Re: Benchmark: NetBSD 2.0 beats FreeBSD 5.3
Hi Robert, the benchmark you cited is for uniprocessor systems only. It says nothing about multiprocessor performance, which is what FreeBSD is aiming for. It's comparing apples with oranges. Cheers, Gerald Robert Ryan wrote: Fellow FreeBSD developers, I hate to say I told you but it was inevitable. Check this out: http://www.feyrer.de/NetBSD/gmcgarry/ As I predicted more than a year ago FreeBSD 5.3 has finally lost its only advantage: performance. NetBSD 2.0 shows that when you write code the right way and end up with SOLUTIONS AND NOT HACKS you have a system that works, and works well on all platforms. This is the consequence of a series of mistakes made by the FreeBSD developers, the most important being too arrogant and selfish to listen to Matt Dillon, the man that warned you all about this. What did he get in return? An expulsion from your gentlemen club. Poul-Henning Kamp has been using FreeBSD to push his personal agenda, with completely useless features such as GEOM and devfs, instead of concentrating on the real problem. The fact that your heavily mutexed system doesn't work and never will. Jeff Roberson's ULE is still broken but don't worry, Matt Dillon will be hacking a much better scheduler for DragonFly that you can later borrow. Mike Smith warned you about committee-designed code years ago, why don't you listen? Why do you insist on this arrogant pose and on treating potential contributors like pariahs? Why do you tolerate assholes like Dag-Erling and Poul-Henning? I hope you can learn something from the NetBSD people before it's too late for FreeBSD. They managed to do much more with less resources. You should feel ashamed of yourselves. Sincerely, Robert PS: if I've offended anyone (yeah, I singled a few out) , prove me wrong, but spare me your insultedness. It's become a pathetic hobby in -core. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Benchmark: NetBSD 2.0 beats FreeBSD 5.3
--- Gerald Heinig [EMAIL PROTECTED] wrote: Hi Robert, the benchmark you cited is for uniprocessor systems only. It says nothing about multiprocessor performance, which is what FreeBSD is aiming for. Doesn't the (ULE) scheduler have a switch to ensure that performance is optimal on a uniprocessor machine too? It's comparing apples with oranges. Cheers, Gerald Netbsd works for upto 4 processors. So you should be able to run the same tests on a quad-processor SMP machine. regards -kamal Robert Ryan wrote: Fellow FreeBSD developers, I hate to say I told you but it was inevitable. Check this out: http://www.feyrer.de/NetBSD/gmcgarry/ As I predicted more than a year ago FreeBSD 5.3 has finally lost its only advantage: performance. NetBSD 2.0 shows that when you write code the right way and end up with SOLUTIONS AND NOT HACKS you have a system that works, and works well on all platforms. This is the consequence of a series of mistakes made by the FreeBSD developers, the most important being too arrogant and selfish to listen to Matt Dillon, the man that warned you all about this. What did he get in return? An expulsion from your gentlemen club. Poul-Henning Kamp has been using FreeBSD to push his personal agenda, with completely useless features such as GEOM and devfs, instead of concentrating on the real problem. The fact that your heavily mutexed system doesn't work and never will. Jeff Roberson's ULE is still broken but don't worry, Matt Dillon will be hacking a much better scheduler for DragonFly that you can later borrow. Mike Smith warned you about committee-designed code years ago, why don't you listen? Why do you insist on this arrogant pose and on treating potential contributors like pariahs? Why do you tolerate assholes like Dag-Erling and Poul-Henning? I hope you can learn something from the NetBSD people before it's too late for FreeBSD. They managed to do much more with less resources. You should feel ashamed of yourselves. Sincerely, Robert PS: if I've offended anyone (yeah, I singled a few out) , prove me wrong, but spare me your insultedness. It's become a pathetic hobby in -core. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Benchmark: NetBSD 2.0 beats FreeBSD 5.3
On Fri, Jan 07, 2005 at 01:10:04AM -0800, Kamal R. Prasad wrote: Hi Robert, the benchmark you cited is for uniprocessor systems only. It says nothing about multiprocessor performance, which is what FreeBSD is aiming for. Doesn't the (ULE) scheduler have a switch to ensure that performance is optimal on a uniprocessor machine too? I don't know, but if it did that would only affect scheduling, and only in the ULE case at that. ULE was broken in 5.3-RELEASE. I don't really think that this benchmark is bad news for either OS. My only real concern are the process creation/termination results on FreeBSD. Ceri -- Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.-- Einstein (attrib.) pgpfk1wiMTbRi.pgp Description: PGP signature
Re: Benchmark: NetBSD 2.0 beats FreeBSD 5.3
Hi Kamal, I don't know about any switches for ULE. My point is that it's not particularly meaningful to compare a system that's built for SMP to one that isn't. There have been a number of tests (sorry, don't have time to dig them all out) of systems with MP locks against systems without on a uniprocessor machine. The systems with MP locks were all slower. I remember a test done with Linux (2.4 IIRC) compiled with MP support and without; there were significant differences. Tests with Solaris x86 against Linux on a 1-processor machine also showed Solaris performing poorly. Use a proper MP box (proper meaning = 4 CPUs) and the picture usually changes. I'd be interested to see the same test done on a 4 CPU box. Cheers, Gerald Kamal R. Prasad wrote: --- Gerald Heinig [EMAIL PROTECTED] wrote: Hi Robert, the benchmark you cited is for uniprocessor systems only. It says nothing about multiprocessor performance, which is what FreeBSD is aiming for. Doesn't the (ULE) scheduler have a switch to ensure that performance is optimal on a uniprocessor machine too? It's comparing apples with oranges. Cheers, Gerald Netbsd works for upto 4 processors. So you should be able to run the same tests on a quad-processor SMP machine. regards -kamal Robert Ryan wrote: Fellow FreeBSD developers, I hate to say I told you but it was inevitable. Check this out: http://www.feyrer.de/NetBSD/gmcgarry/ As I predicted more than a year ago FreeBSD 5.3 has finally lost its only advantage: performance. NetBSD 2.0 shows that when you write code the right way and end up with SOLUTIONS AND NOT HACKS you have a system that works, and works well on all platforms. This is the consequence of a series of mistakes made by the FreeBSD developers, the most important being too arrogant and selfish to listen to Matt Dillon, the man that warned you all about this. What did he get in return? An expulsion from your gentlemen club. Poul-Henning Kamp has been using FreeBSD to push his personal agenda, with completely useless features such as GEOM and devfs, instead of concentrating on the real problem. The fact that your heavily mutexed system doesn't work and never will. Jeff Roberson's ULE is still broken but don't worry, Matt Dillon will be hacking a much better scheduler for DragonFly that you can later borrow. Mike Smith warned you about committee-designed code years ago, why don't you listen? Why do you insist on this arrogant pose and on treating potential contributors like pariahs? Why do you tolerate assholes like Dag-Erling and Poul-Henning? I hope you can learn something from the NetBSD people before it's too late for FreeBSD. They managed to do much more with less resources. You should feel ashamed of yourselves. Sincerely, Robert PS: if I've offended anyone (yeah, I singled a few out) , prove me wrong, but spare me your insultedness. It's become a pathetic hobby in -core. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Benchmark: NetBSD 2.0 beats FreeBSD 5.3
Am Freitag, 7. Januar 2005 09:58 schrieb Gerald Heinig: Hi Robert, the benchmark you cited is for uniprocessor systems only. It says nothing about multiprocessor performance, which is what FreeBSD is aiming for. It's comparing apples with oranges. No, many users, me included, only run FreeBSD on UP systems. Do I have to switch to (Net|Open|DragonFly)BSD because FreeBSD is now only targeted to MP? I do not think so, and thats why this benchmark does compare apples with apples, but these are microbenchmarks, and more complex tasks may show completely different results. I am also missing results with Linux (and other BSD's), which may better show our (FreeBSD's) position. Regards -- /\/\ichael Ranner [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] - BSD Usergroup Austria - http://www.bugat.at/ -BEGIN GEEK CODE BLOCK- GIT/CS/AT dx(-) s+:(++:) a- C++ UBLVS$ P+$ L-(+)$ E--- W+++$ N+(++) o-- K- w--()$ O-(--) M@ V-(--) PS+++ PE(-) Y+ PGP(-) t+ 5+ X+++() R* tv++ b+(++) DI++ D-(--) G- e h--(*) r++ y? --END GEEK CODE BLOCK-- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Benchmark: NetBSD 2.0 beats FreeBSD 5.3
On Fri, Jan 07, 2005 at 09:21:10AM +, Ceri Davies wrote: I don't really think that this benchmark is bad news for either OS. My only real concern are the process creation/termination results on FreeBSD. I guess that this might worth investigating: http://people.freebsd.org/~das/pbench/pbench.html (Unfortuantelly, neither tjr@ nor I have touched our patchsets recently. A most recent snapshot of the two patchsets are here: http://research.delphij.net/freebsd/pid.diff http://research.delphij.net/freebsd/pid-tjr.diff) Most of the work was to catch up with Aug 2004's -CURRENT, but it might be easier to bring them up-to-date instead of working from the very original patches =-) Cheers, -- Xin LI delphij frontfree net http://www.delphij.net/ See complete headers for GPG key and other information. pgpg2SjvtRj9q.pgp Description: PGP signature
Re: Benchmark: NetBSD 2.0 beats FreeBSD 5.3
On Fri, 7 Jan 2005 20:40, Xin LI wrote: On Fri, Jan 07, 2005 at 09:21:10AM +, Ceri Davies wrote: I don't really think that this benchmark is bad news for either OS. My only real concern are the process creation/termination results on FreeBSD. I guess that this might worth investigating: http://people.freebsd.org/~das/pbench/pbench.html It's nice to see constructive info amidst the flamage :) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpJdURzpbPaO.pgp Description: PGP signature
Re: sk0: discard oversize frame (ether type ....) [SOLVED]
The upgrade to 5-CURRENT did it. sk0 now works fine ! On 5 Jan 2005 at 11:14, Bjoern A. Zeeb bzeeb-lists wrote: Doing it right now!! Thanks, -- //| //|| // | // || -//--//---|| ARIO LOBO // //|| - [EMAIL PROTECTED] http://www.ipad.com.br On 5 Jan 2005 at 12:58, Bjoern A. Zeeb wrote: please update to RELENG_5; it's fixed there already:) -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- //| //|| // | // || -//--//---|| ARIO LOBO // //|| - [EMAIL PROTECTED] http://www.ipad.com.br ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
netstat odd behavior
Hello; On all installations of FreeBSD I´ve ever done in the past, netstat -an displays LISTENing servers and any tcp connection in any state. On the 5.3 I have installed here ( updated to RELENG_5_3 + build/installworld ), this command only shows only this; Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp4 0 0 *.514 *.* Active UNIX domain sockets Address Type Recv-Q Send-QInode Conn Refs Nextref Addr c38d01a4 stream 0 0 c3de8738000 /db/mysql/mysql.sock c38d1000 stream 0 0 c3883c60000 /var/run/devd.pipe c38d0ec4 dgram 0 0 c3883210000 /var/run/log I have ssh, sendmail, ftpd and mysql daemons running, LISTENing and WORKING. Would anybody know why they are not showing on the output of netstat? Thanks, -- //| //|| // | // || -//--//---|| ARIO LOBO // //|| - [EMAIL PROTECTED] http://www.ipad.com.br ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: netstat odd behavior
[EMAIL PROTECTED] wrote: On all installations of FreeBSD I?ve ever done in the past, netstat -an displays LISTENing servers and any tcp connection in any state. On the 5.3 I have installed here ( updated to RELENG_5_3 + build/installworld ), this command only shows only this; [ no tcp servers ] I had the same problem, updating to RELENG_5 fixed it for me. Simon pgpJ99d7yEES8.pgp Description: PGP signature
Re: GNUstep and libkvm
On Thu, Jan 06, 2005 at 06:21:54PM -0800, Pascal Hofstee wrote: I guess to sum it all up it all boils down to the following question. Is it intended that kvm_getargv() apparently has a conditional under which it depends on the existince of a working /proc .. even though the manpage states this condition is only present for kvm_getenvv ? And if kvm_getargv should not depend on /proc ... how can we go about to fixing this as this is apprently only the case for short commandlines in our current implementation. iirc, kvm_getargv() can (and does first) use a sysctl to retrieve it's data. kvm_getenvv() requires procfs because /proc/pid/mem is currently the more simpler to read a virtual memory address in the context of the process. We are looking at implementing a similar mechanism to the argv ps_strings for process environment to get rid of the procfs requirement. pjd has some work done on this but it has not been committed yet. Hope this answers your question. Regards Christian S.J. Peron ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
ALTQ support in vr(4)?
Hello, I've noticed a discrepancy between the ALTQ manpage and the release notes (both in 5.3): altq(4) says: SUPPORTED DEVICES The driver modifications described in altq(9) and required to use a certain network card with ALTQ have been applied to the following hardware drivers an(4), ath(4), awi(4), bfe(4), dc(4), em(4), fxp(4), hme(4), lnc(4), wi(4), de(4), rl(4), sis(4), vr(4) ! and xl(4). Whereas http://www.freebsd.org/releases/5.3R/relnotes-i386.html says: The ALTQ framework has been imported from a KAME snapshot as of 7 June 2004. This import breaks ABI compatibility of struct ifnet and requires all network drives to be recompiled. Additionally, some of the networking drivers have been modified to support the ALTQ framework. Updated drivers are bfe(4), em(4), fxp(4), em(4), lnc(4), tun(4), de(4), rl(4), sis(4), and xl(4). Which list is correct? What should I look for in the driver source? Btw, em(4) is mentioned twice in the release notes ... hme(4)? BR, Olof -- | Olof Samuelsson - [EMAIL PROTECTED] | | olof s12345678n - private mail | ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: netstat odd behavior
Tried that before posting. this is what I get Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp4 0 0 *.514 *.* On 7 Jan 2005 at 10:56, Jose Hidalgo Herrera wrote: What about netstat -anf inet El vie, 07-01-2005 a las 09:06 -0300, [EMAIL PROTECTED] escribió: Hello; On all installations of FreeBSD I´ve ever done in the past, netstat -an displays LISTENing servers and any tcp connection in any state. On the 5.3 I have installed here ( updated to RELENG_5_3 + build/installworld ), this command only shows only this; Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp4 0 0 *.514 *.* Active UNIX domain sockets Address Type Recv-Q Send-QInode Conn Refs Nextref Addr c38d01a4 stream 0 0 c3de8738000 /db/mysql/mysql.sock c38d1000 stream 0 0 c3883c60000 /var/run/devd.pipe c38d0ec4 dgram 0 0 c3883210000 /var/run/log I have ssh, sendmail, ftpd and mysql daemons running, LISTENing and WORKING. Would anybody know why they are not showing on the output of netstat? Thanks, -- //| //|| // | // || -//--//---|| ARIO LOBO // //|| - [EMAIL PROTECTED] http://www.ipad.com.br ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: netstat odd behavior
That´s it !! I´ve been having trouble with a sk0 gigabit ethernet and updated the kernel to 5_CURRENT to update it with jumbo frame support, But userland was updated to RELENG_5_3 only !! I knew about that but the system ran smooth after compiling the new kernel, I did not think it would make a difference. My mistake. Thanks for pointing it out, Giorgos. -- //| //|| // | // || -//--//---|| ARIO LOBO // //|| - [EMAIL PROTECTED] http://www.ipad.com.br On 7 Jan 2005 at 21:26, Giorgos Keramidas wrote: Are you sure you don't have a kernel and userland that are out of sync? You _did_ update both as the instructions in src/UPDATING suggest, right? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ALTQ support in vr(4)?
Sorry for wasting everyones bandwidth and time .. thanks to Dominic Marks I have re-read my own question and actually *read* the altq(9) manpage in addition to the altq(4) manpage... I make the conclusion that if the IFQ_* macros are used in the driver source, the driver is ALTQified. I also draw the conclusion that vr(4) supports ALTQ and will test this later this weekend. I guess that the release notes are a little wrong too. BR, Olof Olof == Olof Samuelsson [EMAIL PROTECTED] writes: Olof Hello, I've noticed a discrepancy between the ALTQ manpage and Olof the release notes (both in 5.3): Olof altq(4) says: SUPPORTED DEVICES Olof The driver modifications described in altq(9) and required Olof to use a certain network card with ALTQ have been applied Olof to the following hardware drivers an(4), ath(4), awi(4), Olof bfe(4), dc(4), em(4), fxp(4), hme(4), lnc(4), wi(4), Olof de(4), rl(4), sis(4), vr(4) ! Olof and xl(4). Olof Whereas http://www.freebsd.org/releases/5.3R/relnotes-i386.html Olof says: Olof The ALTQ framework has been imported from a KAME snapshot as of Olof 7 June Olof 2004. This import breaks ABI compatibility of struct ifnet and Olof requires all network drives to be recompiled. Additionally, Olof some of the networking drivers have been modified to Olof support the ALTQ framework. Updated drivers are bfe(4), Olof em(4), fxp(4), em(4), lnc(4), tun(4), de(4), rl(4), sis(4), Olof and xl(4). Olof Which list is correct? What should I look for in the driver Olof source? Olof Btw, em(4) is mentioned twice in the release notes ... hme(4)? Olof BR, Olof Olof -- Olof | Olof Samuelsson - [EMAIL PROTECTED] | | olof s12345678n - private Olof mail | ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: netstat odd behavior
What about netstat -anf inet El vie, 07-01-2005 a las 09:06 -0300, [EMAIL PROTECTED] escribió: Hello; On all installations of FreeBSD I´ve ever done in the past, netstat -an displays LISTENing servers and any tcp connection in any state. On the 5.3 I have installed here ( updated to RELENG_5_3 + build/installworld ), this command only shows only this; Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp4 0 0 *.514 *.* Active UNIX domain sockets Address Type Recv-Q Send-QInode Conn Refs Nextref Addr c38d01a4 stream 0 0 c3de8738000 /db/mysql/mysql.sock c38d1000 stream 0 0 c3883c60000 /var/run/devd.pipe c38d0ec4 dgram 0 0 c3883210000 /var/run/log I have ssh, sendmail, ftpd and mysql daemons running, LISTENing and WORKING. Would anybody know why they are not showing on the output of netstat? Thanks, -- Jose Hidalgo Herrera [EMAIL PROTECTED] Corp. Hostarica ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Potential user/kernel pointer bugs in FreeBSD 5.3
Hello, We recently did work with the Cqual type inference tool to identify potential user/kernel pointer bugs in FreeBSD 5.3. Our paper is available here: http://www.node99.org/projects/bsduk/ We identified 5 potential bugs which we are looking to confirm with the community. Page 10 contains an example of one such candidate. More true positives may be identified by using a machine with 10 or more gigs of RAM for inter-file analysis of the entire kernel. If interested, please email me. Best, -Sean ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Potential user/kernel pointer bugs in FreeBSD 5.3
Sean Whalen wrote: We recently did work with the Cqual type inference tool to identify potential user/kernel pointer bugs in FreeBSD 5.3. Our paper is available here: http://www.node99.org/projects/bsduk/ We identified 5 potential bugs which we are looking to confirm with the community. Page 10 contains an example of one such candidate. More true positives may be identified by using a machine with 10 or more gigs of RAM for inter-file analysis of the entire kernel. If interested, please email me. Sean, Coverity got to that particular bug first -- it was fixed as part of the FreeBSD-SA-04:17.procfs security advisory. Could you send the rest of these to [EMAIL PROTECTED] We'd like to look at them and fix any security issues before they are publicly disclosed. Thanks, Colin Percival ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Missing functionality in Blowfish for crypt(3)
I have separately posted this to freebsd-security as it seemed relevant to both lists. The blowfish crypt(3) mechanism supports the use of a cost value for password encryption. The cost value is encoded into the encrypted password that is stored in master.passwd. On OpenBSD, this cost value can be set in login.conf. FreeBSD does not currently support the cost value. The cost value is the base-2 logarithm of the number of rounds of encryption to use so rounds=1cost; This functionality can be supported through modifications to /usr/bin/passwd (which actually means a change to PAM) or through modifications to libcrypt. In order to patch /usr/bin/passwd, it must be modified to provide a specially formatted salt value for the encryption of new passwords. Specifically, $2a$COST$ must be prepended to the generated salt value. 2a is the major and minor version for blowfish/bcrypt. Again, this means changing PAM. Since passwd should not have to keep up with any formatting requirements for any libcrypt mechanism, I modified libcrypt instead. The diff is pasted below strictly for viewing, the uuencoded version is below that. In libcrypt, I use getpwuid_r(getuid(), ...) to get a pwd structure for the current user. Then, I use login_getpwclass() to return a login_cap_t structure and use login_getcapnum(...,ln_rounds,...) to grab the value for ln_rounds in login.conf. The only drawback to this approach is that it grabs the entry for the current user rather than the user whose password is being changed. Normally, root will have a higher cost value than normal users. If root changes a user's password, the password will be encrypted with a higher cost than if the user changed it themselves. This doesn't seem to be all that bad. To support this patch, /etc/login.conf must include an entry of the form :ln_rounds=10: and cap_mkdb must be run on /etc/login.conf to apply the change. This is slightly different than the way this feature is turned on in OpenBSD. The patch can be applied by: cd /usr/src patch /path/to/libcrypt.patch I have submitted a change request/PR for this so that it can be considered for commitment. At the moment, the patch is also on my website at: http://www.mccd.edu/staff/alexanders/libcrypt.patch http://www.mccd.edu/staff/alexanders/libcrypt.uu My thanks to David Magda for pointing out to me the difference between the OpenBSD and FreeBSD implementations. Enjoy. Steven [Details follow] My system is: FreeBSD kernel.wayside.com 5.3-RELEASE FreeBSD 5.3-RELEASE #6: Fri Dec 31 19:48:24 PST 2004 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/GENERIC i386 diff -c ./secure/lib/libcrypt/crypt-blowfish.c ./secure/lib/libcrypt-new/crypt-blowfish.c *** ./secure/lib/libcrypt/crypt-blowfish.c Mon Jun 2 12:17:24 2003 --- ./secure/lib/libcrypt-new/crypt-blowfish.c Fri Jan 7 19:43:31 2005 *** *** 55,60 --- 55,63 #include sys/types.h #include string.h #include pwd.h + #include libutil.h + #include login_cap.h + #include blowfish.h #include crypt.h *** *** 144,149 --- 147,157 u_int8_t csalt[BCRYPT_MAXSALT]; u_int32_t cdata[BCRYPT_BLOCKS]; static const char *magic = $2a$04$; + + struct passwd pw, *pwd; + char pwbuf[1024]; + + login_cap_t *lc; /* Defaults */ minr = 'a'; *** *** 193,198 --- 201,238 /* Discard num rounds + $ identifier */ salt += 3; + } + else + { + /* We're crypting a new password. We want to get the + ln_rounds value that is stored in login.conf + and use it to initialize the rounds value. +ln_rounds is the base 2 logarithm of the + desired rounds value. */ + + if(getpwuid_r(getuid(), pw, pwbuf, sizeof(pwbuf), pwd) == 0) + { + if( (lc = login_getpwclass(pwd)) != NULL) + { + logr = (int)login_getcapnum(lc, ln_rounds, logr, logr); + rounds = 1 logr; + if(rounds BCRYPT_MINROUNDS) + { +printf(ln_rounds in login.conf is too small\n); +return error; + } + } + else + { + printf(could not look up capability\n); + return error; + } + } + else + { + printf(Could not look up current user %d\n, getuid()); + return error; + } } begin 644 libcrypt.patch M9EF9B`M8R`N+W-E8W5R92]L:6(O;EB8W)Y'0O8W)Y'0M8FQO=V9I[EMAIL PROTECTED] M8R`N+W-E8W5R92]L:6(O;EB8W)Y'0M;F5W+V-R7!T+6)L;W=F:7-H+F,* M*BHJ(XOV5C=7)E+VQI8B]L:6)CGEP=]CGEP=UB;]W9FES:YC4UO M;B!*=6X@(#(@,3(Z,3Z,C0@,C`P,[EMAIL PROTECTED]F4O;EB+VQI8F-R M7!T+6YE=R]CGEP=UB;]W9FES:YC49R:2!*86X@(#@,3DZ-#,Z,S$@ M,C`P-0HJ*BHJ*BHJ*BHJ*BHJ*BH**BHJ(#4U+#8P(HJ*BH*+2TM(#4U+#8S M(TM+2T*(`C:6YC;'5D92`\WES+W1Y[EMAIL PROTECTED]B`@(VEN8VQU94@/'-T MFEN9RYH/@H@(-I;F-L=61E(#QP=V0N:#X**R`C:6YC;'5D92`\;EB=71I M;YH/@HK(-I;F-L=61E(#QL;V=I;E]C87`N:#X**R`*(`C:6YC;'5D92`B