Re: IPFW Improvements. (comments?)
On Mon, 18 Oct 1999, Jerry Bell wrote: I have a few proposed additions to IPFW that I'd like to get feedback on. The changes are mostly from my experience with other (commercial) firewalls. Change source and destination identifier in the rule processing from one IP address (or range of addresses) to an array of IP addresses (or range of IP addresses). This allows for a more manageable rulebase. ex. ipfw add pass all from 10.0.0.1/24,10.0.1.0/24 to 10.0.0.1/24,10.0.1.0/24 The real advantage is being able to do somethine like this: #!/bin/sh dnservers=10.0.0.1,10.0.0.2,10.0.0.3 smtpservers=10.0.0.4,10.0.0.5,10.0.0.6 ipfw add pass udp from any to $dnservers 53 ipfw add pass tcp from any to $smtpservers 25 ... and so on. but you need to store this somewhere.. the present system of fixed structures doesn't support this without an enormous waste of space...I'm not sure how useful it would be in practice.. It would require rewriting of large parts of the code, not to mention a complete rewrite of the interface and user program. This is the kind of thing that is easy to say to a human and a bitch to implement. A really nice feature would be remote authentication to open certain firewall rules to the source IP address. The way most other implementations work is the firewall listens on a certain port for authentication. The user telnets to that port enters a username/password and gets authenticated. This allows traffic from that users IP address to pass through certain firewall rules. IPFW already supports uid/gid checks in the rule processing. (kerberos, or some other authentication scheme may work better, since it is encrypted) A 'listener' for authentication and a way to bind the uid/gid to an IP address would be needed. Also, a ttl probably should be specified on a rule by rule basis. This can already be done with a daemon without any ipfw changes.. The daemon adds a rule to allow itself to be connected to. When it get's a successful authentication, it adds more rules to allow the successful user in. Finally, a tcp connection state table. Presently, the common method of designing IPFW rulebases is to restrict which source ip addresses and/or destination port numbers are allow to make a connection using the 'setup' flag, then allowing all tcp packets which are 'established' to pass through. In an ideal world, this works pretty well, but in reality you can't make any assumptions about the equipment you are protecting behind the firewall. The ability to squelch ALL tcp traffic which has not gone through the proper setup routine (and thus firewall examination) would be very useful. This is what NATD does to some extent.. it would be possibel to have a kernel natd in conjunction with ipfw.. patches accepted. The big problems with the state table is that it takes up a lot of cpu time and memory, especially on busy connections. This would probably best be left as a kernel mod or an additional ipfw parameter, and not the default behavoir, since it is so resource intensive. Or a daemon.. NATD anyone? I'm interested in hearing your feedback as to the viability of these changes and any comments. I am not sure who is maintaining IPFW, so I do not know if these issues have already come up. I could probably stumble through the first change (source/destination arrays), but the other two are probably beyond my abilities right now. The first is the hardest.. unless you implement it as a group of rules. I appreciate your time. Jerry [EMAIL PROTECTED] http://www.bellnetworks.net/cs To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
natd question
Hi, I want to set up a test network which (partly) mirrors our production side network. To match reality as close as possible we keep the IP addresses in the test network the same as in the production network. In order not to run around with tapes between the two networks, I would like to create the following setup: (~~) (~~) () +-+ () + + | | + + ( 130.144.120/22 ) -- | FreeBSD | -- ( 130.144.120/22 ) +(real)+ | | +(test)+ () +-+ () (~~) (~~) I envision on the FreeBSD box some kind of mapping between the real and test network's IP addresses. Something along the following lines: 130.144.120.10 - 10.0.0.10 +++-+++ ||| ||| | 130.144.120.10 | -- | FreeBSD | -- | 130.144.120.10 | || || | ||| ++ |+-+ |++ | | |--- SRC = 130.144.120.10 | DST = 10.0.0.10 | --- SRC = 10.0.0.10 DST = 130.144.120.10 --- SRC = 130.144.120.10 DST = 10.0.0.10 --- SRC = 10.0.0.10 DST = 130.144.120.10 Assuming routes are configured properly, is this possible using natd? Regards, Hans -- Hans Zuidam e-mail: [EMAIL PROTECTED] Origin, BAS/AM-CE tel. +31 40 2735569 Gebouw SK-520 fax. +31 40 2736936 Glaslaan 2 5616 LW Eindhoven To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IETF gettogether
On Mon, 18 Oct 1999, Robert Watson wrote: Can't help you with the PnP stuff, but I will be at the Washington, DC IETF meeting in November :-). Would be great to do a FreeBSD-oriented get-together... That said, people are rapidly claiming the evenings for a variety of get-togethers, so claim one soon. Okay - I don't know what other peoples plans are at this stage, but how about the Tuesday night? ALternatively, we could start a list of who is available when, and try work out the best time from that. I can do any night other than Sunday the 7th. Anyone else? -- Dr Graham WheelerE-mail: [EMAIL PROTECTED] Cequrux Technologies Phone: +27(21)423-6065/6/7 Firewalls/Virtual Private Networks Fax:+27(21)24-3656 Data/Network Security SpecialistsWWW:http://www.cequrux.com/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Size of arp database.
Hello, Is there any way to enlarge the arp database. I've got a feeling that it is limited to only 10 enteries... For me it's a bit to less. Wiktor Niesiobedzki To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Size of arp database.
In the last episode (Oct 19), Wiktor said: Is there any way to enlarge the arp database. I've got a feeling that it is limited to only 10 enteries... For me it's a bit to less. $ arp -a | wc -l 256 Maybe you only have 10 machines on your network? -- Dan Nelson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: natd question
On Tue, 19 Oct 1999, Zuidam, Hans wrote: I want to set up a test network which (partly) mirrors our production side network. To match reality as close as possible we keep the IP addresses in the test network the same as in the production network. In order not to run around with tapes between the two networks, I would like to create the following setup: ( 130.144.120/22 ) -- | FreeBSD | -- ( 130.144.120/22 ) +(real)+ | | +(test)+ Ew. There's no way the system can differentiate between the two. It'll probably scream bloody murder when the ARPs start flying. You'll generate megabytes of 'arp: 130.144.120.5 changed from XX to Y' messages. I'd suggest assigning fake addresses to to your test network's primary IPs. Once your setup is complete unplug one of the networks from the bsd box then throw all the IPs over to the real IPs. I assume the two networks don't need to talk to one another once you have the test harness set up. Doug White| FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: Search a symbol in the source tree
Thank you for your mail. -Original Message- ·ol : Darryl Okahata [EMAIL PROTECTED] ¼ : Re: Search a symbol in the source tree But, what various and interesting methods to search symbols there are ! Do people actually read what's posted here? A few days ago, I posted a detailed comparison of various packages. Go read the archives: Your mail is rather long and the conclusion is hard to grip for me. Is your point is that for grep with -R option ...with grep, you need to limit your searches. Also, "grep -R" doesn't work very well and, for global ...I've got mixed feelings about global. ... ...for best results, you have to remember to use different options when searching ... ??? Am I right ? http://www.freebsd.org/cgi/getmsg.cgi?fetch=331467+341670+/usr/local/www/db /text/1999/freebsd-hackers/19991017.freebsd-hackers Side note: Shigio Yamaguchi [EMAIL PROTECTED] has found some issues and bugs regarding GLOBAL, and so GLOBAL is not as bad as the article makes it out to be. -- Darryl Okahata [EMAIL PROTECTED] Teddy Furuya [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: natd question
On Tue, 19 Oct 1999, Zuidam, Hans wrote: I want to set up a test network which (partly) mirrors our production side network. To match reality as close as possible we keep the IP addresses in the test network the same as in the production network. In order not to run around with tapes between the two networks, I would like to create the following setup: (~~) (~~) () +-+ () + + | | + + ( 130.144.120/22 ) -- | FreeBSD | -- ( 130.144.120/22 ) +(real)+ | | +(test)+ () +-+ () (~~) (~~) You can't split 2 identical networks, with identical netmasks across 2 interfaces unless you are running some sort of BRIDGE or transparent proxy support. Even then, if you have the same IP's on both networks you will run into problems with routing and ARP entries on the FreeBSD machine. If you are looking to connect the 2 networks together, run a different ip range on the (test) network, like the 10.0.0.0 or 192.168 network. If you are not connecting to the internet then you will not need to run NATD, just make sure that the gateway address of the machines on both sides are pointing to the corresponding FreeBSD interface IP. *** Nick Rogness Shaw's Principle: System Administrator Build a system that even a fool RapidNet, INC can use, and only a fool will [EMAIL PROTECTED] want to use it. *** To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Size of arp database.
On Tue, 19 Oct 1999, Dan Nelson wrote: In the last episode (Oct 19), Wiktor said: Is there any way to enlarge the arp database. I've got a feeling that it is limited to only 10 enteries... For me it's a bit to less. $ arp -a | wc -l 256 Maybe you only have 10 machines on your network? What i tested is: root@wotan:~# arp -S pc7 00:00:E8:73:FF:FD pub delete: can't locate pc7 root@wotan:~# arp -a router (195.117.4.97) at 0:a0:c5:21:14:8 wotan.2slo.waw.pl (195.117.4.98) at 0:10:4b:36:6a:fd permanent pc2 (195.117.4.101) at 0:80:48:d7:29:be pc6 (195.117.4.105) at 52:54:0:e3:9:7a pc14 (195.117.4.113) at 0:40:f6:94:b0:ca ? (195.117.4.127) at ff:ff:ff:ff:ff:ff permanent root@wotan:~# arp -d pc7 proxy delete: can't locate pc7 root@wotan:~# arp -S pc7 00:00:E8:73:FF:FD pub delete: can't locate pc7 set: proxy entry exists for non 802 device root@wotan:~# So this entry potetnialy exist, but I'm unable to delete it... What am I doing wrong? Wiktor Niesiobedzki To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Size of arp database.
On Tue, 19 Oct 1999, Dan Nelson wrote: In the last episode (Oct 19), Wiktor said: Is there any way to enlarge the arp database. I've got a feeling that it is limited to only 10 enteries... For me it's a bit to less. $ arp -a | wc -l 256 Maybe you only have 10 machines on your network? No... the problem is, that i've got recently message: arplookup 195.117.4.106 failed: could not allocate llinfo arpresolve: can't allocate llinfo for 195.117.4.106rt when the number of running and connected machines to server reach about 10. When i tried to add manualy some entry (arp -s some.ip some:hdwr:addr) they just gone. Anyone know solution of this problem? Wiktor Niesiobedzki To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: natd question
Hi, My original question was how to connect two identical (that is: two networks using the same IP addresses) together. Both Doug White and Nick Rogness remarked something which I overlooked: arp. My initial idea was to have a daemon "in between" which would swap IP addresses. But of course you have to swap ethernet addresses too. Guess its back to the drawing board. Thanks for the quick answers! Hans -- Hans Zuidam e-mail: [EMAIL PROTECTED] Origin, BAS/AM-CE tel. +31 40 2735569 Gebouw SK-520 fax. +31 40 2736936 Glaslaan 2 5616 LW Eindhoven To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: natd question
-Original Message- From: Brian Beattie [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 19 October, 1999 19:27 How about: (~~) (~~) () +---+ +---+ () + + | | | |+ + ( 130.144.120/22 ) -- |FreeBSD| |FreeBSD| --( 130.144.120/22 ) +(real)+ | | | |+(test)+ ( ) +---+ +---+ ( ) (~~) (~~) Using 10.0.0.0 on the network in the middle That will only work if the link in the middle is a point-to-point link. Hmmm, maybe PLIP will give some reasonable performance there. The other "solution" would be to have an ARP table for each individual interface for the duplicate addresses. This would involve an extensive of the ARP code to which I'm not quite up to. Regards, Hans -- Hans Zuidam e-mail: [EMAIL PROTECTED] Origin, BAS/AM-CE tel. +31 40 2735569 Gebouw SK-520 fax. +31 40 2736936 Glaslaan 2 5616 LW Eindhoven To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: natd question
On Tue, 19 Oct 1999, Brian Beattie wrote: :On Tue, 19 Oct 1999, Nick Rogness wrote: : : On Tue, 19 Oct 1999, Zuidam, Hans wrote: : : I want to set up a test network which (partly) mirrors our production : side network. To match reality as close as possible we keep the IP : addresses in the test network the same as in the production network. In : order not to run around with tapes between the two networks, I would like : to create the following setup: : : (~~) (~~) :() +-+ () : + + | | + + : ( 130.144.120/22 ) -- | FreeBSD | -- ( 130.144.120/22 ) : +(real)+ | | +(test)+ :() +-+ () : (~~) (~~) : : : You can't split 2 identical networks, with identical : netmasks across 2 interfaces unless you are running some sort of : BRIDGE or transparent proxy support. Even then, if you have the : same IP's on both networks you will run into problems with routing : and ARP entries on the FreeBSD machine. : : If you are looking to connect the 2 networks together, run a : different ip range on the (test) network, like the 10.0.0.0 : or 192.168 network. If you are not connecting to the internet then : you will not need to run NATD, just make sure that the : gateway address of the machines on both sides are pointing to the : corresponding FreeBSD interface IP. : : : :How about: : :(~~) (~~) : () +---+ +---+ () : + + | | | |+ + : ( 130.144.120/22 ) -- |FreeBSD| |FreeBSD| --( 130.144.120/22 ) : +(real)+ | | | |+(test)+ : () +---+ +---+ () :(~~) (~~) : :Using 10.0.0.0 on the network in the middle You're going to have to work some magic even for that. You've got two boxes who both think 130.144.120/22 is a directly connected network. Routing to the other network without confusing your routers is going to be tricky, if it's even possible. Jamie Bowden -- If we've got to fight over grep, sign me up. But boggle can go. -Ted Faber (on Hasbro's request for removal of /usr/games/boggle) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Search a symbol in the source tree
Probably, my mail did not reach freebsd-hackers mailing list because of absense of inreply-to headers. So, I will resend. Message-ID: 000801bf1a44$bb587ca0$[EMAIL PROTECTED] From: "Teddy" tfuruya To: "Darryl Okahata" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Search a symbol in the source tree Date: Wed, 20 Oct 1999 00:13:10 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Thank you for your mail. -Original Message- Sender : Darryl Okahata [EMAIL PROTECTED] Subject : Re: Search a symbol in the source tree But, what various and interesting methods to search symbols there are ! Do people actually read what's posted here? A few days ago, I posted a detailed comparison of various packages. Go read the archives: Your mail is rather long and the conclusion is hard to grip for me. Is your point is that for grep with -R option ...with grep, you need to limit your searches. Also, "grep -R" doesn't work very well and, for global ...I've got mixed feelings about global. ... ...for best results, you have to remember to use different options when searching ... ??? Am I right ? http://www.freebsd.org/cgi/getmsg.cgi?fetch=331467+341670+/usr/local/www/db /text/1999/freebsd-hackers/19991017.freebsd-hackers Side note: Shigio Yamaguchi [EMAIL PROTECTED] has found some issues and bugs regarding GLOBAL, and so GLOBAL is not as bad as the article makes it out to be. -- Darryl Okahata [EMAIL PROTECTED] Teddy Furuya [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Search a symbol in the source tree
Probably, my mail did not reach freebsd-hackers mailing list because of absense of inreply-to headers. So, I will resend. Message-ID: 001301bf192c$18daa160$[EMAIL PROTECTED] From: "Teddy" tfuruya To: "Greg Lehey" [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Search a symbol in the source tree Date: Mon, 18 Oct 1999 14:45:08 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Thank you for replying to me. -Original Message- Greg Lehey [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] CC : [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Re: Search a symbol in the source tree n On 18 October 1999 at 0:39, Tetsuro Teddy FURUYA (=?iso-2022-jp?B?GyRCOEVDKxsoQiAbJEJFL086GyhC?=) [EMAIL PROTECTED] wrote: n It seems queer to me that there has been none who has refered to n find - exec n pairs. n $find . -name "*.c" -print -exec "egrep" "-i" "idt" {} \; | less n Here , "idt" is a search string. n That's because no one wants a separate invocation of egrep for n every file! ^^ Probably, except me ! And why do you want it? Do you have too much time on your hands? I think that if we do not know old-fashed methods , we can not appreciate the goodcharacteristics of the various methods such as xargs, glimpse, grep with -R option, and global. Now, I have started to use full.exe from cygnus-b20, and its grep does not have -R option. Fortunately it has xargs, so I can utilize both of xargs and find at the same time. But, at this circumstance, we have to pay attention to the fact that xargs can not work well all the time. When seeing manpage xargs(1), they say, Undefined behavior may occur if utility reads from the standard input. (I don't know there exists such a case really.) And, there might exist find -exec option in the older scripts. So, -exec option of the command find is still usefull and very important. If the user don't like the listing of the umatched file name at such circumstances, he/she might execute find like, find /usr/src/sys -name "*" -and -exec grep "-ia" idt {} \; -print | less or, find /usr/src/sys -name "*" -exec grep "-ia" idt {} \; -print | less As for me, when I began to use find at the first time, the find was rather difficult to use. But now it is amusing. Teddy Furuya [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Search a symbol in the source tree
Probably, my mail did not reach freebsd-hackers mailing list because of absense of inreply-to headers. So, I will resend. Return-Path: POPmail Delivery-Agent: @(#)$Id: local.c,v 1.54 1998/10/30 06:30:53 akira1 Exp $ on canberra Received: by j.asahi-net.or.jp (ATSON-1) ; 20 Oct 1999 01:14:43 +0900 Return-Path: [EMAIL PROTECTED] Received: from ppp142140.asahi-net.or.jp (ppp142140.asahi-net.or.jp [202.213.142.140]) by tiga.asahi-net.or.jp (8.8.8/3.7W) with ESMTP id BAA22992 for [EMAIL PROTECTED]; Wed, 20 Oct 1999 01:11:18 +0900 (JST) Received: from dilemma (tf051005.tf.or.jp [192.168.51.5]) by galois.tf.or.jp (8.9.3/3.7W-Teddy-99050304) with SMTP id AAA28922; Wed, 20 Oct 1999 00:18:03 +0900 (JST) Message-ID: 000201bf1a45$7952d340$[EMAIL PROTECTED] From: "Teddy" [EMAIL PROTECTED] To: "Brian Beattie" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Search a symbol in the source tree Date: Wed, 20 Oct 1999 00:13:58 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by tiga.asahi-net.or.jp id BAA22992 Thank you for your mail ! At last, the final resolution has arrived ! Your answer is very very elegant and splendid ! -Original Message- From : Brian Beattie [EMAIL PROTECTED] Sender : Tetsuro Teddy FURUYA [EMAIL PROTECTED] CC : [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] =93=FA=8E=9E : 1999=94N10=8C=8E19=93=FA 1:51 Subject : Re: Search a symbol in the source tree On Mon, 18 Oct 1999, Tetsuro Teddy FURUYA wrote: From: Jacques Vidrine [EMAIL PROTECTED] Subject: Re: Search a symbol in the source tree Date: Sun, 17 Oct 1999 11:37:11 -0500 n On 18 October 1999 at 0:39, Tetsuro Teddy FURUYA (=3D?iso-2022-jp?B?GyRCOEVDKxsoQiAbJEJFL086GyhC?=3D) ht5t-fry@asahi-net.= or.jp wrote: n It seems queer to me that there has been none who has refered to n find - exec n pairs. n n You may type into shell like; n $find . -name "*.c" -print -exec "egrep" "-i" "idt" {} \; | less n Here , "idt" is a search string. n n That's because no one wants a separate invocation of egrep for n every file! ^^ Probably, except me ! But, what various and interesting methods to search symbols there are = ! If we do not restrict the usage of search method, there might be yet another methods. I frequently use find - grep when looking at a novel source tree. The o= ne problem with the solution given is that if you are looking for a few instances in hundreds of files, the hits can scroll off the screen and g= et lost in the noise. My prefered approach is: find . -name "*.[c]" -exec grep string {} /dev/null \; Your idea to make grep read the dummy file /dev/null as multiple files re= ad is elegant and splendid ! Finally, find with -exec option outputs the same listing as grep with -R option and find - xargs pipeline. I have tried the bench mark test. #Script started on Tue Oct 19 23:00:15 1999 #sh-2.02$ time find /usr/src/sys -name "*" -and -exec grep "-ia" idt {} \; -print /dev/null #real 1m14.920s #user 0m16.454s #sys 0m20.259s # #sh-2.02$ time find /usr/src/sys -name "*" -exec grep "-ia" idt {} /dev/n= ull \; /dev/null #real 1m16.742s #user 0m16.289s #sys 0m20.449s # #sh-2.02$ time find /usr/src/sys -name "*" | xargs grep "-ia" idt /dev/null #real 0m44.862s #user 0m0.989s #sys 0m1.669s #sh-2.02$ exit #exit #Script done on Tue Oct 19 23:16:04 1999 @@From this result, xargs is faster as it is predicted. And the comsumed time to read /dev/null file is unexpectedly short. (the /dev/null forces grep to print the filename where a match is found, and I am an old fogey, learned grep before [ef]grep too lazy to learn better, should probably use fgrep) What I'd really like to see is a free implementation of cscope. Brian Beattie| The only problem with [EMAIL PROTECTED] | winning the rat race ... www.aracnet.com/~beattie | in the end you're still a rat Teddy Furuya [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Size of arp database.
On Tue, Oct 19, 1999 at 07:06:43PM +0200, Wiktor wrote: [...] What i tested is: root@wotan:~# arp -S pc7 00:00:E8:73:FF:FD pub delete: can't locate pc7 root@wotan:~# arp -a router (195.117.4.97) at 0:a0:c5:21:14:8 wotan.2slo.waw.pl (195.117.4.98) at 0:10:4b:36:6a:fd permanent pc2 (195.117.4.101) at 0:80:48:d7:29:be pc6 (195.117.4.105) at 52:54:0:e3:9:7a pc14 (195.117.4.113) at 0:40:f6:94:b0:ca ? (195.117.4.127) at ff:ff:ff:ff:ff:ff permanent root@wotan:~# arp -d pc7 proxy delete: can't locate pc7 root@wotan:~# arp -S pc7 00:00:E8:73:FF:FD pub delete: can't locate pc7 set: proxy entry exists for non 802 device root@wotan:~# So this entry potetnialy exist, but I'm unable to delete it... What am I doing wrong? This is because none of your ethernet interfaces matches `pc7'. 1/ What does `route -n -v get -host pc7' show? 2/ What is the IP address of `pc7'? 3/ How your ethernet interfaces (`ifconfig -l ether') are configured? PS To delete this entry, just type `route delete -host pc7'. /PS Cheers, -- Ruslan Ermilov Sysadmin and DBA of the [EMAIL PROTECTED]United Commercial Bank, [EMAIL PROTECTED] FreeBSD committer, +380.652.247.647Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
(no subject)
auth 29f5f6ed subscribe freebsd-hackers [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Class C hack instead of ifconfig aliases
Is there anyway to bind a class C to an interface without a lot of aliases? whats the downside of aliases? I have a 2.2.8 hack that does the C, but I'd like to avoid having to port it to 3.3. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: KLDs
On Mon, 18 Oct 1999, Mike Smith wrote: Is it possible to compile a kernel with no filesystems supported and have the boot loader load FFS? I have built an FFS module but I have not yet had time to test it. Frankly, I am kind of afraid to for fear of trashing my system. As long as the kernel will compile with no filesystems, it should work just fine. I expect as much, but when I tried to make an IPX KLD, it paniced the system on unload. I will test the FFS KLD soon though. Panic on unload usually means that the code in question isn't designed to unload. 8) -- \\ Give a man a fish, and you feed him for a day. \\ Mike Smith \\ Tell him he should learn how to fish himself, \\ [EMAIL PROTECTED] \\ and he'll hate you for a lifetime. \\ [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: natd question
() +---+ +---+ () + + | | | |+ + ( 130.144.120/22 ) -- |FreeBSD| |FreeBSD| --( 130.144.120/22 ) +(real)+ | | | |+(test)+ () +---+ +---+ () (~~) (~~) If the whole purpose of this is to (as stated in the original message) avoid running Sneakernet between the two networks, why not use a protocol that really doesn't care about IP addresses, network masks, etc. -- possibly UUCP... It's pretty easy to set up, and if you run it over a 115200 baud serial line, performance is quite adequate for most things, and you won't have to deal with the fact that the two nets share addressing. If you're not planning on using UUCP in common use on the final production network, the changes you'd have to make in the config files for it between the two networks wouldn't make a bit of difference once testing is done -- even if you were, the changes still shouldn't make any difference unless you intentionally tried to create problems. (mental reference to a recent thread on -security, I believe:) ) --mike To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Software release for embedded systems design.
We are pleased to offer to you a new software product, which will be of significant help in the area of logical circuit design. We have developed "ELMAS" which provides a full-featured set of development tools including a complete set of logic gates and microprocessors. To find out more about this advanced development tool for embedded systems, please visit our site at: http://www.tamik.com If you find this product useful for your company, we will be delighted to receive your comments. Sales Department Tamik Corporation = __ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Class C hack instead of ifconfig aliases
Is there anyway to bind a class C to an interface without a lot of aliases? whats the downside of aliases? I have a 2.2.8 hack that does the C, but I'd like to avoid having to port it to 3.3. What do you mean by "bind a class C"? Make an interface so it will respond to incoming requests for 10.1.2.x? ewww, yuck! Aliases are (for me, at least) a love/hate relationship. I have a few machines floating around on some of my networks that use them to get around some routing problems, and they generally work quite well for incoming connections... I imagine that FBSD probably has the same problem as Digital UNIX for outgoing connections, though Picture, if you will, the following: ed0 192.168.2.4 netmask 255.255.255.0 alias 208.132.36.131 route 192.168.2.0/24 - ed0 route 0.0.0.0/0 - gateway 208.132.36.129 Any packets sent to the gateway get 192.168.2.4 as the source, not 208.132.36.131 -- the gateway will send the packet off to the rest of the world, where it gets immediately dropped due to the "internal use only" source IP address. IMHO, it should notice that it's going to a member of the aliased network, and change the source IP to the alias address, not the "normal" 192.168.2.4 address. This can (usually) be fixed at the gateway with some fancy natd/ipfw lines, but it gets ugly... If FreeBSD does NOT have this "problem", I think we should send a copy of it off to DEC -- I'll dig up my sequence number from the problem call I placed a couple years ago regarding this :) I finally fixed it on the Alpha by purchasing another (really expensive - damn TurboChannel bus) network card to handle the 2nd IP address.. mike To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message