Re: IPSEC sucking up memory
> While investigating a problem, I noticed that the IPSEC code > is initializing the sp -- even when no one is using IPSEC. > It turns out that this really, really bloats the per socket > memory requirements, with the only real result being a lot > of extra processing that could be replaced by a pointer is > not NULL check. > It seems to me that this could be handled in the TCP, UDP, > and IP userreq code by only initializing the thing in the > case that a policy has been set. Is there some reason why > this can't be done? IPsec specification requires to consult the SPD with all of packets in order to handling the packet. it defines RFC2401. if a pointer to the entry of the SPD is NULL, it means the security policy is not defined. so the kernel consults the system wide default. it never means nothing to do. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
How broken is IBSS creation (wicontrol) these days ?
Having worked with `wicontrol` for quite some time, I am well aware that IBSS creation is currently experimental. I am wondering just how experimental it currently is. I currently have a 4.4-RELEASE machine configured as follows: `wicontrol -c 1 -p 1 -n netname -q netname -s station` When I boot machine number 2 (Linux) it does not see the FreeBSD machine, however, when I set the netname on the Linux machine to 'netname' (as above) suddenly activity lights flare up and things seem like they are going to work - the linux `iwconfig` command reports that the "access point" it is using is the MAC address of the card in the FreeBSD machine. This was very encouraging - the fact that the Linux machine sees the FreeBSD MAC as the access point, that is. However, this is as far as I have gotten. Neither machine shows anything but a zero for signal strength, and `ifconfig` on the FreeBSD host tells me that the status of wi0 is "no carrier". So, does this sound like the normal results of this experimental functionality, or are my last problems the result of a mistake on my part ? (translation, is this where it breaks for everyone, or should I keep trying to make this work) If it is indeed a mistake on my part, help is appreciated. - John Kozubik - [EMAIL PROTECTED] - http://www.kozubik.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Limiting closed port RST response
On Thu, 18 Oct 2001, Terry Lambert wrote: > The problem is what to do when you are attacked. > > You need to balance resiliance in the face of attack with the > ability to bear a legitimately high load. > > -- Terry I understand that, and can understand leaving rate limiting off on the clients so as to produce a realistic picture of how most hosts will react. What I'm not clear on is how the built-in rate limiting hurts a server under either normal conditions or while being attacked. The packets being limited are all error responses of one type or another; dropping them should not hurt clients connecting to running services. I've heard the argument that RSTs are important so that old connections are terminated when a server restarts, but I generally reject that argument based on the observation that a downed server probably takes more time to reboot than connections take to time out on their own. The one case I haven't considered much is how load-balancers react to systems behind them not returning RSTs in response to incoming packets; if this is the case you're talking about, I'd like to hear more of what happens and how we can accomidate for it better. Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
make buildworld not selfcontained?
I have a system that is built with CPUTYPE=p2 When I set CPUTYPE to pentium and do a buildworld, I cannot use the obj tree to do an installworld on a pentium system. The reason being that the tools in usr/obj/usr/src/i386 are apparently built with libraries from the p2 system. I think that is broken. The reason seems to be that xinstall is built in the bootstrap-tools: target. But because it is used later on in installworld, it seems that it should be rebuild later. There does not seem to be a real solution for this problem.. I am not sure if xinstall is needed druing a make buildworld, but if not, the most easy would be to make it only in the installworld phase. But that would break installing from readonly mounts. Adding an explicit bootstrap-tools target to Makefile might also solve it.. -Guido To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: strange network performace
> > show us the output of "ifconfig -a" on each box. > Yeah ... did you try to force media opt to 100baseTX full duplex w/ ifconfig ? I had once a lot of problems connecting 3C905 (XL) cards to 3COM switches, until i tried to force the negociation ... To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Read only file FSTAB after error config???
Dear Sir, Thank for your advice. Regards. Ahfei - Original Message - From: "Doug Barton" <[EMAIL PROTECTED]> To: "Soweb_Ahfei" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, October 22, 2001 3:34 AM Subject: Re: Read only file FSTAB after error config??? > For future reference, this belongs on freebsd-questions. > > > Soweb_Ahfei wrote: > > > > > > > > Dear Sir, > > > > We have installed the Freebsd4.32 in our server.But we can not reboot > > the system after we made an error configuration in the file > > FSTAB.Now,we can not delete or rename the error file Fstab and the > > system shown the file is read only. > > This is covered in the documentation at http://www.freebsd.org/ I > believe in the FAQ, if not there, it's in the handbook. > > Good luck, > > Doug > -- > "We will not tire, we will not falter, and we will not fail." > - George W. Bush, President of the United States > September 20, 2001 > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Read only file FSTAB after error config???
Dear Sir, Thanks for your kindly help. Best regards. Ahfei Ho - Original Message - From: "Olivier Cortes" <[EMAIL PROTECTED]> To: "Soweb_Ahfei" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, October 22, 2001 12:09 AM Subject: Re: Read only file FSTAB after error config??? > > Please post this kind of questions on the -QUESTIONS mailing list. > > when you are in single user mode, type : > # /sbin/mount / > > then / will be mounted read-write. > you can now edit /etc/fstab, or build a new one, or whatever you need > to. > > good luck, > > Olivier > > > On Sun, Oct 21, 2001 at 10:19:44PM +0800, Soweb_Ahfei wrote: > > Dear Sir, > > > > We have installed the Freebsd4.32 in our server.But we can not reboot the system after we made an error configuration in the file FSTAB.Now,we can not delete or rename the error file Fstab and the system shown the file is read only. > > > > We would not re-install the system since there are some available data.Please give us an instruction how to revise it. > > > > Thanks. > > > > Best regards. > > > > We do need your kindly help!! > > > > Ahfei Ho > > > > -- > Olivier Cortes To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Read only file FSTAB after error config???
Dear Sir, Thanks for your good instruction.We got it. Thank you very much. Ahfei Ho - Original Message - From: "Terry Lambert" <[EMAIL PROTECTED]> To: "Soweb_Ahfei" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, October 22, 2001 3:51 AM Subject: Re: Read only file FSTAB after error config??? > This belongs on -questions... > > Soweb_Ahfei wrote: > > We have installed the Freebsd4.32 in our server.But we can not > > reboot the system after we made an error configuration in the > > file FSTAB.Now,we can not delete or rename the error file Fstab > > and the system shown the file is read only. > > > > We would not re-install the system since there are some available > > data.Please give us an instruction how to revise it. > > Boot the system single user (boot -s at the boot prompt, > after hitting spacebar during the countdown). > > Remount the root partition as read/write (mount -u -o rw /, > after you get to a shell). > > Modify the fstab to correct your error; you may need to fsck > the partition where /tmp is located, if it is not /, before > you can run an editor; you will probably need to set the > terminal type, as well, unless you want to use "cat", or are > comfortable with "ed" (setenv TERM cons25). > > -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message