7, 2014 13:20:56.093380000 Central Europe Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1399461656.093380000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 49 bytes (392 bits)
Capture Length: 49 bytes (392 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:data:vssmonitoring]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: ae:4e:20:00:01:00 (ae:4e:20:00:01:00), Dst: Xerox_00:00:00 (01:00:01:00:00:00)
Destination: Xerox_00:00:00 (01:00:01:00:00:00)
Address: Xerox_00:00:00 (01:00:01:00:00:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: ae:4e:20:00:01:00 (ae:4e:20:00:01:00)
Address: ae:4e:20:00:01:00 (ae:4e:20:00:01:00)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 192.168.1.50 (192.168.1.50), Dst: 192.168.1.255 (192.168.1.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 34
Identification: 0x0032 (50)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 126
Protocol: UDP (17)
Header checksum: 0xb817 [correct]
[Good: True]
[Bad: False]
Source: 192.168.1.50 (192.168.1.50)
Destination: 192.168.1.255 (192.168.1.255)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: x11 (6001), Dst Port: x11 (6001)
Source port: x11 (6001)
Destination port: x11 (6001)
Length: 14
Checksum: 0xafd1 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Data (6 bytes)
0000 34 34 34 34 34 34 444444
Data: 343434343434
[Length: 6]
VSS-Monitoring ethernet trailer, Source Port: 127
Src Port: 127
I am running out of my ideas, if anyone could help, with any idea, please do. I am not sure if this feature is dropped in win7 or not.Hi,
From your description, you may gather the network monitor traces to ensure which part lost UDP broadcast packets.
Thank you.
Best regards,
Stevens Song
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
I'm curious as to the rationale behind having a DatagramPacket class and just using ByteBuffers for TCP connections. I can see the logic, but I'm trying to write a Java framework wrapping NIO with TCP and UDP connections. In my C++ version I have one packet class that I use for both types of connections. I'm stuck with what to implement for Java as I'm going to need two classes, NIO's DatagramPacket and a new TCPPacket. Ideally I would like both to implement an interface or derive from a parent class so I can pass them to all class methods that deal with packets, be they UDP or TCP based. But this won't work. I could wrap DatagramPacket into a new class, and have it and the TCPPacket class implement a Packet interface. But when I'm sending UDP packets I'll be creating two objects for the price of one.
Any suggestions?
ThanksRemember that in UDP case you can easily lose packets and never know. In TCP you would receive an exception, but UDP can silently discard your packages while in transit.
My point is, you probably should use a different package class for UDP anyway, maybe adding some stuff like a package ID that would enable re-sending and additional processing in order to ensure a successful communication.
If you already have this information and some procedures for retrying in your package, then I agree with the previous poster in that you can use bytebuffer for both. -
we see increasing output drops on a veth interface on a nexus 1000v.
DS-N1K-10# sh clock
Tue Apr 8 06:05:03 UTC 2014
DS-N1K-10# sh int Veth19 | incl Drops
0 Input Packet Drops 415678974 Output Packet Drops
DS-N1K-10# sh clock
Tue Apr 8 06:06:07 UTC 2014
DS-N1K-10# sh int Veth19 | incl Drops
0 Input Packet Drops 415701498 Output Packet Drops
to figure out what is dropped we used vempkt capture but we dont see packets.
Here the session output:
DS-N1K-10# module vem 3 execute vemcmd show port
LTL VSM Port Admin Link State PC-LTL SGID Vem Port Type
59 Veth19 UP UP FWD 0 0 LI-UAPP03a ethernet1
DS-N1K-10# module vem 3 execute vempkt stop
Will suspend log after next 0 entries
DS-N1K-10# module vem 3 execute vempkt clear
Cleared log
DS-N1K-10# module vem 3 execute vempkt capture drop ltl 59
Successfully set packet capture specification
DS-N1K-10# module vem 3 execute vempkt stop
Suspended log
DS-N1K-10# module vem 3 execute vempkt display detail all
Also the exported capture file is empty:
DS-N1K-10# module vem 3 execute vempkt pcap /tmp/vempkt_capture_drop.cap
Export Complete!
DS-N1K-10#
Is there a way to find out what is dropped?Hi Schade,
Given that you are not seeing any actual drops in the vempkt, it is this defect
CSCtx66382: show interface counters ( veths ) show large values.
You can view the defect with this link:
https://tools.cisco.com/bugsearch/bug/CSCtx66382
Thanks,
Joe -
My first question is. If my server is using nio datagramchanels, my client must use it too?
can i use traditional datagram socket for comunicate with a nio udp server?
I have much information on nio and tcp with examples that work. but i can't find examples of communication between client and server using nio UDP. Some page of reference or tutorial?My first question is. If my server is using nio
datagramchanels, my client must use it too?No.
can i use traditional datagram socket for comunicate
with a nio udp server?Yes.
I have much information on nio and tcp with examples
that work. but i can't find examples of
communication between client and server using nio
UDP. Some page of reference or tutorial?You haven't looked very hard. Try 'NIO UDP example' on google. -
How can i attach a user-specified header to each UDP packet?
Hello,
i have here a question about UDP:
i want to stream live-videos using UDP. To avoid/observe some possible problems that could occur (e.g. wrong packet-order, packet loss etc.) i am planning to add a header to each UDP packet with e.g. frame-nr. , frame-size, packet-nr...
Question:
1. (How) Can i control the UDP packet size in LabVIEW?
2. If possible, how can i add a user specified header to each/certain (e.g. the first or the last packet of the frame) packet?
Thanks!
WLAN
Message Edited by wlan on 01-26-2007 03:02 AMWLAN,
i just copied the help regarding the max size-terminal from the LV-help:
"max size is the maximum number of bytes to read. The default is 548. Windows If you wire a value other than 548 to this input, Windows might return an error because the function cannot read fewer bytes than are in a packet"
So, please do not change this value....
UDP creates packets from the data you transmitt. Each packet in Windows should have a size of 548 bytes or less. So this should read one whole packet at a time.... Decreasing this could lead to problems if the packet is larger.... Increasing this value changes nothing since the packets themselfs do not get larger only by trying to read more bytes..... Since you cannot alter the packetsize from LV, you shouldnt bother about that anymore.
And to add (again): UDP does not garantuee ANY correct transission. So you will never get any note if the first packet of a frame was lost. If you need some kind of garantuee for this, you have to use TCP (btw. infact, the TCP header uses 192 bytes, containing the infos like seen in the attached gif).
regards,
NorbertMessage Edited by Norbert B on 01-31-2007 11:12 AM
CEO: What exactly is stopping us from doing this?
Expert: Geometry
Marketing Manager: Just ignore it.
Attachments:
tcp_header.gif 9 KB -
Packets not getting through bm server w/nat
I have bm3.8sp1a on nw6.5sp1 doing both static & dynamic nat. No packets appear to be making it through to the private side.
The static nat mapping is to a private ip 10.0.3.21, even with filters disabled, nothing comes through.
I looked through the tids and found 10065766 which told me about the _dumpnattcp command. The file generated by this command is empty.
Nat is working for some of the static mappings I have set up. Nat implicit filtering is turned off. there are a total of 10 secondary ip addresses and 10 nat translations.
I dl'd the most recent tcp stack and it did not affect the problem. any suggestions on how to proceed are most welcome.ok here's some more info, it looks like it's working, i.e. I can see the citrix client udp 1604 packet exchange, however only one packet is sent and one received. When I do a trace from a citrix client on the local lan, the packet exchange is send/rx/send/rx i.e. 4 packets are exchanged.
>>> Alberto de_la_Torre<[email protected]> 5/3/2004 3:11:37 PM >>>
I have bm3.8sp1a on nw6.5sp1 doing both static & dynamic nat. No packets appear to be making it through to the private side.
The static nat mapping is to a private ip 10.0.3.21, even with filters disabled, nothing comes through.
I looked through the tids and found 10065766 which told me about the _dumpnattcp command. The file generated by this command is empty.
Nat is working for some of the static mappings I have set up. Nat implicit filtering is turned off. there are a total of 10 secondary ip addresses and 10 nat translations.
I dl'd the most recent tcp stack and it did not affect the problem. any suggestions on how to proceed are most welcome. -
I need to send several figues from a client to a server using Datagrams but seeing as I can't know what order the packets will arrive in how can I go about this?
Here's my solution. I used empty packets as dividers and it works. Not sure if this is good practice though. Any advice?
import javax.swing.*;
import java.net.*;
import java.io.*;
import java.awt.*;
import java.awt.event.*;
public class DatagramsLoans extends JFrame {
JTextField interestRate = new JTextField();
JTextField numberOfYears = new JTextField();
JTextField loanAmount = new JTextField();
JTextArea textArea = new JTextArea();
JButton submit = new JButton("Submit");
DatagramSocket socket;
DatagramPacket receivePacket;
DatagramPacket sendPacket;
InetAddress address;
byte[] buf = new byte[256];
public static void main(String[] agrs) {
new SocketLoans();
public DatagramsLoans() {
JPanel fieldsPanel = new JPanel();
fieldsPanel.setLayout(new GridLayout(3,3));
fieldsPanel.add(new JLabel("Anual Interest Rate"));
fieldsPanel.add(interestRate);
fieldsPanel.add(new JLabel("Number Of Years"));
fieldsPanel.add(numberOfYears);
fieldsPanel.add(new JLabel("Loan Amount"));
fieldsPanel.add(loanAmount);
JPanel topPanel = new JPanel();
topPanel.setLayout(new FlowLayout());
topPanel.add(fieldsPanel);
topPanel.add(submit);
add(topPanel, BorderLayout.NORTH);
add(new JScrollPane(textArea), BorderLayout.CENTER);
submit.addActionListener(new ButtonListener());
setTitle("Loans Client");
setVisible(true);
setSize(400, 400);
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
try {
address = InetAddress.getByName("localhost");
socket = new DatagramSocket();
receivePacket = new DatagramPacket(buf, buf.length);
sendPacket = new DatagramPacket(buf, buf.length, address, 8000);
catch(IOException ex) {
textArea.append(ex.toString()+ '\n');
class ButtonListener implements ActionListener {
public void actionPerformed(ActionEvent e) {
try {
double rate = Double.parseDouble(interestRate.getText().trim());
int years = Integer.parseInt(numberOfYears.getText().trim());
double amount = Double.parseDouble(loanAmount.getText().trim());
sendPacket.setData(new Double(rate).toString().getBytes());
socket.send(sendPacket);
socket.receive(receivePacket);
sendPacket.setData(new Integer(years).toString().getBytes());
socket.send(sendPacket);
socket.receive(receivePacket);
sendPacket.setData(new Double(amount).toString().getBytes());
socket.send(sendPacket);
socket.receive(receivePacket);
double monthlyRepayment = Double.parseDouble(new String(buf).trim());
socket.send(sendPacket);
socket.receive(receivePacket);
double totalAmount = Double.parseDouble(new String(buf).trim());
textArea.append("Monthly Repayment = " + monthlyRepayment + '\n');
textArea.append("Total Amount = " + totalAmount + '\n');
} catch(IOException ex) {
import javax.swing.*;
import java.awt.*;
import java.net.*;
import java.io.*;
import java.util.*;
public class DatagramsLoansServer extends JFrame{
JTextArea jta = new JTextArea();
byte[] buf = new byte[256];
public static void main(String[] agrs) {
new SocketLoansServer();
public DatagramsLoansServer() {
add(new JScrollPane(jta), BorderLayout.CENTER);
setVisible(true);
setSize(400, 400);
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
setTitle("Server");
try {
DatagramSocket socket = new DatagramSocket(8000);
jta.append("Server Started at " + new Date() + '\n');
DatagramPacket receivePacket = new DatagramPacket(buf, buf.length);
DatagramPacket sendPacket = new DatagramPacket(buf, buf.length);
while(true) {
socket.receive(receivePacket);
jta.append("Client Connected at " + new Date() + '\n');
double rate = Double.parseDouble(new String(buf).trim());
sendPacket.setAddress(receivePacket.getAddress());
sendPacket.setPort(receivePacket.getPort());
socket.send(sendPacket);
socket.receive(receivePacket);
int years = Integer.parseInt(new String(buf).trim());
socket.send(sendPacket);
socket.receive(receivePacket);
double loan = Double.parseDouble(new String(buf).trim());
double monthlyPayment = loan * (rate / 1200) / (1 - (Math.pow(1 / (1 + (rate / 1200)), years * 12)));
double totalPayment = monthlyPayment * years * 12;
sendPacket.setData(new Double((int)(monthlyPayment * 100) / 100.00).toString().getBytes());
socket.send(sendPacket);
socket.receive(receivePacket);
sendPacket.setData(new Double((int)(totalPayment * 100) / 100.00).toString().getBytes());
socket.send(sendPacket);
} catch(IOException ex){
System.err.println(ex);
}Alyosha3 wrote:
This was originally TCP, but for an exercise(i'm working from a book) it wants me to re-write it for UDP. So there is no obvious straight forward way to handle this? I would have to program some quite elaborate acknowledgement/retransmit protocol? Which of course if i'm using UDP seems pretty much like i'd end up with the same problem. Unless I use TCP for it in which case it defeats the point.
It is odd how my solution seems to work so flawlessly though.If you want to use UDP but you want all the reliability of TCP
you would have to implement your own error detection and recovery logic on top of UDP
(search for Automatic Repeat-reQuest).
And OFC you would want to send data in chunks not much larger than 500 bytes. -
Default class map is dropping all Packets
Hello I have a Cisco 871 router that used to have Access list based security. now I am trying the ZBFW for the first time. I thought I had a pretty good program until I found all my traffic was getting dropped. This is my first stab at ZBFWs and I am a bit confused esp with the default class part. Any help is greatly appreciated!!!!
The router is for my house and thus also has to have priority for gaming. I will add the gaming and voice QOS once I get it working,
Guest VLAN has access to 2 IP's in Data for printing.
Cisco871#sh run
Building configuration...
Current configuration : 8005 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
hostname Cisco871
boot-start-marker
boot-end-marker
logging buffered 4096
no logging console
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock summer-time PST recurring
crypto pki trustpoint TP-self-signed-4004039535
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4004039535
revocation-check none
rsakeypair TP-self-signed-4004039535
crypto pki certificate chain TP-self-signed-4004039535
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303034 30333935 3335301E 170D3038 30323037 30373532
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303430
33393533 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CEC2 7B89C73F AB4860EE 729C3B64 82139630 239A2301 8EA8B4C4 05505E25
B0F24E7F 26ECEC53 3E266E80 F3104F61 BDDC5592 40E12537 2262D272 08D38F8E
147F5059 7F632F5E 635B9CDF 652FFE82 C2F45C60 5F619AF0 72E640E0 E69EA9EF
41C6B06C DD8ACF4B 0A1A33CF AF3C6BFB 73AD6BE0 BD84DD7F 435BD943 0A22E0E5
F4130203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
551D1104 18301682 144C7570 696E2E44 61627567 61626F6F 732E6F72 67301F06
03551D23 04183016 801473C6 E0784818 29A89377 23A22F5E BDD430CE E282301D
0603551D 0E041604 1473C6E0 78481829 A8937723 A22F5EBD D430CEE2 82300D06
092A8648 86F70D01 01040500 03818100 299AD241 442F976F 4F030B33 C477B069
D356C518 8132E61B 1220F999 A30A4E0C D337DCE5 C408E3BC 0439BB66 543CF585
8B26AA77 91FA510B 14796239 F272A306 C942490C A44336E0 A9430B81 9FC62524
E55017FA 5C5463D7 B3492753 42315BEC 32B78F24 D10B0CA7 D1844CD5 C3E466B9
3543BD68 A4B2692D 05CBF6DC C93C8142
quit
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.5
ip dhcp excluded-address 172.16.15.1 172.16.15.5
ip dhcp excluded-address 172.16.15.14
ip dhcp excluded-address 172.16.17.1 172.16.17.5
ip dhcp excluded-address 192.168.19.1 192.168.19.5
ip dhcp pool MyNetNative
import all
network 10.0.0.0 255.255.255.248
default-router 10.0.0.1
domain-name MyNetNet.org
dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
lease 0 2
ip dhcp pool MyNetData
import all
network 172.16.15.0 255.255.255.240
dns-server 172.16.15.14 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
default-router 172.16.15.1
domain-name MyDomain.org
ip dhcp pool MyNetVoice
import all
network 172.16.17.0 255.255.255.240
dns-server 172.16.15.14
default-router 172.16.17.1
domain-name MyDomain.org
ip dhcp pool MyNetGuest
import all
network 192.168.19.0 255.255.255.240
default-router 192.168.19.1
domain-name MyNetGuest.org
dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
ip domain name MyDomain.org
ip name-server 172.16.15.14
ip name-server 4.2.2.4
ip inspect log drop-pkt
multilink bundle-name authenticated
parameter-map type inspect TCP_PARAM
parameter-map type inspect global
username MyAdmin privilege 15 secret 5 MyPassword
archive
log config
hidekeys
class-map type inspect match-all MyNetGuest-access-list
match access-group 110
class-map type inspect match-any Base-protocols
match protocol http
match protocol https
match protocol ftp
match protocol ssh
match protocol dns
match protocol ntp
match protocol ica
match protocol pptp
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all MyNetGuest-Class
match class-map MyNetGuest-access-list
match class-map Base-protocols
class-map type inspect match-all MyNetNet-access-list
match access-group 100
class-map type inspect match-any Voice-protocols
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any Extended-protocols
match protocol pop3
match protocol pop3s
match protocol imap
match protocol imaps
match protocol smtp
class-map type inspect match-all MyNetNet-Class
match class-map MyNetNet-access-list
match class-map Voice-protocols
match class-map Extended-protocols
match class-map Base-protocols
policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
policy-map type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
policy-map type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
class type inspect MyNetGuest-access-list
inspect
class class-default
policy-map type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
class type inspect MyNetGuest-Class
inspect
class class-default
policy-map type inspect MyNetNet-zone
class class-default
pass
zone security MyNetNet-zone
zone security MyNetGuest-zone
zone security MyNetWAN-zone
zone-pair security MyNetNet->MyNetGuest source MyNetNet-zone destination MyNetGuest-zone
service-policy type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
zone-pair security MyNetGuest->MyNetWAN source MyNetGuest-zone destination MyNetWAN-zone
service-policy type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
zone-pair security MyNetGuest->MyNetNet source MyNetGuest-zone destination MyNetNet-zone
service-policy type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
interface FastEthernet0
description Cisco-2849-Switch
switchport mode trunk
speed 100
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
description SBS-Server
switchport access vlan 10
spanning-tree portfast
interface FastEthernet4
description WAN
no ip address
ip mtu 1492
ip nat outside
ip virtual-reassembly
zone-member security MyNetWAN-zone
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
interface Vlan1
description MyNetNative
ip address 10.0.0.1 255.255.255.248
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
ip tcp adjust-mss 1452
interface Vlan10
description MyNetData
ip address 172.16.15.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
interface Vlan20
description MyNetVoice
ip address 172.16.17.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
interface Vlan69
description MyNetGuest
ip address 192.168.19.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetGuest-zone
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
access-list 100 remark MyNetnet
access-list 100 permit ip 10.0.0.0 0.0.0.7 any
access-list 100 permit ip 172.16.15.0 0.0.0.31 any
access-list 100 permit ip 172.16.17.0 0.0.0.15 any
access-list 110 remark MyNetGuest
access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.2
access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.3
access-list 110 deny ip 192.168.19.0 0.0.0.15 10.0.0.0 0.0.0.7
access-list 110 deny ip 192.168.19.0 0.0.0.15 172.16.15.0 0.0.0.31
access-list 110 deny ip 192.168.19.0 0.0.0.15 172.16.17.0 0.0.0.15
access-list 110 permit ip 192.168.19.0 0.0.0.15 any
control-plane
banner login ^CC
You know if you should be here or not.
if not please leave
NOW
^C
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
ntp server 172.16.15.14
webvpn cef
end
Cisco871#sh zone security
zone self
Description: System defined zone
zone MyNetNet-zone
Member Interfaces:
Vlan1
Vlan10
Vlan20
zone MyNetGuest-zone
Member Interfaces:
Vlan69
zone MyNetWAN-zone
Member Interfaces:
FastEthernet4
Cisco871#sh zone-pair security
Zone-pair name MyNetNet->MyNetGuest
Source-Zone MyNetNet-zone Destination-Zone MyNetGuest-zone
service-policy MyNetNet-zone_to_MyNetGuest-zone_policy
Zone-pair name MyNetNet->MyNetWAN
Source-Zone MyNetNet-zone Destination-Zone MyNetWAN-zone
service-policy MyNetNet-zone_to_MyNetWAN-zone_policy
Zone-pair name MyNetGuest->MyNetWAN
Source-Zone MyNetGuest-zone Destination-Zone MyNetWAN-zone
service-policy MyNetGuest-zone_to_MyNetWAN-zone_policy
Zone-pair name MyNetGuest->MyNetNet
Source-Zone MyNetGuest-zone Destination-Zone MyNetNet-zone
service-policy MyNetGuest-zone_to_MyNetNet-zone_policy
Cisco871#sh int faste4
FastEthernet4 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0016.9d29.a667 (bia 0016.9d29.a667)
Description: WAN
Internet address is 10.38.177.98/25
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:34:50, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 3 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
593096 packets input, 73090812 bytes
Received 592752 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
9940 packets output, 1016025 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Zone-pair: MyNetNet->MyNetWAN
Service-policy inspect : MyNetNet-zone_to_MyNetWAN-zone_policy
Class-map: MyNetNet-Class (match-all)
Match: class-map match-all MyNetNet-access-list
Match: access-group 100
Match: class-map match-any Voice-protocols
Match: protocol h323
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol skinny
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol sip
0 packets, 0 bytes
30 second rate 0 bps
Match: class-map match-any Extended-protocols
Match: protocol pop3
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol pop3s
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol imap
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol imaps
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol smtp
0 packets, 0 bytes
30 second rate 0 bps
Match: class-map match-any Base-protocols
Match: protocol http
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol https
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ftp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ssh
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol dns
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ntp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ica
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol pptp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol icmp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol tcp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol udp
0 packets, 0 bytes
30 second rate 0 bps
Inspect
Session creations since subsystem startup or last reset 0
Current session counts (estab/half-open/terminating) [0:0:0]
Maxever session counts (estab/half-open/terminating) [0:0:0]
Last session created never
Last statistic reset never
Last session creation rate 0
Maxever session creation rate 0
Last half-open session total 0
Class-map: class-default (match-any)
Match: any
Drop (default action)
5196 packets, 256211 bytes
Cisco871#sh log
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1745 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 1785 message lines logged
Log Buffer (4096 bytes):
001779: *Feb 15 11:00:55.979: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:61806 => 168.94.0.1:53 with ip ident 511 due to policy match failure
001780: *Feb 15 11:00:59.739: %FW-6-DROP_TCP_PKT: Dropping Other pkt 172.16.15.6:4399 => 168.94.69.30:443 due to policy match failure -- ip ident 515 tcpflags 0x7002 seq.no 974122240 ack 0
001781: *Feb 15 11:01:26.507: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:51991 => 168.94.0.1:53 with ip ident 625 due to policy match failure
001783: *Feb 15 11:01:57.891: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:64470 => 168.94.0.1:53 with ip ident 677 due to policy match failureHello Charlie,
I would recomend you to investigate a little bit more about how the ZBFW features works
Now I am going to help you on this one at least, then I will give you a few links you could use to study
We are going to study traffic from MyNetNet-zone to the MyNetWan-zone
First the zone-pair
zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
so lets go policy-map
policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
Finally to the class map
class-map type inspect match-all MyNetNet-Class
match class-map MyNetNet-access-list
match class-map Voice-protocols
match class-map Extended-protocols
match class-map Base-protocols
That keyword MATCH-ALL is the one causing the issues!!
Why?
Because you are telling the ZBFW to inspect traffic only if matches all of those class-maps so a packet will need to math the base protocols and the extended protocol and as you know that is not possible ( Just one protocol )
So here are the links
http://blogg.kvistofta.nu/cisco-ios-zone-based-policy-firewall/
https://supportforums.cisco.com/thread/2138873
http://pktmaniac.info/2011/08/zone-based-firewalls-something-to-keep-in-mind/
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
You have some work to do
Please remember to rate all the helpful posts
Julio
CCSP -
Windows TCP/IP stack and packet bursts
Hi all!
I'm trying to make a server that sends ~30 packets (tcp/ip) loaded with a little data (a long). (Streaming with dataOutputStream.writeLong())
I would really like to get those 30 Hz signals updating on the clients in a smooth fashion.
On linux/mac (on those I have tested), I receive the packets one by one. But, in Windows, I receive them as bursts 5/pause/5/pause... and so on. This is really annoying. Anyone knows what the problem might be? I suspect some tcp/ip stack in windows...
I have heard ppl streaming with 100Hz, so this might not be a problem? Or should I use UDP datagram packets instead?
Thank you!First, there is no 'problem', as none of the RFCs guarantees the kind of behaviour that you want, so you may be better off reviewing your requirement for feasibility rather than chasing some non-existent 'problem'.
Having said that, there are all kinds of TCP/IP parameters you can tune via the Windows registry:
http://technet2.microsoft.com/WindowsServer/en/Library/823ca085-8b46-4870-a83e-8032637a87c81033.mspx -
Why WRT54G ver 7 blocks all UDP broadcasts?
My WRT54G seems to be blocking all UDP broadcasts in the intranet side. Is there an option somewhere, which controls this behaviour, because I have not found one.
It does not matter, if I connect my laptop with a cable or by WLAN, no UDP broadcast packets from my server to the laptop go through.
If I connect to either one of my regular switches, UDP broadcast works perfectly.
Note that I'm not using the WAN port at all, so I would expect no filtering on the traffic.Interesting!
For sake of argument, can you try using the broadcast address of 255.255.255.255 - this is a limited (local network only) broadcast.
Can you see the MAC (layer 2/ethernet) portion with your tool?
The MAC of the destination needs to be all FFs (all ones) for broadcasts.
I am wondering if something is happening at a lower level - like in how switching is implemented in the linksys. I wonder if a linksys switch (only) also does this.
NOTE - ICMP echo (PINGS) do go through my WRV54G to specific addresses and broacdcast the x.x.x.255 addresses. -
WRT54GX2: TCP packets blocked (except SYN/SYN-ACK) to internet
I'm using WRT54GX2 with latest FW 1.01.22 and I've been running into internet connectivity with one of my laptop (Toshiba MX35-S149 using Atheros). From this laptop DNS/ping works to the internet (UDP/ICMP) but all of the TCP data packets from the internet are being blocked by the router (I think). All of the other PC's continue to work with no problem.
Rebooting the router (power cycle) causes thing to work again for this laptop but after some time (15-20 minutes or so) once again the problem comes back. I've already spent about 3 hours with support on this but no luck.
I did a packet capture on the laptop and any HTTP request show TCP SYN, SYN-ACK packets but no data packets. The laptop continues to do the retransmission. At this point I can still PING and DNS resolve any of the names.
The HTTP to the router's page (192.168.1.1) continues to work without any problem (still using the wireless NIC). Hard-wiring the laptop to router works fine.
I asked the support if I can do a packet capture on the router itself but I was told "That is not possible".
I'll add the packet capture files later today.
Any help is appreciated as I don't think I'll get any help from the tech-support.
TIA,
NavrasInteresting - I have a similar problem however I am trying to block packets going out. So you say that it allows the TCP for a little while then later it is blocked.
Why are you trying to pass TCP into the computer specifically?
Do you have a firewall on your laptop that you can check the logs off?
I have been with support for my issue which is basically the BLOCKED SERVICES options are all greyed out. I need to block udp/tcp packets from going out on exactly the same router, same firmware as yours. They just read scripts from their help desk manuals and do not really seem to understand problems that are NOT in the scripts. Too bad I was hoping after cisco took over linksys would get better at customer support, not the other way.
I saw a post previously that states that the same router DOES NOT HAVE the blocked services as a function. The manual and screen seem to indicate otherwise.
Interesting...let us know what happens.
danee -
UDP in applet? Why can't I get it to work???? How do I assign permissions?
I have signed my applet, and everything is cool, but how do I let the user allow me to open UDP datagram packets?
I have seen a whole bunch of stuff about policy files, but Sun doesn't expect the user to have to run some wierd policy tool right?? How can it happen that the user allows me to do whatever I want ... I signed my Jar, created certificate, but how do I get the policies to be sent with my Jar?? The user should only need to click once or twice to say yes I trust this applet, and I want to do whatever i want ... Why can't I open datagram sockets?
On another note, the reason I want to do this is to create a game, where I need a fast connection between players. I don't want to bounce everything through the server for obvious reasons, but I don't want to use the normal Socket either between players since that is supposed to be slower than datagram ... my plan is to use datagram sockets between players for gameplay connectivity, and ServerSocket/Socket between server and each player (for updating scores, etc, less traffic) ... is this a good plan? do I have the right idea?Why can't I open datagram sockets?1. Wrong code
2. Untrusted calling code (javascript)
3. Proxy
4. 3rd party jars not found
Do you get an exception if so what is it?
Signing applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and reply 18 for the java class file using doprivileged
Still problems?
A Full trace might help us out:
http://forum.java.sun.com/thread.jspa?threadID=656028 -
I've built an Android app using Cirrus that allows users on a LAN to chat in Morse code! - You can find it on the Android Market by searching for 'Morse Intercom'.
It works fine on my network, lots of other networks, but not on probably the most popular fast broadband fibre network in the UK
A friend of mine has let me piggyback on her network from this provider, and the problem appears to be that the UDP multicast packets RTMFP transmits just aren't being put on the wireless network. FYI the multicast address I use is IP 225.226.227.1 port 32112 .
This is probably fixable in the router, but 99.5% of users will never mess around with the router (and why should they), and if possible I would like to fix this in RTMFP.
Is it possible for me to ask RTMFP to not use UDP multicast, but instead to use UDB broadcast for discovering peers on the LAN ? The problematical router (and all others?) supports UDP broadcasting.
I tried setting 'groupspec.ipMulticastMemberUpdatesEnabled = false;' but this just stopped the app working on anything! What is the purpose of this option?
FYI:
To connect without using Cirrus server assistance I use: nc.connect("rtmfp:");
The complete function I use for setting up multicasting is:
private function setupGroup():void
// Create a new Group Specifier object
//trace("setUpGroup: groupSpec = new GroupSpecifier('myGroup/groupA')");
trace("setUpGroup: groupSpec = new GroupSpecifier('" + MY_UNIQUE_GROUP_NAME + "')");
var groupspec:GroupSpecifier = new GroupSpecifier(MY_UNIQUE_GROUP_NAME);
// Enable posting
trace("setUpGroup: groupspec.postingEnabled = true");
groupspec.postingEnabled = true;
// Specifies whether information about group membership can be exchanged on IP multicast sockets
trace("setUpGroup: groupspec.ipMulticastMemberUpdatesEnabled = true");
groupspec.ipMulticastMemberUpdatesEnabled = true;
// Causes the associated NetStream or NetGroup to join the specified IP multicast group and listen to the specified UDP port.
//trace("setUpGroup: groupspec.addIPMulticastAddress('225.225.0.1:30000')");
trace("setUpGroup: groupspec.addIPMulticastAddress('" + MY_MULTICAST_ADDRESS + "')");
groupspec.addIPMulticastAddress(MY_MULTICAST_ADDRESS);
// Constructs a NetGroup on the specified NetConnection object and joins it to the group specified by groupspec.
trace("setUpGroup: group = new NetGroup(nc,groupspec.groupspecWithAuthorizations())");
group = new NetGroup(nc,groupspec.groupspecWithAuthorizations());
// Set the NET_STATUS event listener
trace("setUpGroup: group.addEventListener(NetStatusEvent.NET_STATUS,netStatus)");
group.addEventListener(NetStatusEvent.NET_STATUS,netStatus);
In conclusion - On a LAN with up to 250 or so hosts, I can't see why RTMFP shouldn't be able to use UDP broadcasting as an alternative to UDP Multicasting. Can it, and if so how?
GrahamHere's more information...
When trying to connect with a 3rd party product, the connection request is sent out to my ISP's DNS server with details of the service ID. Of course it won't find anything there.
So then is tries to use NBNS (Netbios Naming Service) on 192.168.1.255, and still can't connect. Then comes back with a TNS error. i tried TNSPING on this address, and it doesn't find it. I have no clue where it gets this address from.
WHY WON'T IT JUST CONNECT TO THE HOST MACHINE AS DEFINED IN THE TNSNAMES FILE???
PLEASE HELP!!!!
Maybe you are looking for
-
How do I select multiple items to paste a style?
There are times when I have several paragraphs of text with a number or letter in front of strategic sections. I like to change the color of these letters or numbers, make them boldface and change them to SuperScript. Once I have the first one chan
-
Error in Smartform: No output request open.End not possible..
Hi Experts, I am getting below mentioned error while trying to execute smartform.. NO OUTPUT REQUEST OPEN..END NOT POSSIBLE.. Message no. SSFCOMPOSER154. Help me to resolve the issue.. Thanks in advance.. Hampanna Kamatar
-
Hi Everyone, I have an issue to look into. There is an Outgoing Idoc (Msg type PAYEXT and Basic Type PEXR2002). Some of the segments are missing some data and I have to find out why. In the event module configurations we have defined a Z function mod
-
Storedprocedure moving images between tables
I have two tables: Test_Base and Test_Run When a test is approved i have a stored procedure to move two columns from Test_Run to Test_Base Column 1: WriteFileLoc (varchar) Column 2: image (xml file in a byte[]) However, when i execute the following p
-
Problem using stored procedure to populate table for report
I have a report that in one instance the user wants the quantity data pulled from a smaller subset of data. My thought was to create a global temporary table and then use a stored procedure to populate this table then pass the table name in a lexical