Re: jail support for ping, traceroute, etc.. crude hack

[.]

 On Mon, Mar 17, 2003 at 10:06:27AM +0300, .@babolo.ru wrote:
 It is time to invent ping socket and traceroute socket
 in addition to tcp, udp, divert so on?
 
 Whilst this might seem nice, actually implementing so that it is
 both useful and safe is not easy.
 
 For a ping socket, this is reasonably easy if all you want is the
 ability to send ICMP ECHO REQUEST packets and receive any ICMP ECHO
 REPLY packets associated with previous request packets.  It's not
 totally trivial because the kernel has to keep the state for outgoing
 packets to ensure that only the correct incoming packets are
 forwarded.  (This is a security issue - you don't want somone finding
 out hosts someone outside that jail is pinging).  Remember to allow
 for multiple responses to a single request and for long delays.  You
 might also want to implement resource restrictions to prevent someone
 flooding the system with request packets.
Not so easy to do but easy understandable for me.

 A traceroute socket is harder: There's no ICMP TRACEROUTE packet.
 Instead, traceroute(8) sends outgoing IP packets with varying TTL
 sizes and monitors incoming ICMP looking for check for HOST
 UNREACHABLE - TIME EXCEEDED IN TRANSIT packets.  Again, the kernel
 would need to validate the incoming packets against outgoing packets.
traceroute socket is just a curiosity.
It seems to me better use UDP socket with some controls
and ping socket from above.
But way to obtain ping socket coupled with UDP socket
is above my brain.

Or may be more common way? Semiraw socket
for ability send some classes of IP packets
and seceive all induced ICMP
ICMP ECHO REQUEST, any UDP and other protocols
exept TCP with correct source IP address
is probably secure enough for use by root in jail.

 In both cases, you also need to work out how to handle other random
 ICMP packets that be received as a result of the outgoing packets.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: make world + kernel with gcc 3.2?

[Peter Pentchev]

On Sat, Mar 15, 2003 at 07:58:13PM +, Scott Mitchell wrote:
 On Sat, Mar 15, 2003 at 07:08:40PM +0100, Thierry Herbelot wrote:
  Le Saturday 15 March 2003 18:14, Avleen Vig a ?crit :
   I don't expect HUGE problems with making world, but am I asking for
   trouble if I make a new kernel with GCC3.2?
  
  good luck to you !
  
  just have a look at the differences in the source code between current
  and stable to enable the compilation of current with gcc3 (FriBi -Stable
  will not compile with anything other than gcc 2.95)
  
  TfH
 
 I assume the OP installed gcc3 from ports...in this case the gcc2.95 system
 compiler will still be installed as well.

True.

 I'm pretty sure that a kernel
 build will explicitly use the system compiler,

True.

 and buildworld/buildkernel
 certainly do (I believe buildworld actually builds a fresh copy of gcc2.95
 then uses that to build the rest of the system).

True.


 As Thierry says, trying to build -stable with gcc3 is probably doomed to
 failure.

Correct, but irrelevant, as shown above.  The buildworld/buildkernel
process will use the system gcc 2.95.x, and everything will go smoothly.

G'luck,
Peter

-- 
Peter Pentchev  [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence is false.


pgp0.pgp
Description: PGP signature

¶éҤسÂѧ·ÓÊÔ觷Õè¤Ø³·ÓÍÂÙèÇѹ¹Õé ¾ÃØ觹Õé¡ç¨ÐàËÁ×͹Çѹ¹Õé

[job2546]

ËÒ¡¤Ø³ÅéÁàËÅÇ·Õè¨ÐÇҧἹ ÂèÍÁá»ÅÇèҤسÇҧἹ·Õè¨ÐÅéÁàËÅÇ
   ¨ÔÁ âÃËì¹  ¹Ñ¡»ÃѪ­ÒÍѹ´Ñº 1 ¢Í§âÅ¡
  àªè¹ ¤Ø³¤Ô´ÇèÒ㹪ÕÇÔµ¹ÕéàÃÒ¤§äÁèÁÕ·Ò§ÃÇ ¤Ø³¡çä¨ÐäÁèÁÕ·Ò§ÃÇÂàÅÂ
   ËÃ×Í ¤Ø³¤Ô´ÇèÒÊÑ¡Çѹ¶Ö§©Ñ¹µéͧÃÇÂá¹èæ
¨ÔÁ âÃËì¹ ºÍ¡ÇèÒ
 ¶éҤسÂѧ·ÓÊÔ觷Õè¤Ø³·ÓÍÂÙè·Ø¡Çѹ¹Õé ÍÕ¡ 3 »Õ¢éҧ˹éÒÅͧ¤Ô´´ÙÇèÒ
¤Ø³¨ÐÁÕâÍ¡ÒÊÃÇÂä´éËÃ×ÍäÁè
  ¶éҤӵͺ¤×Í ãªè ¤Ø³¡ÓÅѧ¨ÐÃÇ ¡çÂÔ¹´Õ¡Ñº¤Ø³´éǤÃѺ¤Ø³¡ÓÅѧ¨ÐÃÇÂáÅéÇ
  áµè¶éҤӵͺ¤×Í äÁè ¤Ø³äÁèÊÒÁÒöÃÇÂä´é
¤Ø³µéͧà»ÅÕè¹ÍÐäÃÊÑ¡ÍÂèҧ㹪ÕÇÔµ¤Ø³áÅéÇ
   ¨ÔÁ âÃËì¹ ºÍ¡ÍÕ¡ÇèÒ
  ¶éҤسÂѧ·ÓÊÔ觷Õè¤Ø³·ÓÍÂÙèÇѹ¹Õé ¾ÃØ觹Õé¡ç¨ÐàËÁ×͹Çѹ¹Õé
ä»àÃ×èÍÂæäÁèÁÕ·ÕèÊÔé¹ÊØ´
ËÁÒ¤ÇÒÁÇèÒ 
-¶éÒÇѹ¹Õé¤Ø³ÂѧµéͧÇÔè§ËÒà§Ô¹ ¨èÒÂ˹ÕéµèÒ§æ
-¶éÒÇѹ¹Õé¤Ø³Âѧ¶Ù¡à¨éÒ¹Ò¡´¢Õè ãªé§Ò¹ÍÂèҧ˹ѡ
-¶éÒÇѹ¹Õé¤Ø³ÂѧËÒ·Ò§ÍÍ¡äÁèä´é
Åͧà»Ô´âÍ¡ÒÊãËéµÑÇàͧ´Ù
à»Ô´ã¨¢Í§¤Ø³ãËé¡ÇéÒ§áÅéÇà´Ô¹µÒÁàÃÒÁÒËÃ×Í»ÅèÍÂãËéâÍ¡ÒʹÕéËÅØ´ÅÍÂä» 
 
¤Ø³ÊÒÁÒöà¢éÒä»´ÙÃÒÂÅÐàÍÕ´à¾ÔèÁàµÔÁáÅСÃÍ¡¢éÍÁÙÅà¾×èÍ¢ÍÃѺ¢éÍÁÙÅàº×éͧµé¹¿ÃÕ !
ä´é·Õè 
http://www.geocities.com/thaigetrich/easywork

¢ÍÍÀÑÂËÒ¡¢éͤÇÒÁ¹Õé¶Ù¡Êè§ä»Âѧ¤Ø³â´ÂºÑ§àÍÔ­
ËÒ¡¤Ø³äÁèµéͧ¡ÒÃÃѺ¢éͤÇÒÁ¹ÕéÍÕ¡¡ÃØ³Ò mail ÁÒ·Õè
www.ecommerce.web1000.com/unsub

¶éҤسÂѧ·ÓÊÔ觷Õè¤Ø³·ÓÍÂÙèÇѹ¹Õé ¾ÃØ觹Õé¡ç¨ÐàËÁ×͹Çѹ¹Õé

[job2546]

ËÒ¡¤Ø³ÅéÁàËÅÇ·Õè¨ÐÇҧἹ ÂèÍÁá»ÅÇèҤسÇҧἹ·Õè¨ÐÅéÁàËÅÇ
   ¨ÔÁ âÃËì¹  ¹Ñ¡»ÃѪ­ÒÍѹ´Ñº 1 ¢Í§âÅ¡
  àªè¹ ¤Ø³¤Ô´ÇèÒ㹪ÕÇÔµ¹ÕéàÃÒ¤§äÁèÁÕ·Ò§ÃÇ ¤Ø³¡çä¨ÐäÁèÁÕ·Ò§ÃÇÂàÅÂ
   ËÃ×Í ¤Ø³¤Ô´ÇèÒÊÑ¡Çѹ¶Ö§©Ñ¹µéͧÃÇÂá¹èæ
¨ÔÁ âÃËì¹ ºÍ¡ÇèÒ
 ¶éҤسÂѧ·ÓÊÔ觷Õè¤Ø³·ÓÍÂÙè·Ø¡Çѹ¹Õé ÍÕ¡ 3 »Õ¢éҧ˹éÒÅͧ¤Ô´´ÙÇèÒ
¤Ø³¨ÐÁÕâÍ¡ÒÊÃÇÂä´éËÃ×ÍäÁè
  ¶éҤӵͺ¤×Í ãªè ¤Ø³¡ÓÅѧ¨ÐÃÇ ¡çÂÔ¹´Õ¡Ñº¤Ø³´éǤÃѺ¤Ø³¡ÓÅѧ¨ÐÃÇÂáÅéÇ
  áµè¶éҤӵͺ¤×Í äÁè ¤Ø³äÁèÊÒÁÒöÃÇÂä´é
¤Ø³µéͧà»ÅÕè¹ÍÐäÃÊÑ¡ÍÂèҧ㹪ÕÇÔµ¤Ø³áÅéÇ
   ¨ÔÁ âÃËì¹ ºÍ¡ÍÕ¡ÇèÒ
  ¶éҤسÂѧ·ÓÊÔ觷Õè¤Ø³·ÓÍÂÙèÇѹ¹Õé ¾ÃØ觹Õé¡ç¨ÐàËÁ×͹Çѹ¹Õé
ä»àÃ×èÍÂæäÁèÁÕ·ÕèÊÔé¹ÊØ´
ËÁÒ¤ÇÒÁÇèÒ 
-¶éÒÇѹ¹Õé¤Ø³ÂѧµéͧÇÔè§ËÒà§Ô¹ ¨èÒÂ˹ÕéµèÒ§æ
-¶éÒÇѹ¹Õé¤Ø³Âѧ¶Ù¡à¨éÒ¹Ò¡´¢Õè ãªé§Ò¹ÍÂèҧ˹ѡ
-¶éÒÇѹ¹Õé¤Ø³ÂѧËÒ·Ò§ÍÍ¡äÁèä´é
Åͧà»Ô´âÍ¡ÒÊãËéµÑÇàͧ´Ù
à»Ô´ã¨¢Í§¤Ø³ãËé¡ÇéÒ§áÅéÇà´Ô¹µÒÁàÃÒÁÒËÃ×Í»ÅèÍÂãËéâÍ¡ÒʹÕéËÅØ´ÅÍÂä» 
 
¤Ø³ÊÒÁÒöà¢éÒä»´ÙÃÒÂÅÐàÍÕ´à¾ÔèÁàµÔÁáÅСÃÍ¡¢éÍÁÙÅà¾×èÍ¢ÍÃѺ¢éÍÁÙÅàº×éͧµé¹¿ÃÕ !
ä´é·Õè 
http://www.geocities.com/thaigetrich/easywork

¢ÍÍÀÑÂËÒ¡¢éͤÇÒÁ¹Õé¶Ù¡Êè§ä»Âѧ¤Ø³â´ÂºÑ§àÍÔ­
ËÒ¡¤Ø³äÁèµéͧ¡ÒÃÃѺ¢éͤÇÒÁ¹ÕéÍÕ¡¡ÃØ³Ò mail ÁÒ·Õè
www.ecommerce.web1000.com/unsub

Re: fgdg

[Roman Kurakin]

Hi,
Joerg Micheel wrote:
On Mon, Mar 17, 2003 at 12:39:22PM +0300, sergej wrote:
 

mozno li ustanovit% odnovremenno na odin disk:
unix i windows, i kak jto sdelat%!
I think it would be better if you will ask questions in English.

Get yourself a copy of the Complete FreeBSD by Greg Lehey,
which covers this subject very well. This question also belongs
to freebsd-questions, not -hackers.
In short, the configuration option is there with FreeBSD as
delivered, but you need to take care on making the right steps
at the right time. Starting off with BSD first is the better
way to proceed, adding Windows later.
If you setup at first FreeBSD and then add Windows you will lose 
FreeBSD's boot loader.
And you will have to reinstall bootloader.

You also could meet other problems. If your set incorrect (from 
FreeBSD's point of view)
geometry for you hard disk and install freebsd 5.0 after Windows 2000, 
freebsd will
fix windows partition entry and any reinstalletions or fix procedures 
of Windows
will lead to nothing. Probably some last versions from 4.x branch have 
the same
features, but the last 4.x version I worked with at home was 4.3.

PS.
I don't know if this bug was fixed in current versions. I am almost sure 
that it is not.

Best regards,
   Roman Kurakin
	Joerg
 







To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

vidcontrol(1) FreeBSD 5.0 on Laptop (fwd)

[Shane Kinney]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

I posted this earlier to the [EMAIL PROTECTED] list and
didn't seem to get any responces.  Perhaps some of you might know the
answer?

I have searched for this on google (web/groups) and in the FreeBSD
Mailing list archives.  There seems to be no such answer or even a
similar problem.

- -- Forwarded message --
Date: Mon, 17 Mar 2003 11:32:15 -0600 (CST)
From: Shane Kinney [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: vidcontrol(1) FreeBSD 5.0 on Laptop

I just encountered a very strange problem with my notebook thats running
5.0-RELEASE and XFree86.

Normally the regular color of the plain VT is a black background with a
white forground.  I have been running XFree86 on the laptop for about a
month now.  Every now and then when I close the laptop lid while XFree86 is
still running, when I re-open the lid the screen is black and in some
kinda suspend mode.  The only reason I tell you this, is because I have
been running FreeBSD on this laptop for 2.5 years without X and its
never had a problem, now all of a sudden the vitrual terminal (not
xterm) colors are outta wack.  On a side-note, XFree86 still works just
as good as it did before this all happened.

Anyway, I was meaning to disable the suspend feature in the BIOS.  But the
last time it went into the suspend, I rebooted the box, and when it started
back up the background of the VT is blue and the forground is black.

I did do this command: `vidcontrol white black`, and it stays with
the blue background and the black forground.  I also did a `vidcontrol
show`, and the output for that is also incorrect.

It's almost as if XFree86 somehow munged the original values for vidcontrol are set to.

Do any of you know where these values might be held?  Or has anyone seen
something like this before?  Does any one know how to fix this?

Thanks a ton for any help.

~Shane Kinney

Build Ramps, Not Bombs.
pgp key: http://www.freebsdhackers.net/pgp
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE+djgUIyUr/yoGQnYRAgw0AJ9ktyVOUzYFc1RJzp2SAYwrVphrcwCbBVAy
N+S7tPc6jQ4AfxZQIvf+fQ8=
=9VTE
-END PGP SIGNATURE-

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: making CVS more convenient

[Sergey Babkin]

Nate Williams wrote:
 
  That's the plan for the next stage, provided that the first stage
  goes well. I'm yet to play with CVSup and see if it can be
  integrated there (as with system()) easily without making a lot
  of changes to CVS itself. Otherwise I'm aftarid it's going to
  be a large amount of work to duplicate this functionality :-(
 
 Another choice is to have the commit be also made to the 'cache' if and
 only if the remote (master) respository has accepted the commit.
 
 That way, the commit is made in both repositories using the same
 algorithm, so in essence they should be in sync.

Yes, makes sense.
 
  Yet another idea is to be able to make local commits with committing
  them to the central remote repository later.
 
 I'd do the reverse, since the possibility of synchronization problems
 are a huge deal.  Imagine if someone 'snuck' in and made a commit in
 the master tree after your local commit was made, but before 'later'
 occurred and your cache pushed it out to the master tree.

It gets handled in the same way as now: I believe, CVS checks
whether the checked-out version matches the top of the branch,
and if it does not then it refuses to commit and requires you
to make an update. So the same thing can be done for a local branch:
check that its base version is still the top of the real branch,
and if so then commit. Otherwise require an update/merge.

 If you only allow the commit if it can occur locally, you're ensuring
 that the cache can't get out of date with local changes.  I tried
 something like the above (cause it was easier to implement), and it
 worked most of the time.  However, the times it didn't work it was a
 royal pain in the *ss to cleanup and get the original commit back out.

Maybe I just was not clear: I think that making the commits in the
local copy on the real top of the tree is a quite bad idea. All
I want to get is some temporary versioned storage to play around
while I work on the code. After the code gets finished, it
gets committed to the master repository just as it committed gets now.
 

  Now I have to use RCS
  locally for the temporary in-delevopment versions of file. Would
  be nice to have a kind of a local branch which can be later committed
  as a whole - in one commit per file, or by duplicating all the
  intermediate versions with their messages.
 
 Agreed.  The downside to the above method is that it requires network
 access to make a commit.  However, it certainly simplifies the
 problem set. :) :)

Well, at least the commit would get done in one batch (of course,
unless a conflict happens).

-SB

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: making CVS more convenient

[Nate Williams]

   That's the plan for the next stage, provided that the first stage
   goes well. I'm yet to play with CVSup and see if it can be
   integrated there (as with system()) easily without making a lot
   of changes to CVS itself. Otherwise I'm aftarid it's going to
   be a large amount of work to duplicate this functionality :-(
  
  Another choice is to have the commit be also made to the 'cache' if and
  only if the remote (master) respository has accepted the commit.
  
  That way, the commit is made in both repositories using the same
  algorithm, so in essence they should be in sync.
 
 Yes, makes sense.
  
   Yet another idea is to be able to make local commits with committing
   them to the central remote repository later.
  
  I'd do the reverse, since the possibility of synchronization problems
  are a huge deal.  Imagine if someone 'snuck' in and made a commit in
  the master tree after your local commit was made, but before 'later'
  occurred and your cache pushed it out to the master tree.
 
 It gets handled in the same way as now: I believe, CVS checks
 whether the checked-out version matches the top of the branch,
 and if it does not then it refuses to commit and requires you
 to make an update. So the same thing can be done for a local branch:
 check that its base version is still the top of the real branch,
 and if so then commit. Otherwise require an update/merge.

Except that it's possible that the 'local' cache is out-of-date
w/respect to the remote repository, say if someone made a commit to it
since the last 'synchronization' of the local cache.

You don't want that commit to happen, since it should be allowed because
the file is really not up-to-date w/respect to the master.  The worst
case is the committed change would conflict with the as-yet-unseen
change on the master, so allowing the local user to commit it means that
when the 'cache' attempts to commit it later, it will fail, and the
'cache code' is required to figure out how to extract the commit from
the local cache, update the local cache, re-apply the (now conflicing)
commit back to the local cache and somehow inform the user at a later
point.

*UGH*

  If you only allow the commit if it can occur locally, you're ensuring
  that the cache can't get out of date with local changes.  I tried
  something like the above (cause it was easier to implement), and it
  worked most of the time.  However, the times it didn't work it was a
  royal pain in the *ss to cleanup and get the original commit back out.
 
 Maybe I just was not clear: I think that making the commits in the
 local copy on the real top of the tree is a quite bad idea.

I think it's a good idea *IF and only IF* the commit to the remote tree
works.  That way, the local user isn't required to re-synchronize his
cached tree agains the master tree, since their is a high liklihood that
after the commit the user will also want to continue working on the same
files.  If no re-sychronization occurs, as soon as an 'cvs update' is
done, the local cache must either re-synchronize itself (doing the exact
same work as if it just done the commit), or the newly committed change
will be reverted back out, since the local cache will now be
out-of-date.

 I want to get is some temporary versioned storage to play around
 while I work on the code. After the code gets finished, it
 gets committed to the master repository just as it committed gets now.

What happens to the local cache *right after* the commit occurs?  In
essence, it's no longer valid right after a commit, since it's now
out-of-date with the master (it doesn't include the newly committed
changes).

   Now I have to use RCS
   locally for the temporary in-delevopment versions of file. Would
   be nice to have a kind of a local branch which can be later committed
   as a whole - in one commit per file, or by duplicating all the
   intermediate versions with their messages.
  
  Agreed.  The downside to the above method is that it requires network
  access to make a commit.  However, it certainly simplifies the
  problem set. :) :)
 
 Well, at least the commit would get done in one batch (of course,
 unless a conflict happens).

Right, it's a step in the right direction.


Nate

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: making CVS more convenient

[Sergey Babkin]

Terry Lambert wrote:
 
 Sergey Babkin wrote:
  Nate Williams wrote:
 
 [ ... CVS cache and cache coherency ... ]
 
  Yet another idea is to be able to make local commits with committing
  them to the central remote repository later. Now I have to use RCS
  locally for the temporary in-delevopment versions of file. Would
  be nice to have a kind of a local branch which can be later committed
  as a whole - in one commit per file, or by duplicating all the
  intermediate versions with their messages.
 
 Not really possible, without CVSup coming onto a vendor branch instead

Actually, I was thinking of the opposite: doing all the changes
on a vendor branch (or in some separate local repository altogether),
then merging them into the main branch. Think of the following
sequence that can be used now:

cvs co
rcs ci # save the baseline
#... some modifications done
rcs ci
#... more modifications
rcs ci
# then someone committed another change to the repository and we want
# to merge that change in
cvs update
# do the manual merge if neccessary
rcs ci # save the merged version
#... more modifications
rcs ci
# OK, let's suppose that our changes are finally complete, and nobody
# else has committed any other changes in between
cvs ci

So pretty much all I want is to make this procedure a bit more
convenient, able to handle whole subdirectories as opposed
to separate files.

As a model consider this: suppose we build a separate copy of the CVS
binary, called mycvs that has the following differences from 
the normal CVS:

1. Instead of the variable CVSROOT it uses MYCVSROOT
2. Instead of the metadata subdirectory name CVS it uses the name MYCVS
3. It never touches any of the keywords (such as $Id etc.)
4. When asked to add a file, it automatically creates the whole
path of intermediate directories for it. (How does it know where 
the checked-out tree starts ? There are many more or less 
obvious and convenient ways to do that, so let's leave this issue 
alone for now).

Then in the example above you can do

export MYCVSROOT=~/tmp/cvsroot
mycvs init

And do everyhing as in the previous example, only replacing rcs
with mycvs (and obviously you wold need to do mycvs add before
the fiest mycvs ci).

 of verbatim copying of the repository.
 
 Incoherent:
 
 ,---.   ,---.
 | Main  | cvsup ---| Cache |
 | Repo  |   | Repo  |
 `---'   `---'
 ^   |
 |cvs co
  cvs ci |
 |   V
 |   ,---.
 |   | Work  |
 `---| Copy  |
 `---'

Why is it incoherent ? CVS checks that the version obtained by cvs co
and then modified is still the top of the tree. If it's not, 
it will refuse to commit and will request you to do an update.

-SB

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: making CVS more convenient

[Sergey Babkin]

Nate Williams wrote:
 
  It gets handled in the same way as now: I believe, CVS checks
  whether the checked-out version matches the top of the branch,
  and if it does not then it refuses to commit and requires you
  to make an update. So the same thing can be done for a local branch:
  check that its base version is still the top of the real branch,
  and if so then commit. Otherwise require an update/merge.
 
 Except that it's possible that the 'local' cache is out-of-date
 w/respect to the remote repository, say if someone made a commit to it
 since the last 'synchronization' of the local cache.
 
 You don't want that commit to happen, since it should be allowed because
 the file is really not up-to-date w/respect to the master.  The worst
 case is the committed change would conflict with the as-yet-unseen
 change on the master, so allowing the local user to commit it means that
 when the 'cache' attempts to commit it later, it will fail, and the
 'cache code' is required to figure out how to extract the commit from
 the local cache, update the local cache, re-apply the (now conflicing)
 commit back to the local cache and somehow inform the user at a later
 point.
 
 *UGH*

Yes, this is way too complicated and error-prone. This is why I don't 
want to change the cache without changing the master in the same way
first.
 
   If you only allow the commit if it can occur locally, you're ensuring
   that the cache can't get out of date with local changes.  I tried
   something like the above (cause it was easier to implement), and it
   worked most of the time.  However, the times it didn't work it was a
   royal pain in the *ss to cleanup and get the original commit back out.
 
  Maybe I just was not clear: I think that making the commits in the
  local copy on the real top of the tree is a quite bad idea.
 
 I think it's a good idea *IF and only IF* the commit to the remote tree
 works.  That way, the local user isn't required to re-synchronize his
 cached tree agains the master tree, since their is a high liklihood that

Agreed. So the commit would essentially work as a commit plus
resynchronization of a subset of files in the cache.

-SB

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: making CVS more convenient

[Nate Williams]

   It gets handled in the same way as now: I believe, CVS checks
   whether the checked-out version matches the top of the branch,
   and if it does not then it refuses to commit and requires you
   to make an update. So the same thing can be done for a local branch:
   check that its base version is still the top of the real branch,
   and if so then commit. Otherwise require an update/merge.
  
  Except that it's possible that the 'local' cache is out-of-date
  w/respect to the remote repository, say if someone made a commit to it
  since the last 'synchronization' of the local cache.
  
  You don't want that commit to happen, since it should be allowed because
  the file is really not up-to-date w/respect to the master.  The worst
  case is the committed change would conflict with the as-yet-unseen
  change on the master, so allowing the local user to commit it means that
  when the 'cache' attempts to commit it later, it will fail, and the
  'cache code' is required to figure out how to extract the commit from
  the local cache, update the local cache, re-apply the (now conflicing)
  commit back to the local cache and somehow inform the user at a later
  point.
  
  *UGH*
 
 Yes, this is way too complicated and error-prone. This is why I don't 
 want to change the cache without changing the master in the same way
 first.

I think we're in *violent* agreement at this point. :)

If you only allow the commit if it can occur locally, you're ensuring
that the cache can't get out of date with local changes.  I tried
something like the above (cause it was easier to implement), and it
worked most of the time.  However, the times it didn't work it was a
royal pain in the *ss to cleanup and get the original commit back out.
  
   Maybe I just was not clear: I think that making the commits in the
   local copy on the real top of the tree is a quite bad idea.
  
  I think it's a good idea *IF and only IF* the commit to the remote tree
  works.  That way, the local user isn't required to re-synchronize his
  cached tree agains the master tree, since their is a high liklihood that
 
 Agreed. So the commit would essentially work as a commit plus
 resynchronization of a subset of files in the cache.

*grin*  I love it when a plan comes together.



Nate

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

section of source code handling reclamation of KVM

[Andrew Kinney]

Hello,

I'd like to learn more about how FreeBSD handles running out of 
KVM.  We're running a 4GB of RAM system with no swap being 
used, but we're run out of KVM and I'd like to go read through the 
code to see how this is handled so I can be on the lookout for 
potential issues that may come up.

%sysctl -a |grep kvm
vm.kvm_size: 1065353216
vm.kvm_free: 0

Could someone direct me to the section of the 4.7 source tree that 
handles additional KVM requests when vm.kvm_free=0 so I can go 
read up on the process?

Thanks in advance.

Sincerely,
Andrew Kinney
President and
Chief Technology Officer
Advantagecom Networks, Inc.
http://www.advantagecom.net


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

NFS performance tuning

[John]

Hi Folks,

   This is an open ended email with a question about how
to increase performance of a 4-stable system running in a
high-load environment. The src is current as of:

 FreeBSD 4.8-RC #1: Sun Mar 16 15:44:01


   Running top on the system:

  PID USERNAME PRI NICE  SIZERES STATETIME   WCPUCPU COMMAND
   93 root   2   0   360K   148K RUN197:27 48.49% 48.49% nfsd
   94 root   2   0   360K   148K RUN 28:36  5.71%  5.71% nfsd
   96 root   2   0   360K   148K RUN 10:37  3.66%  3.66% nfsd
   95 root   2   0   360K   148K RUN 18:34  3.27%  3.27% nfsd
   98 root   2   0   360K   148K RUN  6:25  1.03%  1.03% nfsd
   97 root   2   0   360K   148K RUN  8:17  0.83%  0.83% nfsd
 3201 admin 30   0  1908K  1056K RUN  0:00  1.19%  0.73% top
   99 root   2   0   360K   148K RUN  5:21  0.63%  0.63% nfsd
  101 root   2   0   360K   148K RUN  4:18  0.20%  0.20% nfsd

and a ps a minute or so later:

  PID  PPID   UID %CPU %MEM STAT  TIME COMMAND
   92 1 0  0.0  0.0 Is 0:00.00 nfsd: master (nfsd)
   9392 0 45.3  0.0 R199:46.61 nfsd: server (nfsd)
   9492 0  5.0  0.0 R 28:57.60 nfsd: server (nfsd)
   9592 0  2.1  0.0 R 18:48.99 nfsd: server (nfsd)
   9692 0  1.1  0.0 R 10:45.36 nfsd: server (nfsd)
   9792 0  0.3  0.0 R  8:23.25 nfsd: server (nfsd)
   9892 0  0.4  0.0 R  6:30.47 nfsd: server (nfsd)
   9992 0  0.2  0.0 R  5:25.05 nfsd: server (nfsd)
  10192 0  0.2  0.0 R  4:21.38 nfsd: server (nfsd)

The nfsd processes are almost always Runnable.

The box is an athlon MP 2200+ based system on a tyan
S2466 motherboard (http://www.tyan.com/products/html/tigermpx.html)
with only one processor currently installed, 2Gig of Ram.

The filesystem being served out lives on an Adaptec 5400S Raid controller:

aac0: Adaptec SCSI RAID 5400S port 0x1000-0x10ff mem 0xe800-0xe8001fff irq 9 at 
device 9.0 on pci0
aac0: StrongARM SA110 233MHz, 128MB cache memory, required battery present
aac0: Kernel 1.0-0, Build 5262, S/N 6b1830

aacd1: RAID 5 on aac0
aacd1: 769984MB (1576929024 sectors)

The system is located on 5 different networks: (netstat -i)

Name  Mtu   Network   AddressIpkts IerrsOpkts Oerrs  Coll
gx0   1500  Link#100:90:27:a1:5d:0b 12056041 0 14715548 0 0
gx0   1500  192.168.30192.168.30.250  12055944 - 14715450 - -
gx1   1500  Link#200:90:27:a1:44:5a  2269975 0  2753705 0 0
gx1   1500  192.168.31192.168.31.250   2269878 -  2753607 - -
fxp0  1500  Link#300:02:b3:60:b5:3a 241440300 0 246915204   946 0
fxp0  1500  10.14.2/24bb03na1a.hsr.sa 241447878 - 246924642 - -
fxp1  1500  Link#400:02:b3:4a:76:e6 117933878   706 122043638   921 0
fxp1  1500  10.14.3/24bb03na1b.hsr.sa 117939587 - 122051034 - -
fxp2  1500  Link#500:02:b3:60:a8:9d 303742731 0 310860180   901 0
fxp2  1500  10.14.4/24bb03na1c.hsr.sa 303760088 - 310879510 - -

(The gx  cards are 1000baseSX full-duplex).
(The fxp cards are 100baseTX full-duplex).

and from netstat -m:

%netstat -m
916/2512/34816 mbufs in use (current/peak/max):
894 mbufs allocated to data
22 mbufs allocated to packet headers
729/1160/8704 mbuf clusters in use (current/peak/max)
2948 Kbytes allocated to network (11% of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

and from nfsstat:

Server Info:
  Getattr   SetattrLookup  Readlink  Read WriteCreateRemove
31122 62636 600335411186827   5952269815008 90198 59781
   Rename  Link   Symlink Mkdir Rmdir   Readdir  RdirPlusAccess
22236 015  8067 1598919886248  78463316
MknodFsstatFsinfo  PathConfCommitGLeaseVacate Evict
0242190 8 0149734 0 0 0
Server Ret-Failed
591695228
Server Faults
0
Server Cache Stats:
   Inprog  Idem  Non-idemMisses
  228 1165852 686794492
Server Lease Stats:
   Leases PeakL   GLeases
0 0 0
Server Write Gathering:
 WriteOps  WriteRPC   Opsaved
   815008815008 0


The system holds alot of c and h files along with other
pretty static data.  The performance of the system is not
bad, but I'm curious about what folks might do to tune it
up some.

Anyways, comments welcome!

-john


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: making CVS more convenient

[Terry Lambert]

Sergey Babkin wrote:
 Terry Lambert wrote:
  Not really possible, without CVSup coming onto a vendor branch instead
 
 Actually, I was thinking of the opposite: doing all the changes
 on a vendor branch (or in some separate local repository altogether),
 then merging them into the main branch. Think of the following
 sequence that can be used now:

[ ... ]

 # OK, let's suppose that our changes are finally complete, and nobody
 # else has committed any other changes in between
 cvs ci

Suppose someone has?  If you are so out of touch with the net you
need a cache, you are probably going to get a conflict, because
people are tweaking things all the time, sometimes, it seems,
rearranging the deck chairs to get their name in CVS lights.  8-).


 So pretty much all I want is to make this procedure a bit more
 convenient, able to handle whole subdirectories as opposed
 to separate files.

That's reasonable, but... you're rcs ci is a killer; it assumes
a local repostory in parallel.   I guess you want a multicvs,
which does checkins remotely or locally?

If you want all of your checkins checked in, then you could do
this with a shell script wrapper that knew about link up on
your network interfaces.  Is that a possible solution for you?


 As a model consider this: suppose we build a separate copy of the CVS
 binary, called mycvs that has the following differences from
 the normal CVS:
 
 1. Instead of the variable CVSROOT it uses MYCVSROOT
 2. Instead of the metadata subdirectory name CVS it uses the name MYCVS
 3. It never touches any of the keywords (such as $Id etc.)
 4. When asked to add a file, it automatically creates the whole
 path of intermediate directories for it. (How does it know where
 the checked-out tree starts ? There are many more or less
 obvious and convenient ways to do that, so let's leave this issue
 alone for now).
 
 Then in the example above you can do
 
 export MYCVSROOT=~/tmp/cvsroot
 mycvs init
 
 And do everyhing as in the previous example, only replacing rcs
 with mycvs (and obviously you wold need to do mycvs add before
 the fiest mycvs ci).

That's actually grosser than the rcs version (IMO)...


  of verbatim copying of the repository.
 
  Incoherent:

[ ... diagram ... ]

 Why is it incoherent ? CVS checks that the version obtained by cvs co
 and then modified is still the top of the tree. If it's not,
 it will refuse to commit and will request you to do an update.

I left out the (I thought) obvious part; ket me fix it:

,---.-cvsup(1)-,---.
| Main  | cvsup(2)-| Cache |--.
| Repo  |[CONFLICT] | Repo  |   |
`---'   `---'   |
^   |   |
|cvs co |
 cvs ci(2)  | cvs ci(1)
 [CONFLICT] V   |
 cvs ci(3)   ,---.   |
|   | Work  |   |
`---| Copy  |---'
`---'

Order:
cvsup(1)
cvs co
cvs ci(1)
cvs ci(2) [CONFLICT]
[FIX] cvs ci(3)
cvsup(2) [CONFLICT]

In other words, you can't order commits with conflicts, without
going to the main repo first in call cases.  That destroys your
intended disconnected use.

The first time you get a conflict, your MYCVSROOT repository
is blown, and you won't be able to resyncronize it, without
replacing ,v and CVS/* file contents.

In other words, any time, there is a checkin to main repository
conflict, your foot goes bye bye...

Make sense?

-- Terry

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: making CVS more convenient

[Sergey Babkin]

Dag-Erling Smrgrav wrote:
 
 Sergey Babkin [EMAIL PROTECTED] writes:
  A similar thing may be achieved by checking the files out from the local
  repository and doing any modification command with option -d. But that's
  troublesome and inconvenient.
 
 Read the manual page for the shell you're using, with particular
 emphasis on the 'alias' builtin command.

I think that it's not a good solution, for several reasons:

* Using -d for an alternative repository is pretty much a dirty
trick, and undocumented one too. But the purpose itself is quite
valid, transparent, and simple and I think that it's better to make 
it obvious and easy to use than tricky. I like the principle 
simple things should be easy, complex things should be possible.

* There may be scripts that run cvs commands, which scripts absolutely
don't need to know about a cache repository underneath.

* I don't like the layers of workaround scripts built over other
workaround scripts. I think that it's something of an aftermarket
Unix syndrome: when you can trick a tool to do what you want and
wrap it into a script for the ease of use but can't change the tool 
to do what you need directly, in a simple way. The original Unix 
(both Bell Labs and BSD) was not like this: when the people made 
some useful addition, they just got it right into the base system. 
Now with open source OSes we can do the same thing and not look 
for extra pain with wrapper scripts.

* Getting the cache repository support right into CVS allows
to modify the CVS commands in future to take advantage of this
knowledge. For example, commit may not just check the 
modification date and send the file to the server if it has changed, 
but instead also compare the file with the one in the cache 
repository and send it to the server only if the file has actually
changed.

-SB

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message