Re: FreeBSD and LLVM
On Tue, May 20, 2008 at 07:06:39PM +0200, Ed Schouten wrote: Hello everyone, First of all, for those of you who went to BSDCan, I hope you had a pleasant flight/trip back home. :-) On Saturday I went to the LLVM talk (see http://llvm.org/), which I really enjoyed. On Friday Remko Lodder and I already talked with him about the LLVM project. I was excited about the project, so I decided to give it a try at the office. At first I tried LLVM 2.2 with LLVM GCC4 4.2 from Ports, but it didn't work like expected. I won't go into many details about it. When I discussed the problems I was seeing on my system at the office, someone pointed me to the beta tarballs of the upcoming version 2.3, which I installed by patching our FreeBSD port. http://llvm.org/prereleases/2.3/ As an ideal benchmark, I decided to compile an i386 kernel using the LLVM 2.3 snapshot. I didn't expect it to happen, but it works! I was did you try clang as well? I wonder what it's able to do capable of successfully booting into single user mode and shutting it down safely. There is one problem however: http://llvm.org/bugs/show_bug.cgi?id=2267 For some reason, the inline asm support of LLVM is incomplete and causes compilation errors when generating some of the atomic functions in i386/include/atomic.h (lines 262 to 265). To work around this, I made the functions non-atomic. Silly, I know, but it was good enough to perform some basic tests. I think it would be nice if LLVM would once become our standard C compiler. LLVM currently uses GCC as its frontend, which proves to be somewhat compatible with the original GCC yeah... thats a worthy goal :) thnx! roman ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and LLVM
Hello Stefan, (CC'ing this back to the list) * Stefan Esser [EMAIL PROTECTED] wrote: this is great news! Can you provide your patches to upgrade the port to 2.3-pre? I could, but I patched the ports rather poorly. The plists are incorrect. I just incremented the version numbers, updated the distinfo and made some changes to the llvm-gcc4 port to use the proper wrksrc. Did you, by chance, record build times with llvm-gcc compared to the system compiler? What about the quality of generated code (size, runtime)? Did you manage to get a meaning-ful program built that could be used as a benchmark? I was able to compile a kernel with SMP disabled and PAE enabled. Other combinations will not work. LLVM doesn't seem to be properly capable of dealing with the xchg instruction in inline asm statements. A non-SMP PAE kernel doesn't seem to use them :-) Below are some build stats: | llvm: | | 114.04s user 24.86s system 176% cpu 1:18.73 total ^ output of time(1) | | -rwxr-xr-x 1 ed wheel 4456839 May 21 12:59 ^ output of ls -l kernel before stripping | -rwxr-xr-x 1 ed wheel 3596008 May 21 13:16 ^ output of ls -l kernel after stripping | | textdata bss dec hex | 3286323 229605 462280 3978208 3cb3e0 ^ output of size(1) after stripping | gcc: | | 119.04s user 22.64s system 178% cpu 1:19.27 total | | -rwxr-xr-x 1 ed wheel 4098317 May 21 12:33 | -rwxr-xr-x 1 ed wheel 3463448 May 21 12:57 | | textdata bss dec hex | 3185574 220965 460216 3866755 3b0083 As you can see, compilation time is about the same, but the kernel image is a little bigger. I don't know anything about the quality of the generated code. If 2.3-pre allows the kernel to boot and run, then many user-land programs should work as well. Testing a make world (and preparing the infrastructure to support llvm in addition to gcc and icc might be worthwhile ...). We should really try that. Unfortunately I'm quite busy, hacking on the TTY layer. ;-) You probably know about the clang project, which tries to completely replace the gcc parts needed for llvm-gcc ... Yes. I haven't looked at it yet. It doesn't seem to be in Ports yet. Any takers? ;-) -- Ed Schouten [EMAIL PROTECTED] WWW: http://80386.nl/ pgpFssY10OnRh.pgp Description: PGP signature
Hifn 7955 doesn't work with Freebsd 7.0-release
Hi, I am trying to setup two Soekris 4521 with a minipci vpn1411 (Hi/fn 7955) in a vpn. I understood that the crypto card should automatically work with only three kernel configuration file modification. So I added these three lines device crypto device cryptodev device hifn I tested with openvpn (the one release with pkg_add). I used the default cipher (I think this is BF-CBC - Blowfish 128 bit). The VPN works but I didn't notice any difference in performance (with or without the crypto card). I also tested the crypto card with AES128 but the performance only got worse (didn't have a baseline for that one) Relevant output: dmesg | grep hifn hifn0 mem 0xa000-0xafff,0xa0002000-0xa0003fff,0xa0008000-0xa000 irq 10 at device 16.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801ext clk, 4x mult dmesg | grep crypto cryptosoft0: software crypto on motherboard uname -a FreeBSD Soekris 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat May 17 10:53:38 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/C5 i386 Any help would be appreciated Richard ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Why doesn't autoconf like our /bin/sh?
On Fri, 16 May 2008 16:13:07 +0200 Stefan Farfeleder [EMAIL PROTECTED] wrote: On Fri, May 16, 2008 at 10:11:43AM -0400, Mike Meyer wrote: On Fri, 16 May 2008 09:44:33 +0200 Stefan Farfeleder [EMAIL PROTECTED] wrote: On Sun, Mar 09, 2008 at 03:27:12PM -0400, Mike Meyer wrote: I've stumbled on to an obscure problem with autoconf 2.61, and I'm not sure quite what to do with it. I've already sent mail to the autoconf folks, but I'd like to understand what's going on. The problem is that, on a FreeBSD system with only /bin/sh and the ports zsh as installed shells, if you have SHELL set to zsh when invoking the autoconf-generated configure script, the script produces a broken Makefile. It doesn't generate an error, it just complains that: Can you please retry? /bin/sh now supports expanding $LINENO which was often the reason for configure not liking it. And autoconf seems happy to use it. Thanks, mike ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Kerberized CIFS client?
This question was previously posed of the freebsd-questions list, but with no response for a week, I'd like to try my luck here. If there's any more information I should include, please speak up: I would be glad to oblige. I would like to use smb/cifs with kerberos auth, but mount_smbfs doesn't seem to support this. Is anyone aware of an alternate means of performing a mount via smb/cifs or any patches to provide such functionality? I already have smbclient working with -k, but I am also interested in a mount. Thanks -Derek. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hifn 7955 doesn't work with Freebsd 7.0-release
I tested with openvpn (the one release with pkg_add). I used the default cipher (I think this is BF-CBC - Blowfish 128 bit). The VPN works but I Hi, See the man page for supported ciphers. didn't notice any difference in performance (with or without the crypto card). I also tested the crypto card with AES128 but the performance only got worse (didn't have a baseline for that one) For single crypto streams, you are not going to see any improvement really. Where it works, is when you have multiple connections. e.g. on our old backup server, we would have several dumps coming in over ssh (3des) and the card made a significant reduction in CPU usage. It doesnt really improve single crypto streams performance wise. You can also confirm its working by using hifnstats in /usr/src/tools/tools/ ---Mike ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hifn 7955 doesn't work with Freebsd 7.0-release
Richard van Mansom wrote: Hi, I am trying to setup two Soekris 4521 with a minipci vpn1411 (Hi/fn 7955) in a vpn. I understood that the crypto card should automatically work with only three kernel configuration file modification. So I added these three lines device crypto device cryptodev device hifn I tested with openvpn (the one release with pkg_add). I used the default cipher (I think this is BF-CBC - Blowfish 128 bit). The VPN works but I didn't notice any difference in performance (with or without the crypto card). I also tested the crypto card with AES128 but the performance only got worse (didn't have a baseline for that one) Relevant output: dmesg | grep hifn hifn0 mem 0xa000-0xafff,0xa0002000-0xa0003fff,0xa0008000-0xa000 irq 10 at device 16.0 on pci0 hifn0: [ITHREAD] hifn0: Hifn 7955, rev 0, 32KB dram, pll=0x801ext clk, 4x mult dmesg | grep crypto cryptosoft0: software crypto on motherboard uname -a FreeBSD Soekris 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sat May 17 10:53:38 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/C5 i386 Any help would be appreciated Unfortunately openssl doesn't use the accelerator by default. This means all apps that use openssl likewise are not automatically accelerated. I suggested a patch but it was not accepted. I can't recall how you force openssl and/or consumers to use the device. If you want to check whether the kernel support is working correctly look in src/tools/tools/crypto for cryptotest and hifnstats. Sam ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Gprof C++ support
El sáb, 03-05-2008 a las 09:17 -0700, Purushotham Nayak escribió: Hi All, I've been trying to use gprof on some C++ code and appears it doesn't demangle C++ function names. I was wondering if anyone is working on it? I would like to contribute/help in adding this. Purushotham You can try c++filt. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
nessus gtk yields empty scan
[EMAIL PROTECTED] ~]$ uname -a FreeBSD kv_bsd 6.3-STABLE FreeBSD 6.3-STABLE #0: Wed May 7 19:40:55 PDT 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 [EMAIL PROTECTED] ~]$ pkg_info | grep essus pkg_info: show_file: can't open '+COMMENT' for reading nessus-gtk2-2.2.9_1 A security scanner: looks for vulnerabilities in a given ne nessus-libnasl-2.2.9_1 Nessus Attack Scripting Language nessus-libraries-2.2.9_1 Libraries for Nessus, the security scanner [EMAIL PROTECTED] ~]$ when i boot there seems like there are a lot of rpm errors during the nessus loads. i think something is wrong but i don't know what. i don't know what to say i don't know what is wrong i can type faster without caps it is NOT that hard to read. the gtk GUI has a lot of plugins i think they are all selected there is a host called minkay.sfsu.edu i am supposed to scan i have a log in i put in host 10.1.1.1 like this webpage says ttp://www.securityfocus.com/infocus/1741 oops. i pasted it twice below sorry. 1.0 Introduction Nessus is a great tool designed to automate the testing and discovery of known security problems. Typically someone, a hacker group, a security company, or a researcher discovers a specific way to violate the security of a software product. The discovery may be accidental or through directed research; the vulnerability, in various levels of detail, is then released to the security community. Nessus is designed to help identify and solve these known problems, before a hacker takes advantage of them. Nessus is a great tool with lots of capabilities. However it is fairly complex and few articles exist to direct the new user through the intricacies of how to install and use it. Thus, this article shall endeavor to cover the basics of Nessus setup and configuration. The features of the current versions of Nessus (Nessus 2.0.8a and NessusWX 1.4.4) will be discussed. Future articles will cover Nessus in more depth. Nessus is a free program released under the GPL. Historically, many in the corporate world have ridiculed such public domain software as being a waste of time, instead choosing supported products developed by established companies. Typically these packages cost hundreds or thousands of dollars, and are often purchased using the logic that you get what you pay for. Some people are starting to realize that public domain software, such as Nessus, isn't always inferior and sometimes it is actually superior. Paid technical support for Nessus is even available from www.tenablesecurity.com. Nessus also has a great community of developers anchored by the primary author, Renaud Deraison. When allowed to fairly compete in reviews against other vulnerability scanners, Nessus has equaled or outshined products costing thousands of dollars. [ref: Information Security, Network Computing] One of the very powerful features of Nessus is its client server technology. Servers can be placed at various strategic points on a network allowing tests to be conducted from various points of view. A central client or multiple distributed clients can control all the servers. The server portion will run on most any flavor of Unix. It even runs on MAC OS X and IBM/AIX, but Linux tends to make the installation simpler. These features provide a great deal of flexibility for the penetration tester. Clients are available for both Windows and Unix. The Nessus server performs the actual testing while the client provides configuration and reporting functionality. 2.0 Installation Nessus server installation is fairly simple even for a Windows jockey like me. First an installed version of Unix is required. Secondly, prior installation of several external programs is recommended: NMAP is the industry standard for port scanners, Hydra is a weak password tester and Nikto is a cgi/.script checker. While not required, these external programs greatly enhance Nessus' scanning ability. They are included because they are the best applications in their class. If installed in the PATH$ before Nessus installation, they will automatically be available. The simplest installation method is using the Lynx automatic install. Lynx is included on many of the linux versions. The Lynx command is (logged in as a user, and not root) : lynx -source http://install.nessus.org | sh This should install the server on most platforms with no other steps necessary. Note that the latest install script can also be downloaded and run locally. Whether you install directly off the Website or using the same install script offline, either way the script will setup a temporary suid and ask for your root password when required -- if you don't like this feature you can download, compile and install the four required tarballs individually. The above command should also be used periodically to upgrade Nessus as new versions are regularly released. You will be questioned about proxy servers, a download method
libz.so no found
kv_bsd#cd /usr/ports/distfiles kv_bsd#mv /usr/home/kayve/Nessus-3.2.0-fbsd7.tbz . kv_bsd#pkg_add Nessus-3.2.0-fbsd7.tbz pkg_add: package VisualOS-1.0.5_3 has no origin recorded /libexec/ld-elf.so.1: Shared object libz.so.4 not found, required by nessusd - Please run /usr/local/nessus/sbin/nessus-adduser to add an admin user - Register your Nessus scanner at http://www.nessus.org/register/ to obtain all the newest plugins - You can start nessusd by typing /usr/local/etc/rc.d/nessusd.sh start kv_bsd#/usr/local/etc/rc.d/nessusd.sh start Nessus/libexec/ld-elf.so.1: Shared object libz.so.4 not found, required by nessusd kv_bsd# *--* Kayven Riese, BSCS, MS (Physiology and Biophysics) (415) 902 5513 cellular http://kayve.net Webmaster http://ChessYoga.org *--* ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Many Nessus startup errors
I am not generating reports http://www.monkeyview.net/id/965/fsck/nessus/nessus.vhtml During startup, 20K plugins try to load. A lot of them fail or something: http://www.monkeyview.net/id/965/fsck/nessus/p5210017.vhtml http://www.monkeyview.net/id/965/fsck/nessus/p5210018.vhtml *--* Kayven Riese, BSCS, MS (Physiology and Biophysics) (415) 902 5513 cellular http://kayve.net Webmaster http://ChessYoga.org *--* ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]