Re: Missing quote in comment in 8.3 & 9.0 & 9.1RC2 etc/sendmail/freebsd.mc
On 5 December 2012 07:02, Peter Wemm wrote: > On Tue, Dec 4, 2012 at 7:16 PM, Garrett Cooper wrote: >> On Tue, Dec 4, 2012 at 7:03 PM, Eitan Adler wrote: >>> On 4 December 2012 21:23, Julian H. Stacey wrote: >>>> Hi, >>>> Reference: >>>>> From: Eitan Adler >>>>> Date: Tue, 4 Dec 2012 20:58:20 -0500 >>>>> Message-id: >>>>> >>>> >>>> Eitan Adler wrote: >>>>> On 4 December 2012 20:21, Julian H. Stacey wrote: >>>>> > At Wed Dec 5 02:16:29 CET 2012 the web ref fails: >>>>> > http://www.freebsd.org/cgi/query-pr.cgi?pr=174108 >>>>> > There is no bug in the bin category beyond 174103 >>>>> >>>>> This is a known issue. I'm not sure what is causing it. >>>>> >>>>> Your bug made it (check the freebsd-bugs mailing list) but the web >>>>> interface can't find it. >>>>> -- >>>>> Eitan Adler >>>> >>>> Thanks Eitan, OK I see >>>> http://lists.freebsd.org/pipermail/freebsd-bugs/2012-December/051052.html >>>> >>>> Garrett C mentioned it was slow & wait a bit. >>> >>> Normally it takes about 15 minutes for it to sync and cron to catch >>> up.Something else is going on here. Clusteradm, can you comment? >> >> It took almost an hour on Sunday, FYI. >> -Garrett > > cvsup and cvsupd started giving SIGBUS after the last installworld. I > haven't looked too closely yet. > > I am inclined to replace the data transfer from freefall -> > www.freebsd.org with a straight up rsync. Want me to look at that? -- Simon L. B. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: SMP Version of tar
On Oct 2, 2012, at 12:36 AM, Yamagi Burmeister wrote: > On Mon, 1 Oct 2012 22:16:53 -0700 > Tim Kientzle wrote: > >> There are a few different parallel command-line compressors and >> decompressors in ports; experiment a lot (with large files being read from >> and/or written to disk) and see what the real effect is. In particular, >> some decompression algorithms are actually faster than memcpy() when run on >> a single processor. Parallelizing such algorithms is not likely to help >> much in the real world. >> >> The two popular algorithms I would expect to benefit most are bzip2 >> compression and lzma compression (targeting xz or lzip format). For >> decompression, bzip2 is block-oriented so fits SMP pretty naturally. Other >> popular algorithms are stream-oriented and less amenable to parallelization. >> >> Take a careful look at pbzip2, which is a parallelized bzip2/bunzip2 >> implementation that's already under a BSD license. You should be able to >> get a lot of ideas about how to implement a parallel compression algorithm. >> Better yet, you might be able to reuse a lot of the existing pbzip2 code. >> >> Mark Adler's pigz is also worth studying. It's also license-friendly, and >> is built on top of regular zlib, which is a nice technique when it's >> feasible. > > Just a small note: There's a parallel implementation of xz called > "pixz". It's build atop of liblzma and libarchiv and stands under a > BSD style license. See: https://github.com/vasi/pixz Maybe it's > possible to reuse most of the code. See also below, which has some bugfixes/improvements that AFAIK were never committed in the original project (though they were submitted). https://github.com/jlrobins/pixz JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: Replacing BIND with unbound (Was: Re: Pull in upstream before 9.1 code freeze?)
On Sun, Jul 8, 2012 at 10:29 AM, Doug Barton wrote: > Unbound has different policies and release schedules that are more in > line with ours. So in the short term (as in, the next few years) we're > better off with unbound in the base. Where is there information about this / what is their support? When I looked at their website I found nothing about security support, branch handling etc. and nobody has replied to that part in these threads (unless I missed it - I just rescanned thread without seeing a reply). -- Simon L. B. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: Pull in upstream before 9.1 code freeze?
On Tue, Jul 3, 2012 at 9:39 PM, Doug Barton wrote: > On 07/03/2012 05:39, Dag-Erling Smørgrav wrote: >> Doug Barton writes: >>> The correct solution to this problem is to remove BIND from the base >>> altogether, but I have no energy for all the whinging that would happen >>> if I tried (again) to do that. >> >> I don't think there will be as much whinging as you expect. Times have >> changed. >> >> I'm willing to import and maintain unbound (BSD-licensed validating, >> recursive, and caching DNS resolver) if you remove BIND. > > You've got a deal! > > Unbound requires ldns, which is a good thing. Part of this project would How's the security support for ldns / unbound? For third party software sitting in the 'frontline' that part is rather important. > also be to enable drill so that we have a command-line dns lookup tool > in the base, but that's trivial once you've got ldns imported. Does that means loosing host(1) ? That would be somewhat annoying. -- Simon ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: LED support for ALIX 2/3 series
On Dec 15, 2010, at 7:12 AM, Michael Reifenberger wrote: > On Wed, 15 Dec 2010, Emanuel Haupt wrote: > >> Date: Wed, 15 Dec 2010 12:38:23 +0100 >> From: Emanuel Haupt >> To: freebsd-hackers@FreeBSD.org >> Subject: LED support for ALIX 2/3 series >> Is anyone interested in porting leds-alix.c [1] for the ALIX 2/3 series [2]? >> The following version uses linux API's. >> >> I'd gladly write a port for it if someone could port it. >> > > Probably it should use the led(4) framework and reside in the base OS. > Like sys/arm/xscale/ixp425/cambria_led.c The LED's on my Alix 3d2 work just fine already with led(4) under 8.2. I think the code gets pulled in by "options CPU_GEODE". I have three device nodes under /dev/led/ that work as described in the led(4) manpage. Am I missing something? JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: an alternative to powerpoint
On Jul 13, 2010, at 11:48 AM, Ivan Voras wrote: On 07/13/10 06:15, Luigi Rizzo wrote: Have fun, it would be great if you could report how it works on fancy devices (iphone, ipad, androids...) For what it's worth, it doesn't work at all on Android :) (and the layout is messed up) The front page appears to come up fine on my iPhone (3GS+IOS 4) but I'm not able to navigate to any other slides (tap "clicking" doesn't work and I don't have the option of supplying keyboard input). JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: Is the FreeBSD ABI compatibility policy documented anywhere
On 2009.09.24 15:26:34 -0500, Stef Walter wrote: > It seems that FreeBSD has an ABI compatibility policy where major > versions remain ABI and API compatible throughout minor point versions. > That is to say that the kernel interfaces and libraries for (eg) > 7-STABLE, 7.1-RELEASE, 7.2-RELEASE are not supposed to change. It's not entirely that simple. The ABI on a stable branch like 7.x should be backward compatible, but there isn't a guarantee of forward compatibility. IE, 7.0 binary should be able to run on 7.x, but a 7.2 binary might not run on 7.0. It should be more or less the same with the API's. PS. do note that there is no 100% guarantee. At times the defacto policy might be violated if there are very good reasons for doing so. This would e.g. an important fix for something where the changed ABI, more likely K(kernel)BI, change should affect few people and the change is required for fixing some important bug. > Is this a policy of the project? If so, is it documented anywhere? Or is > it just a convention? I don't remember seeing it ever documented, just discussed. What I wrote above is also just my understanding of curreny defact policy. -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: Howto setup multiboot with GPT?
On 2009.08.17 09:32:54 -0400, John Baldwin wrote: > On Friday 14 August 2009 5:07:49 pm Andrey V. Elsukov wrote: > > Hi, > > > > I have installed 8.0-BETA2 amd64 on ZFS root with GPT. I made addition > > partition and > > made new ZFS pool, builded and installed i386 world and kernel to this > > pool. > > So, is there some way to select from which partition i want to boot? > > Not currently unless you hardcode a specific partition in /boot.config. (You > may need a patch from jhay@ to fix the parsing of that file though.) I > believe someone (can't recall who) has some changes in a p4 branch to extend > gptboot to support a fancier interface with a menu of possible partitions, > etc. I have been playing around with gptboot, but it's not ready for any kind of general use yet. So far I parse and print the complete partition table and has the start of a framework to configure gptboot directly similar to boot0cfg. One of the first features I plan to have working is to be able to select which partition to boot, but it's not the main goal - that's nextboot like functionality. The WIP can be find in FreeBSD.org perforce at //depot/user/simon/gptboot/... AKA http://p4web.freebsd.org/@md=d&cd=//depot/user/simon/gptboot/&c=2qs@//depot/user/simon/gptboot/?ac=83 -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
Re: freebsd-update missed?
On 2008.09.27 03:59:28 -0700, Jeremy Chadwick wrote: > The advisory explicitly goes over what files were changed, and what > revisions include the fix. The below versions include the fix. If you > have older versions, then the answer is no, you do not have the fix. > > http://security.freebsd.org/advisories/FreeBSD-EN-08:01.libpthread.asc > > src/UPDATING 1.416.2.37.2.6 > src/sys/conf/newvers.sh 1.69.2.15.2.5 > src/lib/libpthread/sys/lock.c 1.9.2.1.8.1 > src/lib/libpthread/thread/thr_kern.c 1.116.2.1.6.1 > > These are for CVS tag RELENG_6_3. > > I do not use freebsd-update. That said: > > The man page for it states that it's a binary updater for pieces in the > base system, so you looking at your *source* files would indicate > absolutely nothing, other than when you last ran csup to update your > /usr/src tree. > > I do not know of a way to verify if your libpthread library actually > contains the fix. We will have to wait for Colin's answer. Errata's are distributed with freebsd-update just like advisories. Since freebsd-update 2 (the one in the base system) /usr/src is also updated if it exists. That said, note that freebsd-update does not get's patches from CVS so $FreeBSD$ unfortunatly isn't updated. I just checked, for 6.3 the patch 'EN-08:01.libpthread' is on the freebsd-update build server. -- Simon L. Nielsen Hat: FreeBSD Deputy Security Officer (IE, one of the people making freebsd-update builds) ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Laptop suggestions?
On Thursday 24 July 2008, Frank Mayhar wrote: > My old Dell Inspiron 5160 has developed problems that I can't fix, sigh, > so it's time to replace it. I'm hoping for some good suggestions from > this list (cc'd to hackers for the exposure, I know everyone doesn't > read -mobile). I haven't played with one hands-on, but the laptop I was going to buy until $work supplied a different one was a Fujitsu Lifebook E8410. It has a few customization options if you get it from Fujitsu directly. Among these are Intel graphics and Atheros wireless, 2 of the main things I was looking for for good FreeBSD hw support. > My criteria: > * 3D acceleration. check ought to work w/ intel(4x) driver on i386 or amd64 > * MiniPCI wireless (don't care which card, I'll replace it > anyway). AFAIK. I was planning to select the Atheros option and leave it.. > * At least 15" screen. 15.4 Wide with WSXGA+ option > * Decent power consumption. Unknown, but available 8-cell main and 6-cell modular batteries. > * Plays well with FreeBSD 7-stable. AFAIK. > Nice to have: > * Dual core. check. > * >4GB memory. =4GB avail. (can you get more on a laptop yet?) > * Working suspend/hibernate mode (and no, I'm not holding my > breath). unknown. has any progress been made WRT suspend/resume + SMP on FreeBSD in general? > > So, suggestions? BTW, if I get a decent response I'll summarize it for > the list, along with the one I chose and my experience after > ordering/installing it. Best of luck and do post your experiences. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: openssl with zlib support
On 2008.06.06 19:02:36 +0200, Mohacsi Janos wrote: > Dear All, > Are there any reason to not enabling zlib compression for TLS in > openssl > on FreeBSD ? No, that seems like a mistake. Which FreeBSD version are you using, and are you using OpenSSL from base or ports? > Would it break ABI if I enable it by tweaking the openssl Makefile? Probably not, but I'm not sure where it's enabled/disabled so I can't say for sure. I will try to look into this more, but it might not be until sometime next week. -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: AMD Geode LX crypto accelerator (glxsb)
On 2008.06.07 06:18:55 +0200, Pawel Jakub Dawidek wrote: > On Fri, Jun 06, 2008 at 11:41:35PM +0200, Patrick Lamaizi?re wrote: > > - How check the encryption/decryption ? > > > > Openssl seems ok, i've got quite the same results as NetBSD on a Soekris > > net5501 box. But i must use -engine cryptodev, why ? > > This is ok, as you may not want to use it, right? > > > $ openssl speed -evp aes-128-cbc -engine cryptodev -elapsed > > engine "cryptodev" set. > > ...CUT... > > type16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes > > aes-128-cbc 1151.08k 4134.25k 11936.49k 22504.83k 25576.36k > > > > When i test ssh -c aes128-cbc hostname, ssh does not use the crypto > > device. I receive a crypto_newsession() followed by a > > crypto_freesession(), i mean i don't receive any crypto_process(). > > Have you tried to put some debug to opencrypto? I believe openssh should > use it automatically, at least this was the case some time ago, AFAIR. OpenSSL 0.9.7 (in FreeBSD 6 and older) enabled it by default. After the OpenSSL 0.9.8 import it was not enabled automatically anymore. I have yet to figure out why this changed. sam@ made a patch to enable it always but I was not entirely sure it was the correct way to do it so I haven't committed it. You can enable it per application in the openssl config file, if the application calls the correct openssl config init function, which OpenSSL AFAIR does not. I will try to look more into this, but no promises as to when I will get to it. If anyone can make / get a patch which is OK'ed by the OpenSSL people I will be more than happy to commit it. BTW. I think phk@ already worked on a patch for AES in the AMD Geode LX, but I can't remember details or have time to look it up right now. -- Simon L. Nielsen Hat: FreeBSD OpenSSL janitor ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cvs tag renaming after repo copy
On 2008.02.28 14:58:53 +0100, Dag-Erling Smørgrav wrote: > "Simon L. Nielsen" <[EMAIL PROTECTED]> writes: > > John Polstra has made a script (Fixtags) for it which we use for the > > FreeBSD repository. I don't think he has any problems with it being > > distributed, but as it doesn't have a copyright statement i just want > > to ask before I distribute it... > > Uh... I wrote a replacement for that in 2001 (~des/bin/fixtags.pl). > I'm surprised you still use John's version, which is excruciatingly > slow, since 1) it's a shell script, 2) it's a *recursive* shell script, > 3) it runs rcs twice for every modified tag. If it ain't borken :-). Speed is rarely an issue since the CVS master server is fast, and most of the time only a few files are copied. For other intersted parties I got OK from John Polstra to put his script online with std. BSD license so it can now be found at http://people.freebsd.org/~simon/scripts/Fixtags . In case anyone is interested I put the script I use for repo-copies at FreeBSD.org online as http://people.freebsd.org/~simon/scripts/cvs_repo_copy . The script probably need to be adjusted to local config and use at your own risk etc - but it hasn't done anything bad for me yet :-). -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: cvs tag renaming after repo copy
On 2008.02.27 08:36:30 -0700, John Hein wrote: > Can someone point me at a script that does tag renaming > after a repo copy? John Polstra has made a script (Fixtags) for it which we use for the FreeBSD repository. I don't think he has any problems with it being distributed, but as it doesn't have a copyright statement i just want to ask before I distribute it... -- Simon L. Nielsen Hat: FreeBSD.org cvsmeister ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: nvidia working?
Quoting Chuck Robey <[EMAIL PROTECTED]>: I was wondering ... I have (I think) nvidia working on my box, or at least, I am calling out the nvidia driver in the xorg.conf, but I was wondering if there is any program that only works with the nvidia hardware, some way I can absolutely prove that I have the real nvidia card working here? Before I had it working, I was using the vesa driver, and most things look exactly the same, and if I could fine some program that shows the 8600GTS's abilities, I would sure like that. btw -questions would probably have been a better forum for this question than -hackers. The most straightforward approach is probably to review the output of your Xorg log, e.g. /var/log/Xorg.0.log. Output from the nvidia driver will be prefixed by NVIDIA (rather than VESA or NV if you were using a different driver). There is also x11/nvidia-settings port. It's a control panel of sorts that will show you nvidia-specific information. In theory it lets you control some settings as well but personally I've never found it useful for that. YMMV. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Verizon Wireless Card v620 (Novatel Wireless)
On Saturday 01 September 2007, Anthrax De Oracle wrote: > > Success ... on device from ugen1 to ucom0 > ucom0: Novatel Wireless Inc. Novatel Wireless Merlin CDMA, rev > 1.10/0.00, addr 2 > > ..I have successfully gotten my device to detect as ucom.. (ucom0: > Novatel Wireless Inc. Novatel Wireless Merlin CDMA, rev 1.10/0.00, addr > 2) and not ugen.. HOWEVER, my problem here is connecting... each time i > type ppp ,... it says 'ucom0: ubsa_request STALLED. and the stalled > messages keep coming.. when i type ping google.com to see if i'm online > it shows me host look up failure, thus meaning im not connected. Please > what can i do to solve this problem, it's eating me up.. i really need > this.. I have even recompiled my kernel (from 6.2-RELEASE to 6.2-STABLE) > ... and its still not working .. what can i do to solve this .. please > help. See my thread about this from a few months ago on the freebsd-mobile mailing list. I saw strings of STALLED messages as well but it always worked fine for me. You might want to compare my patches to yours. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Upgrading from FreeBSD 5.3 to 6.2
On 2007.08.25 13:45:05 +0200, Jose-Marcio Martins da Cruz wrote: > > Ralph, > > I found Ralph Engelschall scripts to upgrade FreeBSD systems. > > http://people.freebsd.org/~rse/upgrade/freebsd-upgrade-5x-6x.txt I would suggested just using the documented procedure from the FreeBSD Handbook. I haven't done any 5.3 -> 6.2 upgrades but I have done many other 5.x -> 6.x and I haven't had a problem in any of the cases. Of course I mostly have console on systems which makes everything a lot simpler / safer, but you didn't say if that was requirement for you (being able to upgrade without console). -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: iSCSI boot mussings
On Friday 16 March 2007 07:34, Danny Braniss wrote: > Hi, > Now that I have my hands on a server that can boot iSCSI, > I started to look into it. After figuring out what magic is needed > in the dhcpd.conf (just add option root-path > "iscsi:target-iptarget-name") I can boot FreeBSD to the point that it > can't find a root device, and assuming that some more magic can be applied > (ala NFS), I'm just > wondering aloud, if it's realy worth the efford. > For a PXE based diskless solution, you need > 1 - a working dhcpd > 2 - a working tftpd > 3 - a working NFS server with the exported root fs. > appplying some minor magic, you can have only one read-only > fs. > For an iSCSI based diskless solution, you need > 1- a working dhcpd > 2- a working iscsi-initiator, unless the BIOS can be used. > 3- a working target with a root fs > (one for each client, unless applying 3 from the above). > Hybrid solution: > boot via PXE, but mount root via iSCSI > > So, what say you all? From the kernel's perspective (at the moment just prior to mounting root), is there a difference between the last two approaches? The situation as I see it (in both cases) is that the kernel is loaded into memory (by some magical means which is at this point irrelevant), and now has to locate a root device using only what it already has to bootstrap the process. If what it already has includes BOOTP code then it's possible to get some additional information externally. Whether the initial magic was PXE or BIOS-based iSCSI, the kernel has to have its own storage drivers and do its own network setup, right? I think there are some benefits to being able to do this, but perhaps 90% of them could be realized with what we already have (iscontrol and the iscsi_initiator kernel module) plus some rc and fstab glue. Any kind of diskless server farm needs at least one "master" server to run dhcpd, and if you have it doing that you might as well have it do NFS and tftpd as well. Pretty much any client you'd want to use as an iSCSI initiator will have a decent NIC which nowadays implies PXE support. So it shouldn't be hard to get root mounted using currently available means (local disk or PXE+NFS), and from there have the option of using iSCSI for other partitions (including /usr). A truly standalone iSCSI client will most likely want to use a TOE card, which to the OS looks like any other SCSI adapter. (I'm unsure which if any such cards are currently supported in FreeBSD, but that's a tangential question.) Machines with iSCSI-capable BIOS'es are an inbetween case. Allowing such machines to be standalone clients would require things like the initiator name, the initiator's IP address and netmask, the target's IP address, and the target's (volume) name to be hard-coded in the kernel. It would be nice to support this scenario, but IMO it's the one with the lowest benefit/cost ratio. Making it easy to integrate iSCSI into existing environments (diskless or not) is IMO the biggest hole in the current implementation (the missing rc and fstab bits I mentioned before). JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: portupgrade O(n^m)?
On Wednesday 14 February 2007 12:41, David Gilbert wrote: > I have 734 ports installed on my laptop right now. I'm pretty sure, > at times, I've had over 1000 ports on my laptop. > > On machine with moderate numbers of ports (most servers seem to have > 50 to 200 ports), portupgrade takes a moderate amount of time to start > work. On machines like my laptop, portupgrade seems to take much more > time to run. I assume it's solving the dependency graph before it > decides what to upgrade first, but is this truly a O(n^2) problem? It > seems like the implemented algorithm is O(n^2). Just a "me too". I noticed a huge increase in time for portupgrade when I started using the modular Xorg ports tree and upgraded to X.org 7.2RC. The number of installed ports on my machine went from just over 300 to well over 600 as a result of the upgrade. Specifying small numbers of ports (without globbing) to portupgrade doesn't seem to take much more time, but "portupgrade -a" or anything similar takes forever now. If there is an optimization to be made there it would be good to do it before modular xorg hits the official tree. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Best practices for using gjournal with gmirror?
I have a few questions for pjd (or anyone else) about using gjournal, particularly when used with gmirror. 1) I'm running 6-STABLE and plan to test with gjournal6_20061030.patch (from the mailing list; updated version of 20061024 that applies cleanly). Is there a better/newer version for -STABLE that I should use instead? 2) When using gjournal and for a gmirror volume, does the journal need to be mirrored as well to maintain redundancy? If so, when storing the journal on the same physical disks as the mirror, is it better to mirror at the slice level (journal and fs on different partitions in the same mirror) or at the partition level (journal and fs each have their own mirror) or does it matter? 3) I remember reading where pjd said that gjournal plus gmirror or graid3 would eliminate the need to re-sync the array after a crash. While clearly a design goal, is that actually the case with the version of the patch mentioned above? If so, are any config changes needed or will it just happen automagically? 4) In the same vein as 3)--does a gjournal volume need to be fsck'ed after a crash? If not, will it just work (e.g. fsck -p sees that the filesystem is clean) or does it need to be disabled somehow? 5) Finally, how dangerous is this code? I realize it's experimental and only plan to use it with data that has recent backups, but how much should I worry about it blowing up my system or corrupting my files? Thanks! JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: iSCSI disconnects dilema
Forwarding a relevant comment from a parallel discussion on -questions. -- Forwarded Message -- Subject: Re: iSCSI Date: Tuesday 09 January 2007 11:35 From: Dan Nelson <[EMAIL PROTECTED]> To: DAve <[EMAIL PROTECTED]> Cc: Free BSD Questions list In the last episode (Jan 09), DAve said: > The developers response, for those who are interested. > > hi Dave, > the initiator for iSCSI will hit stable/current real soon now. > that was the good news, now for the down side: > what was missing all along was recovery from network disconnects, so > while I think I have it almost worked out, I've come across a major > flow in the iscsi design: > when the targets crashes, and comes back, there is no way > to tell the client to run an fsck. This is not a problem if the > client is mounting the iscsi partition read only. > > danny Why should the client need to do an fsck? From its point of view it should just look like the target had the iSCSI equivalent of a bus reset. It should resend any queued requests and continue. On Tuesday 09 January 2007 02:06, Danny Braniss wrote: > Hi, > While I think I have almost solved the problem of network disconnects, > It downed on me a major problem: > When a 'local' disk crashes, the kernel will probably hang/panic/crash. > if i don't try to recover, then there is no change in the above scenario. > if i try to recover, then the client does not know that it should > umount/fsck/mount. > While all this seems familiar, removing a floppy/disk-on-key while it's > mounted, we could always say "you shouldn't have done that!", with > a network connection, it can happen very often - rebooting the target, a > network hickup, etc. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: iSCSI disconnects dilema
On Tuesday 09 January 2007 02:06, Danny Braniss wrote: > Hi, > While I think I have almost solved the problem of network disconnects, > It downed on me a major problem: > When a 'local' disk crashes, the kernel will probably hang/panic/crash. > if i don't try to recover, then there is no change in the above scenario. > if i try to recover, then the client does not know that it should > umount/fsck/mount. > While all this seems familiar, removing a floppy/disk-on-key while it's > mounted, we could always say "you shouldn't have done that!", with > a network connection, it can happen very often - rebooting the target, a > network hickup, etc. > > So, any ideas? I think that an iSCSI network disconnect (if handled properly) is more like a bad/flakey set of sectors and/or extremely high latency than a total disk crash. The initiator should stall as long as it can while trying to reconnect the session, and then send "hardware" timeout errors up the stack. The the rest of the OS should handle those the same as it would any other timeout errors--retry a certain number of times and then fail. I don't know how graceful the failure case is (perhaps not very), but it's an honest approximation. The above approach is IMO more than adequate for network interruptions lasting a few seconds (or a bit more). I'm not sure there's anything you can realistically do more than that. Administrators who intentionally reboot a nonredundant iSCSI target while it has active sessions are asking for trouble, and if the reboot is accidental they should do one or more of a) know to run fsck manually, b) get a better UPS, c) get a more stable/redundant iSCSI target device. Disclaimer: I know next to nothing about kernel programming, device driver development, or scsi in general. I've just been playing with and thinking about iSCSI on FreeBSD a fair amount lately. Thanks for your continued work on this. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with apache bench
On 2006.12.30 21:10:50 +0100, Bartosz Giza wrote: > from couple of days i am trying to figure out what is wrong with apache > bench. I want to test my remote site with it but all the time i got this > error message. > > % ab -c 10 -n 500 http://x/test.php > Test aborted after 10 failures > > apr_socket_connect(): Operation already in progress (37) > Total of 8 requests completed I have had some problems with ab from apache 2.0/2.2, but ab from apache 1.3 it worked fine. I just had to get it to work so I didn't look more into why it broke on newer versions. -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [patch] rm can have undesired side-effects
On 2006.10.30 21:31:51 +1100, Peter Jeremy wrote: > On Mon, 2006-Oct-30 19:38:49 +1100, Peter Jeremy wrote: > >the user is unaware that there are multiple links. I don't think > >that just unlinking the file and issuing a warning is a good solution > >because it's then virtually impossible to locate the other copy(s) > >of the file, which remains viewable. > > I missed the fact that the warning message includes the inode number. > My apologies. This reduces "virtually impossible" to "hard". > > I still think this current behaviour is undesirable and a security > hole. Maybe someone from the SO team would like to offer their > opinion - I might just have my tinfoil hat on too tight tonight. Personally I think rm should do what you ask it to do - if you ask it to overwrite a file which has multiple links, well... though luck. I guess rm exiting for antifootshoot without -f can be OK, that's still very visible to the user. What's currently in -CURRENT is probably a bad idea since you might end up with a file which you thought you had deleted, but in fact you haven't. That said, I wouldn't trust -P to _really_ remove the content of the files anyway, so personally I don't really care much. If you want the file to be gone, use encryption in the first place, or use apropriate tool (hammer, axe, C4, etc.). -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Tracing binaries statically linked against vulnerable libs
On 2006.10.14 08:11:56 -0400, Michael Johnson wrote: > On 10/13/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: > >On Fri, Oct 13, 2006 at 05:18:57PM +0400, Andrew Pantyukhin wrote: > >> On 10/7/06, Kris Kennaway <[EMAIL PROTECTED]> wrote: > >> >On Fri, Oct 06, 2006 at 09:35:31AM +0400, Andrew Pantyukhin wrote: > >> >> I wonder if there is a way to deal with statically linked binaries, > >> >> which use vulnerable libraries. > >> > > >> >The best way is to track them down and force them all to link > >> >dynamically; static linking is a PITA from a systems management point > >> >of view :) > >> > >> Do you think we could do that without a serious impact on > >> performance? > > > >In most of the cases I've looked at the statically linked binary is > >not performance critical or otherwise necessary (the only exception I > >saw is for some tripwire-like port whose name I forget, which is > >statically linked as a security enhancement, to make it lease easily > >subverted). Static linking can be made an OPTION if someone thinks > >it's really necessary for a given port. > > Each of the ports listed in this thread are bad examples of > finding static linked to ffmpeg. libxine, gstreamer-ffmpeg, and mplayer > include ffmpeg in their source and don't link to multimedia/ffmpeg. > Patching these ports to use a shared version of ffmpeg is pretty > much out of the question since we would lose support from the > authors. If ports include their own vulnerable version each port should be marked vulnerable and fixed. We have already done this for zlib, libtiff etc. in the past. For ports which just links statically against a library from another port, and therefor need to be recompiled after the library port is updated I don't think they should be marked vulnerable in VuXML, but it might be a good idea to bump the portrevision of the ports to force a recompile (at least I don't see any better ways to do this). -- Simon L. Nielsen FreeBSD Security Team ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: pam_krb5 problems
On 2006.08.30 16:03:40 +0200, Harti Brandt wrote: > has anyone successfully configured pam_krb5? It seems that the ticket Hey, It's being used in the FreeBSD.org cluster, but I never looked at how it's setup. For the parts I have messed with it "just works"... -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: jails, cron and sendmail
On 2006.08.27 02:13:03 +0200, Dirk Engling wrote: > I have the following problem: since I need and do not like any kind of > smtp activity in my jails (there's no 127.0.0.1 in a jail, all services > listen to the jails external interface), I put those lines into my > /etc/rc.conf: [...] I know it's not exactly the solution to your problem, when you don't want the mail, but I find that using the mail/ssmtp port for local mail in jails is pretty nice. There is no deamon running and I can have one config file in all the jails which says that ssmtp should relay the mails to a real mailserver. (Might be useful for other people building jails.) -- Simon L. Nielsen ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rebooting jails
'jailer' can do this but it requires a process running in each jail. http://memberwebs.com/nielsen/freebsd/jails/ Cheers, Nate Dirk Engling wrote: > I'm currently looking for a standardized way to 'reboot' jails from > within. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Intel 945GM chipset support
On Wednesday 07 June 2006 11:34, Vladimir Terziev wrote: > This doesn't sound good :( > > As i found in XOrg's documentation, i945 graphics chip is supported by > i810 XOrg driver, but i suppose the apg support must be provided by the > kernel ?! I suspect that you will have agp support if you run a recent (post 6.1) -stable or -current. I have an 845G and it started working (without any patching from me) a little while ago: agp0: mem 0x8800-0x8fff,0x8000-0x8007 irq 16 at device 2.0 on pci0 drmsub0: : (child of agp_i810.c) on agp0 Also, there is an entry for the i945G and i945GM in src/sys/dev/drm/drm_pciids.h on my system (recent 6-STABLE). HTH, JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD 6.1 Released
On 2006.05.11 20:53:42 -0400, Mike Jakubik wrote: > Simon L. Nielsen wrote: > >On 2006.05.09 01:00:14 -0400, Mike Jakubik wrote: > > > >>Julian Elischer wrote: > >> > >[...] > > > >>>the above points to a filel that says "6.0 errata" > >>> > >>Indeed. Where is the mention of current quota/bge/em/ufs problems? Don't > >>tell me these will be shoved under the rug. > >> > > > >Send patches. > > > > Patches? For what? [...] For the errata page, which was what the above text mentioned. -- Simon L. Nielsen pgpD9OAM14iWo.pgp Description: PGP signature
Re: FreeBSD 6.1 Released
On 2006.05.09 01:00:14 -0400, Mike Jakubik wrote: > Julian Elischer wrote: [...] > >the above points to a filel that says "6.0 errata" > > Indeed. Where is the mention of current quota/bge/em/ufs problems? Don't > tell me these will be shoved under the rug. Send patches. -- Simon L. Nielsen pgpdIZZE2L9Q8.pgp Description: PGP signature
Re: RFC: Adding a ``user'' mount option
On 2006.04.03 01:32:36 -0400, Joe Marcus Clarke wrote: > I know we have vfs.usermount, but this is not always sufficient since > the user has to own the mount point in question. What I propose is to > add a ``user'' mount option à la Linux. This would make mount and > umount setuid root, but would allow much more flexibility when it comes > to removable media and desktop systems. Any reason you can't just use sudo... ? I simply have lines like: simon ALL=NOPASSWD:/sbin/mount /mnt/cdrom,/sbin/umount /mnt/cdrom in my sudoers file [1]. This way I can also restrict exactly who can mount. I really dislike setuid root binaries, so I really prefer if we could avoid adding more. As Colin noted, if this is to be done via a setuid program, it probably should be a new program, since setuid programs has to have a lot of special handling of things like file descriptors etc. which normal programs can safely ignore. [1] Note I haven't checked if this opens new and interesting holes, but it doesn't matter too much on my laptop, since if somebody has access to "simon" that's just as bad as someone getting root. -- Simon L. Nielsen pgpyE4Mezbwos.pgp Description: PGP signature
Re: devctl attach/detach notification for disks
M. Warner Losh wrote: > In message: <[EMAIL PROTECTED]> > Nate Nielsen <[EMAIL PROTECTED]> writes: > : I'm working on a bit of code to get devctl notifications for attaching > : and removing of disks. This would allow actions to be taken via devd > : when a disk is attached or removed from the system. > > I'm not sure I like the API changes you've made to subr_bus. Why are > they needed? Currently the memory passed to devctl_queue_data is required to be allocated via M_BUS, which is declared static in subr_bus.c. The other option would be to put the M_BUS declaration in bus.h. > : Currently I have the attach and detach notifications hooked into > : disk_create() and disk_destroy() in geom_disk.c. See attached (rough) > : patch. > : > : However at these points the disks are not yet present in the /dev/ > : filesystem. Anyone have any clues or tips for a better place to hook > : these notifications into the system? > > That's one of the main reasons that this hasn't happened yet. The > hard part is getting all of the devices in place before sending > notifications. Robert Watson had a similar thing that I think solved > some of the problems a little better... K, well I guess this is out of my scope then. I'll just watch for umassX and other plugabble diskish devices, and then configure them after a 5 second delay or something. Cheers, Nate ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
devctl attach/detach notification for disks
I'm working on a bit of code to get devctl notifications for attaching
and removing of disks. This would allow actions to be taken via devd
when a disk is attached or removed from the system.
Currently I have the attach and detach notifications hooked into
disk_create() and disk_destroy() in geom_disk.c. See attached (rough)
patch.
However at these points the disks are not yet present in the /dev/
filesystem. Anyone have any clues or tips for a better place to hook
these notifications into the system?
Cheers,
Nate
Index: sys/geom/geom_disk.c
===
RCS file: /home/ncvs/src/sys/geom/geom_disk.c,v
retrieving revision 1.96.2.1
diff -U3 -r1.96.2.1 geom_disk.c
--- sys/geom/geom_disk.c 26 Nov 2005 22:55:20 - 1.96.2.1
+++ sys/geom/geom_disk.c 22 Feb 2006 17:55:18 -
@@ -42,6 +42,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -340,6 +341,7 @@
struct g_geom *gp;
struct g_provider *pp;
struct disk *dp;
+ char *devctl;
if (flag == EV_CANCEL)
return;
@@ -358,6 +360,16 @@
printf("GEOM: new disk %s\n", gp->name);
dp->d_geom = gp;
g_error_provider(pp, 0);
+
+ /* Send a 'added' message to devctl */
+ devctl = g_malloc(512, M_NOWAIT);
+ if (devctl != NULL) {
+ snprintf(devctl, 512,
+ "+%s%d media-type=\"disk\" sectorsize=0x%04x mediasize=0x%04llx sectors=0x%04x heads=0x%02x\n",
+ dp->d_name, dp->d_unit, dp->d_sectorsize, dp->d_mediasize, dp->d_fwsectors, dp->d_fwheads);
+ devctl_queue_data(devctl);
+ g_free(devctl);
+ }
}
static void
@@ -365,6 +377,7 @@
{
struct disk *dp;
struct g_geom *gp;
+ char *devctl;
g_topology_assert();
dp = ptr;
@@ -373,6 +386,15 @@
gp->softc = NULL;
g_wither_geom(gp, ENXIO);
}
+
+ /* Send a 'removed' message to devctl */
+ devctl = g_malloc(128, M_NOWAIT);
+ if (devctl != NULL) {
+ snprintf(devctl, 128, "-%s%d media-type=\"disk\"", dp->d_name, dp->d_unit);
+ devctl_queue_data(devctl);
+ g_free(devctl);
+ }
+
g_free(dp);
}
Index: sys/sys/bus.h
===
RCS file: /home/ncvs/src/sys/sys/bus.h,v
retrieving revision 1.70
diff -U3 -r1.70 bus.h
--- sys/sys/bus.h 12 Apr 2005 15:20:36 - 1.70
+++ sys/sys/bus.h 22 Feb 2006 17:55:19 -
@@ -83,7 +83,7 @@
*/
void devctl_notify(const char *__system, const char *__subsystem,
const char *__type, const char *__data);
-void devctl_queue_data(char *__data);
+void devctl_queue_data(const char *__data);
/*
* Forward declarations
Index: sys/kern/subr_bus.c
===
RCS file: /home/ncvs/src/sys/kern/subr_bus.c,v
retrieving revision 1.184.2.1
diff -U3 -r1.184.2.1 subr_bus.c
--- sys/kern/subr_bus.c 6 Oct 2005 23:15:18 - 1.184.2.1
+++ sys/kern/subr_bus.c 22 Feb 2006 17:55:22 -
@@ -497,15 +497,8 @@
return (revents);
}
-/**
- * @brief Queue data to be read from the devctl device
- *
- * Generic interface to queue data to the devctl device. It is
- * assumed that @p data is properly formatted. It is further assumed
- * that @p data is allocated using the M_BUS malloc type.
- */
-void
-devctl_queue_data(char *data)
+static void
+devqdata(char *data)
{
struct dev_event_info *n1 = NULL;
struct proc *p;
@@ -528,6 +521,26 @@
}
/**
+ * @brief Queue data to be read from the devctl device
+ *
+ * Generic interface to queue data to the devctl device. It is
+ * assumed that @p data is properly formatted.
+ */
+void
+devctl_queue_data(const char *data)
+{
+ int len;
+ char *msg;
+
+ len = strlen(data) + 1;
+ msg = malloc(len, M_BUS, M_NOWAIT);
+ if (msg == NULL)
+ return;
+ strcpy(msg, data);
+ devqdata(msg);
+}
+
+/**
* @brief Send a 'notification' to userland, using standard ways
*/
void
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Panic Kernel Dump to umass device?
Ian Dowse wrote:
> In message <[EMAIL PROTECTED]>, Scott Long writes:
>
>>You're correct that dumping is meant to be done with interrupts and task
>>switching disabled. The first thing that the umass driver is missing is
>>a working CAM poll handler. Without this, there is no way for command
>>completions to be seen when interrupts are disabled. Beyond that, I
>>somewhat suspect that the USB stack expects to be able to push command
>>completion work off to worker threads, at least for some situations, and
>>that also will not work in the kernel dump environment. So, there is a
>>lot of work needed to make this happen.
>
>
> The USB stack supports polled operations, so it's actually not to
> hard to make this work. Below is a patch I had in one of my local
> trees that adds a CAM poll handler to the umass driver. I've just
> tested this and it does seem to make kernel dumping work, but I
> guess it might not be as reliable as dumping to other devices.
As noted earlier the umass polling patch you posted works for dumping to
a umass device via a uhci controller.
After a little more fiddling I've managed to get it working on an ohci
controller. Attached is a patch. This patch includes your patch above.
Cheers,
Nate
Index: sys/dev/usb/umass.c
===
RCS file: /home/ncvs/src/sys/dev/usb/umass.c,v
retrieving revision 1.122.2.6
diff -U3 -r1.122.2.6 umass.c
--- sys/dev/usb/umass.c 29 Jan 2006 00:45:11 - 1.122.2.6
+++ sys/dev/usb/umass.c 22 Feb 2006 03:04:02 -
@@ -2643,21 +2643,17 @@
}
}
-/* umass_cam_poll
- * all requests are handled through umass_cam_action, requests
- * are never pending. So, nothing to do here.
- */
Static void
umass_cam_poll(struct cam_sim *sim)
{
-#ifdef USB_DEBUG
struct umass_softc *sc = (struct umass_softc *) sim->softc;
DPRINTF(UDMASS_SCSI, ("%s: CAM poll\n",
USBDEVNAME(sc->sc_dev)));
-#endif
- /* nop */
+ usbd_set_polling(sc->sc_udev, 1);
+ usbd_dopoll(sc->iface);
+ usbd_set_polling(sc->sc_udev, 0);
}
Index: sys/dev/usb/ohci.c
===
RCS file: /home/ncvs/src/sys/dev/usb/ohci.c,v
retrieving revision 1.154.2.2
diff -U3 -r1.154.2.2 ohci.c
--- sys/dev/usb/ohci.c 29 Jan 2006 01:26:46 - 1.154.2.2
+++ sys/dev/usb/ohci.c 22 Feb 2006 03:04:05 -
@@ -3049,6 +3049,9 @@
splx(s);
+ if (sc->sc_bus.use_polling)
+ ohci_waitintr(sc, xfer);
+
return (USBD_IN_PROGRESS);
}
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD-6 and em interface speed
FreeLSD wrote: > Good day! > I've obtained the following strang results with the em Ethernet interface > speeds on a 6.1-PRERELEASE: > Polling on: > UDP stream to FreeBSD: 327843.84 Kbit/sec, > TCP stream to FreeBSD: 524550.12 Kbit/sec. > Polling off: > UDP stream to FreeBSD: 740409.38 Kbit/sec, > TCP stream to FreeBSD: 794348.44 Kbit/sec. Probably due to the test tool you're using. Does the tool serialize the UDP stream (ie: wait for a response for each packet)? In many cases polling will slow down an individual stream slightly, while upping the total throughput (hundreds of streams). In addition if your CPU and bus is fast enough to handle the interrupt rate (well behaved NICs mitigate interrupts) then polling will slow things down in most cases. BTW, this should go on freebsd-net. Cheers, Nate ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Panic Kernel Dump to umass device?
Ian Dowse wrote: > > The USB stack supports polled operations, so it's actually not to > hard to make this work. Below is a patch I had in one of my local > trees that adds a CAM poll handler to the umass driver. I've just > tested this and it does seem to make kernel dumping work, but I > guess it might not be as reliable as dumping to other devices. Thanks, that helps. It works nicely with a uhci USB controller. However when the ohci driver is in use, we crash somewhere in usb_transfer_complete. I'll look into this further. Cheers, Nate ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Panic Kernel Dump to umass device?
I'm developing for small embedded systems, and I'm looking into the possibility of dumping a kernel core dump to a USB memory stick (umass driver). It currently doesn't work (see below), but I'm interested in fixing it. Yes, I know it'll be slow. It's probably also a non-tested (and non-reliable) code path for a kernel dump. But leaving those issues aside... First I wanted to ask if anyone else has tried this. Is it an insane idea, impossible? I'm not very familiar with the CAM/SCSI/USB sub-systems so perhaps someone more knowledgeable than I can set me straight. Currently when doing a dump to a USB device, I get the following. This with 6.0-RELEASE. Dump device is /dev/da0s1. > Fatal trap 12: page fault while in kernel mode > fault virtual address = 0x0 > fault code = supervisor write, page not present > instruction pointer = 0x20:0xc0cea412 > stack pointer = 0x28:0xc6cf5c1c > frame pointer = 0x28:0xc6cf5c24 > code segment= base 0x0, limit 0xf, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags= interrupt enabled, resume, IOPL = 0 > current process = 473 (kldload) > trap number = 12 > panic: page fault > Uptime: 3m48s > Dumping 95 MB (2 chunks) > Aborting dump due to I/O error. > status == 0xb, scsi status == 0x0 > > ** DUMP FAILED (ERROR 5) ** > Automatic reboot in 5 seconds - press a key on the console to abort It waits for about a minute after 'Dumping 95 MB (2 chunks)'. The light on the USB stick goes and remains stuck in the on state. The status: 0xb seems to be CAM_CMD_TIMEOUT. ERROR 5 is EIO. As far as I know, kernel dumps are always dune without interrupts and the driver runs with polling. It's likely that the umass driver and/or USB subsystem doesn't like this. Cheers, Nate ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: increasing dd disk to disk transfer rate
On Friday 13 January 2006 08:29 am, Christoph P. Kukulies wrote: > On Thu, Jan 12, 2006 at 02:23:37PM -0700, Kenneth D. Merry wrote: > > > written by phk) that is designed to do disk-to-disk recovery - it > > > copys data in big slabs until it gets an error and then works around > > > the faulty area block by block. > > > > It's called 'recoverdisk', and is in src/tools/tools/recoverdisk. > > > > I used it to copy a friend's hard drive, and it worked well. (Although > > the supposedly 'bad' disk didn't turn out to have any bad sectors.) > > I was able to recover. The 0.9980 copy of my damaged disk to the > identical new one, using > > recoverdisk /dev/ad2 /dev/ad3 > > turned out to have been successful. The program was still trying to > improve the result but I didn't see any increase of recoverd block, so I > terminated it. > > Just for the record: Before I wanted to give back in my faulty disk > to my computer supplier as a case for warranty, I zeroed out the faulty > disk. > > dd if=/dev/zero of=/dev/ad2 bs=1m > > It took half an hour to zero out the 80GB. Transferrate 44 MB/s? > And not a single error ? Or is this normal? > > Then I tried to read back > > dd if=/dev/ad2 of=/dev/zero bs=2m > > Yes, just for the fun I said 2m blocksiye. And now we come back > to FreeBSD contents: > > The system froze at this command (FreeBSD 5.2.1 on that machine) I don't know if this is why the system froze, but /dev/zero is probably not a useful output device. You could use of=/dev/null just to see if the disk reads succeed w/o errors. I've also done "cmp /dev/adX /dev/zero" before, but you don't have any control over how the disk reads are handled that way. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Polling for devices other than NICs [patch]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ed Maste wrote: > In addition, the current polling algorithm breaks down when you get to > very high CPU utilization by the stack (e.g. if acting as a high > bandwidth router). This happens because it adds one count per tick > if the polling did not run longer than one hardclock interval, but > brings it down to 7/8ths if it did. > > This ends up producing a sawtooth effect in the amount of work done by > the polling handlers. Andre Oppermann is performing some high-perf > stack testing, and he ran into this effect; in polling mode the maximum > packet rate was achieved while there was still idle CPU time. Interesting. My (simple) work on this has been on low powered CPU machines (such as the Soekris single board systems): http://memberwebs.com/nielsen/freebsd/slow-cpu-routers.html > I have a proof of concept patch that modifies the polling feedback > algorithm to measure the amount of time spent in the polling handlers, > and then attempt to schedule an appropriate amount of work to fill out > the time slot. Andre is going to be testing it out shortly. > > Don't get me wrong, I think your patch is a step in the right direction, > but we do have more work to do in order to completely generalize the > polling code. Agreed. And sometime in the future, we should probably work towards implementing auto-switching between polling and interrupts: http://www.stanford.edu/class/cs240/readings/mogul.pdf Cheers, Nate -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDwwfte/sRCNknZa8RAnMAAJ0de3eQELrbEgp5NF56wFtR2poYBACbBetq p/ZLh5bY6dbdPiIkIJMsCEM= =RADi -END PGP SIGNATURE- ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Polling for devices other than NICs [patch]
Nate Nielsen wrote:
> The polling functionality in FreeBSD is currently a bit NIC centric.
> With a few changes other types devices can use the polling subsystem.
> Attached is my first whack at this.
>
> This is some of my first hacking on the FreeBSD kernel. It'd be great if
> there was someone who could take a look and help me get it right.
Attached is a patch against HEAD.
Cheers,
Nate
Index: dev/dc/if_dc.c
===
RCS file: /home/ncvs/src/sys/dev/dc/if_dc.c,v
retrieving revision 1.178
diff -p -U5 -r1.178 if_dc.c
--- dev/dc/if_dc.c 28 Dec 2005 18:00:37 - 1.178
+++ dev/dc/if_dc.c 7 Jan 2006 22:20:46 -
@@ -2346,11 +2346,11 @@ dc_detach(device_t dev)
ifp = sc->dc_ifp;
#ifdef DEVICE_POLLING
if (ifp->if_capenable & IFCAP_POLLING)
- ether_poll_deregister(ifp);
+ device_poll_deregister(ifp, ifp->if_xname);
#endif
/* These should only be active if attach succeeded */
if (device_is_attached(dev)) {
DC_LOCK(sc);
@@ -3045,12 +3045,13 @@ dc_tx_underrun(struct dc_softc *sc)
#ifdef DEVICE_POLLING
static poll_handler_t dc_poll;
static void
-dc_poll(struct ifnet *ifp, enum poll_cmd cmd, int count)
+dc_poll(void *arg, enum poll_cmd cmd, int count)
{
+ struct ifnet *ifp = arg;
struct dc_softc *sc = ifp->if_softc;
DC_LOCK(sc);
if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
@@ -3691,11 +3692,11 @@ dc_ioctl(struct ifnet *ifp, u_long comma
break;
case SIOCSIFCAP:
#ifdef DEVICE_POLLING
if (ifr->ifr_reqcap & IFCAP_POLLING &&
!(ifp->if_capenable & IFCAP_POLLING)) {
- error = ether_poll_register(dc_poll, ifp);
+ error = device_poll_register(dc_poll, ifp, ifp->if_xname);
if (error)
return(error);
DC_LOCK(sc);
/* Disable interrupts */
CSR_WRITE_4(sc, DC_IMR, 0x);
@@ -3704,11 +3705,11 @@ dc_ioctl(struct ifnet *ifp, u_long comma
return (error);
}
if (!(ifr->ifr_reqcap & IFCAP_POLLING) &&
ifp->if_capenable & IFCAP_POLLING) {
- error = ether_poll_deregister(ifp);
+ error = device_poll_deregister(ifp, ifp->if_xname);
/* Enable interrupts. */
DC_LOCK(sc);
CSR_WRITE_4(sc, DC_IMR, DC_INTRS);
ifp->if_capenable &= ~IFCAP_POLLING;
DC_UNLOCK(sc);
Index: dev/em/if_em.c
===
RCS file: /home/ncvs/src/sys/dev/em/if_em.c,v
retrieving revision 1.97
diff -p -U5 -r1.97 if_em.c
--- dev/em/if_em.c 28 Dec 2005 09:37:04 - 1.97
+++ dev/em/if_em.c 7 Jan 2006 22:21:04 -
@@ -803,19 +803,19 @@ em_ioctl(struct ifnet *ifp, u_long comma
reinit = 0;
mask = ifr->ifr_reqcap ^ ifp->if_capenable;
#ifdef DEVICE_POLLING
if (mask & IFCAP_POLLING) {
if (ifr->ifr_reqcap & IFCAP_POLLING) {
-error = ether_poll_register(em_poll, ifp);
+error = device_poll_register(em_poll, ifp, ifp->if_xname);
if (error)
return(error);
EM_LOCK(adapter);
em_disable_intr(adapter);
ifp->if_capenable |= IFCAP_POLLING;
EM_UNLOCK(adapter);
} else {
-error = ether_poll_deregister(ifp);
+error = device_poll_deregister(ifp, ifp->if_xname);
/* Enable interrupt even in error case */
EM_LOCK(adapter);
em_enable_intr(adapter);
ifp->if_capenable &= ~IFCAP_POLLING;
EM_UNLOCK(adapter);
@@ -1039,12 +1039,13 @@ em_poll_locked(struct ifnet *ifp, enum p
if (!IFQ_DRV_IS_EMPTY(&ifp->if_snd))
em_start_locked(ifp);
}
static void
-em_poll(struct ifnet *ifp, enum poll_cmd cmd, int count)
+em_poll(void *arg, enum poll_cmd cmd, int count)
{
+ struct ifnet *ifp = arg;
struct adapter *adapter = ifp->if_softc;
EM_LOCK(adapter);
if (ifp->if_drv_flags & IFF_DRV_RUNNING)
em_poll_locked(ifp, cmd, count);
Index: dev/firewire/if_fwe.c
===
RCS file: /home/ncvs/src/sys/dev/firewire/if_fwe.c,v
retrieving revision 1.41
diff -p -U5 -r1.41 if_fwe.c
--- dev/firewire/if_fwe.c 11 Oct 2005 07:30:06 - 1.41
+++ dev/firewire/if_fwe.c 7 Jan 2006 22:21:04 -
@@ -104,12 +104,13 @@ TUNABLE_INT("hw.firewire.fwe.rx_queue_le
#ifdef DEVICE_POLLING
static poll_handler_t fwe_poll;
static void
-fwe_poll(struct ifnet *ifp, enum poll_cmd cmd, int count)
+fwe_poll(void *arg, enum poll_cmd cmd, int count)
{
+ struct ifnet *ifp = arg;
struct fwe_softc *fwe;
struct firewire_comm *fc;
if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
return;
@@ -290,11 +291,11 @@ fwe_detach(device_t dev)
fwe = device_get_softc(dev);
ifp = fwe->eth_softc.ifp;
#ifdef DEVICE_POLLING
if (ifp->if_capenable & IFCAP_POLLING)
- ether_poll_deregister(ifp);
+ device_poll_deregister(ifp, ifp->if_xname);
#endif
s = splimp();
fwe_stop(fwe);
#if defined(__DragonFly__) || __FreeBSD_version &l
Polling for devices other than NICs [patch]
I've recently been optimizing the hifn driver for low performance
systems like the Soekris. I've implemented polling (rather than using
interrupts for everything) in the driver, which speeds things up
considerably.
The polling functionality in FreeBSD is currently a bit NIC centric.
With a few changes other types devices can use the polling subsystem.
Attached is my first whack at this.
This is some of my first hacking on the FreeBSD kernel. It'd be great if
there was someone who could take a look and help me get it right.
Cheers,
Nate
Note: The patch applies to RELENG_6_0. When necessary I can prepare a
patch against HEAD.
? device-polling.patch
Index: dev/em/if_em.c
===
RCS file: /home/ncvs/src/sys/dev/em/if_em.c,v
retrieving revision 1.65.2.5.2.1
diff -p -U5 -r1.65.2.5.2.1 if_em.c
--- dev/em/if_em.c 22 Oct 2005 22:07:20 - 1.65.2.5.2.1
+++ dev/em/if_em.c 6 Jan 2006 01:37:28 -
@@ -716,19 +716,19 @@ em_ioctl(struct ifnet *ifp, u_long comma
reinit = 0;
mask = ifr->ifr_reqcap ^ ifp->if_capenable;
#ifdef DEVICE_POLLING
if (mask & IFCAP_POLLING) {
if (ifr->ifr_reqcap & IFCAP_POLLING) {
-error = ether_poll_register(em_poll, ifp);
+error = device_poll_register(em_poll, ifp, ifp->if_xname);
if (error)
return(error);
EM_LOCK(adapter);
em_disable_intr(adapter);
ifp->if_capenable |= IFCAP_POLLING;
EM_UNLOCK(adapter);
} else {
-error = ether_poll_deregister(ifp);
+error = device_poll_deregister(ifp, ifp->if_xname);
/* Enable interrupt even in error case */
EM_LOCK(adapter);
em_enable_intr(adapter);
ifp->if_capenable &= ~IFCAP_POLLING;
EM_UNLOCK(adapter);
@@ -946,12 +946,13 @@ em_poll_locked(struct ifnet *ifp, enum p
if (!IFQ_DRV_IS_EMPTY(&ifp->if_snd))
em_start_locked(ifp);
}
static void
-em_poll(struct ifnet *ifp, enum poll_cmd cmd, int count)
+em_poll(void *arg, enum poll_cmd cmd, int count)
{
+ struct ifnet *ifp = arg;
struct adapter *adapter = ifp->if_softc;
EM_LOCK(adapter);
if (ifp->if_drv_flags & IFF_DRV_RUNNING)
em_poll_locked(ifp, cmd, count);
Index: dev/firewire/if_fwe.c
===
RCS file: /home/ncvs/src/sys/dev/firewire/if_fwe.c,v
retrieving revision 1.37.2.2
diff -p -U5 -r1.37.2.2 if_fwe.c
--- dev/firewire/if_fwe.c 7 Oct 2005 14:00:03 - 1.37.2.2
+++ dev/firewire/if_fwe.c 6 Jan 2006 01:37:28 -
@@ -104,12 +104,13 @@ TUNABLE_INT("hw.firewire.fwe.rx_queue_le
#ifdef DEVICE_POLLING
static poll_handler_t fwe_poll;
static void
-fwe_poll(struct ifnet *ifp, enum poll_cmd cmd, int count)
+fwe_poll(void *arg, enum poll_cmd cmd, int count)
{
+ struct ifnet *ifp = arg;
struct fwe_softc *fwe;
struct firewire_comm *fc;
if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
return;
@@ -290,11 +291,11 @@ fwe_detach(device_t dev)
fwe = device_get_softc(dev);
ifp = fwe->eth_softc.ifp;
#ifdef DEVICE_POLLING
if (ifp->if_capenable & IFCAP_POLLING)
- ether_poll_deregister(ifp);
+ device_poll_deregister(ifp, ifp->if_xname);
#endif
s = splimp();
fwe_stop(fwe);
#if defined(__DragonFly__) || __FreeBSD_version < 50
@@ -462,22 +463,22 @@ fwe_ioctl(struct ifnet *ifp, u_long cmd,
struct ifreq *ifr = (struct ifreq *) data;
struct firewire_comm *fc = fc = fwe->fd.fc;
if (ifr->ifr_reqcap & IFCAP_POLLING &&
!(ifp->if_capenable & IFCAP_POLLING)) {
-error = ether_poll_register(fwe_poll, ifp);
+error = device_poll_register(fwe_poll, ifp, ifp->if_xname);
if (error)
return(error);
/* Disable interrupts */
fc->set_intr(fc, 0);
ifp->if_capenable |= IFCAP_POLLING;
return (error);
}
if (!(ifr->ifr_reqcap & IFCAP_POLLING) &&
ifp->if_capenable & IFCAP_POLLING) {
-error = ether_poll_deregister(ifp);
+error = device_poll_deregister(ifp, ifp->if_xname);
/* Enable interrupts. */
fc->set_intr(fc, 1);
ifp->if_capenable &= ~IFCAP_POLLING;
return (error);
}
Index: dev/firewire/if_fwip.c
===
RCS file: /home/ncvs/src/sys/dev/firewire/if_fwip.c,v
retrieving revision 1.7.2.3
diff -p -U5 -r1.7.2.3 if_fwip.c
--- dev/firewire/if_fwip.c 7 Oct 2005 14:00:03 - 1.7.2.3
+++ dev/firewire/if_fwip.c 6 Jan 2006 01:37:28 -
@@ -111,12 +111,13 @@ TUNABLE_INT("hw.firewire.fwip.rx_queue_l
#ifdef DEVICE_POLLING
static poll_handler_t fwip_poll;
static void
-fwip_poll(struct ifnet *ifp, enum poll_cmd cmd, int count)
+fwip_poll(void *arg, enum poll_cmd cmd, int count)
{
+ struct ifnet *ifp = arg;
struct fwip_softc *fwip;
struct firewire_comm *fc;
if (!(ifp->if_drv_flags & IFF_DRV_RUNNING))
return;
@@ -272,11 +273,11 @@ fwip_detach(device_t dev)
fwip = (struct fwip_softc *)device_get_softc(dev);
ifp = fwip->fw_softc.fwip_ifp;
#ifdef DEVICE_POLLING
if (i
Re: Memory leak in net80211 on FBSD 6.0
Nate Nielsen wrote: > I'm experiencing a memory leak in the net80211 code. I have two atheros > 5213-A cards on two embedded systems running FreeBSD 6.0. They are setup > as IBSS (adhoc) stations. After roughly 15 seconds of ~14Mbps TCP > traffic (single stream) I promptly run out of memory: > >>login: panic: kmem_malloc(4096): kmem_map too small: 25165824 total allocated >>Uptime: 3m0s >>Cannot dump. No dump device defined. >>Automatic reboot in 5 seconds - press a key on the console to abort >>Rebooting... > > The boxes have 64MB of memory each. > vmstat -m reports the following just before the panic: > >> Type InUse MemUse HighUse Requests Size(s) >> >>80211node 20554 20554K -20559 512,1024 I've put debugging code in node_alloc() and node_free() (in net80211/ieee80211_node.c) and can confirm that thousands of ieee80211_node structures are being allocated, at a cost of 1K a piece. I'll continue to look into this (stumbling about), but if anyone has any advice or ideas of where to look, I'd be eternally grateful. Cheers, Nate ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sata
On Thursday 13 October 2005 01:29, rusel wrote: > Hello, does any FreeBSD relase supports Intel`s SATA Controller? 1) You should have been able to find this out on your own. Specifically here: http://www.freebsd.org/releases/5.4R/hardware-i386.html (which is linked to from the Release Information page of the main FreeBSD website) and here: http://www.freebsd.org/cgi/man.cgi?query=ata&sektion=4&manpath=FreeBSD+5.4-RELEASE (which is linked to from the above link, among other places) 2) Even if you couldn't find this info on your own, this is entirely the wrong mailing list. -questions or -stable might have been more appropriate. 3) Which Intel SATA controller are you asking about? 4) The answer is probably yes. The ata driver in FreeBSD 6.0 supports every mainstream Intel ATA controller I'm aware of, up to and including ICH6 (ICH5 for FreeBSD 5.4 according to the manpage above). JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPFW NATD = NAT POOL
No. I think each instance of natd (at least last time I looked at it) could only use one IP address as it's public address. Cheers, Nate Daniel Dias Gonçalves wrote: > Exists the possibility to make NAT POOL with IPFW + NATD ? > ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kernel.gz.aa & kernel.gz.ab
On Monday 05 September 2005 07:58 pm, John Nielsen wrote: > On Monday 05 September 2005 04:56 am, Matthew West wrote: > > On Fri, Sep 02, 2005 at 08:47:30AM -0400, John Nielsen wrote: > > > On Friday 02 September 2005 08:35, Donatas wrote: > > > > wonder how could I decompress $subj filesthey doesn't seems to > > > > be in tar or gzip formats. > > > > > > > > files are taken from kern1.flp nad kern2.flp on > > > > 5.4-RELEASE/floppies > > > > > > cat kernel.gz.aa kernel.gz.ab > kernel.gz > > > gunzip kernel.gz > > > > You're still missing the first part of the file. > > > > You also need to grab kernel.gz.boot from the boot.flp image. > > > > Then you can do a: > > > > cat kernel.gz.boot kernel.gz.aa kernel.gz.ab > kernel.gz > > That makes sense. Do you know offhand what the other file on the boot > floppy is for (kernel.gz.split, I believe)? .. or I could just follow your advice: > Take a look at src/release/scripts/split-file.sh to see how these files > are generated. Sorry for the noise. (kenel.gz.split is the split index file) JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kernel.gz.aa & kernel.gz.ab
On Monday 05 September 2005 04:56 am, Matthew West wrote: > On Fri, Sep 02, 2005 at 08:47:30AM -0400, John Nielsen wrote: > > On Friday 02 September 2005 08:35, Donatas wrote: > > > wonder how could I decompress $subj filesthey doesn't seems to be > > > in tar or gzip formats. > > > > > > files are taken from kern1.flp nad kern2.flp on 5.4-RELEASE/floppies > > > > cat kernel.gz.aa kernel.gz.ab > kernel.gz > > gunzip kernel.gz > > You're still missing the first part of the file. > > You also need to grab kernel.gz.boot from the boot.flp image. > > Then you can do a: > > cat kernel.gz.boot kernel.gz.aa kernel.gz.ab > kernel.gz That makes sense. Do you know offhand what the other file on the boot floppy is for (kernel.gz.split, I believe)? JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kernel.gz.aa & kernel.gz.ab
On Friday 02 September 2005 08:35, Donatas wrote: > wonder how could I decompress $subj filesthey doesn't seems to be in > tar or gzip formats. > > files are taken from kern1.flp nad kern2.flp on 5.4-RELEASE/floppies cat kernel.gz.aa kernel.gz.ab > kernel.gz gunzip kernel.gz JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Locating obsolete ports distfiles
On Monday 22 August 2005 12:43 am, Mike Meyer wrote: > In <[EMAIL PROTECTED]>, Peter Jeremy <[EMAIL PROTECTED]> typed: > > I currently have just over 8GB is /usr/ports/distfiles. Some of these > > files are more than 10 years old and long obsolete. Does anyone have > > any suggestions on how to identify which files are no longer referenced > > by current ports? > > > > Doing a 'make checksum' on every installed port and then looking at > > the atimes is one approach but this doesn't handle: > > - ports that I don't currently have installed but might need > > - ports installed on systems that mount /usr/ports readonly > > Install sysutils/portupgrade, and do a "portsclean -D". That will > remove all the distfiles that aren't referenced by any port in the > tree. Do "portsclean -DD" and it'll remove all distfiles not used by > an installed port. Alternatively there is the distclean.sh script in ports/Tools/scripts. Run it with the -f switch to delete outdated distfiles without confirmation. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: the current status of nullfs, unionfs
On 2005.03.10 14:41:30 +0300, Denis Shaposhnikov wrote: > >>>>> "Kris" == Kris Kennaway <[EMAIL PROTECTED]> writes: > > Kris> nullfs seems to work fine, unionfs is very fragile and easily > Kris> exploded. > > nullfs is absolutely useless for jail's because TOO slow. That obviously depend on your use of jails and nullfs. It works just fine for me. -- Simon L. Nielsen pgpwLjjCOoXyp.pgp Description: PGP signature
Re: nForce3 NIC on 5.3 (i386)
On Wednesday 19 January 2005 12:29 am, Sven Ahtama wrote: > Anyone here who have managed to get the nForce3 MCP NIC to work with > FreeBSD 5.3 on i386 platform? FWIW, I've had pretty much the same experience, although you were more thorough than I was. I installed 5.3-R on a new motherboard with an MCP chipset and installed the net/nvnet port. No complaints, no errors, no NIC. I'm using a PCI card for the time being but I would love to hear about a way to get the onboard NIC working if there is one. JN ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rc.shutdown and jails
Julian Elischer wrote: I think we should introduce an "init" process for jails.. It would be responsible for all that the normal init is responsible for except for being the default parent.. (some might argue for that too). Sending it a particular signal would notify it to send shutdown signals to all its compatriots in the jail etc. This was necessary pre 5.2. Now that's it's possible to do all of this from the host system (by adding a process to a jail) there's no real need for an init type process anymore. As Michal mentioned, utilities like 'jailer' or 'kjailer' used to be necessary, but now a few simple utilities or scripts can manage a jail from the host system just fine. If these utilities were found in FreeBSD itself, it would round out the jail side of things nicely. Of course I'm partial to my own 'jailutils' but others that served the same purpose would work just as well. http://memberwebs.com/nielsen/freebsd/jails/jailutils/ The only thing I miss from this change is the inability to have per-jail consoles (which was possible with the 'jailer' package in 4.x), but that's another topic. Cheers, Nate ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rc.shutdown and jails
Ralf S. Engelschall wrote: Currently a "/etc/rc.d/jail stop" just kills all processes in the individual jails. If /etc/default/rc.conf's default way of booting the jails (jail_exec="/bin/sh /etc/rc") is used this is a rather crual approach IMHO. I think if the jail is booted through /etc/rc it also should be given the chance to shutdown via /etc/rc.shutdown. If then there are still processes remaining, the killall(1) is fine, of course. This way packages and other sub-systems have the chance to perform a graceful shutdown. Definitely a good plan. You just have to watch out for environment variable leakage into the jail subsystem when using jexec. A minor concern, perhaps. This is what the jkill from the jailutils package does: http://memberwebs.com/nielsen/freebsd/jails/jailutils Cheers, Nate ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [PATCH] Re: Linksys PCM200
On 2004.10.20 22:59:50 -0600, [EMAIL PROTECTED] wrote: > > [got no answer on [EMAIL PROTECTED] > > I've tested this on 5.3-BETA7 - works OK, no more watchdog timeouts. > So could someone review those patches and add them to the source tree? > It's probably a good idea to update dc(4) and supported hw list also. > > /usr/src/sys/pci/if_dc.c udiff: [...] Unless a src committer picks this up within the next couple of days I would suggest filing a PR with the patch so it does not get lost. -- Simon L. Nielsen FreeBSD Documentation Team pgp6hW4GpGJZ3.pgp Description: PGP signature
Re: [CFR] Specify the lock(1) timeout unit
On 2004.10.21 14:37:10 +0300, Peter Pentchev wrote: > Here's a little patch that teaches lock(1) about timeouts specified in > seconds, hours, or days in addition to the minutes it currently assumes. > I could commit this in a week if there are no objections. Wouldn't it be more natural to just append the time-unit type to the argument given to -t, e.g. "-t 10s" or "-t 10h". That just seem like the more intuitive way to handle it to me... Note: this is a suggestion, not an objection to the original patch. -- Simon L. Nielsen FreeBSD Documentation Team pgplLx6xiPz8q.pgp Description: PGP signature
Re: Protection from the dreaded "rm -fr /"
On 2004.10.02 16:48:46 +0200, Dimitry Andric wrote: > On 2004-10-02 at 10:19:28 Giorgos Keramidas wrote: > > > His idea was remarkably simple, so I went ahead and wrote this patch for > > rm(1) of FreeBSD: > > Of course, your work is commendable, but isn't is much simpler to just > not type commands like that? I mean, "rm -rf /etc" or "rm -rf /bin" > are just as bad, but do you really want to be checking for all > possible `bad' deletions? That way, we'll start to look like some > software from Redmond... :) As keramida has noted this particular case is more likely to be made by mistake than many others, e.g. by doing "rm -rf / foo/bar" where "rm -rf /foo/bar/" was meant. Therefor I really think keramidas _optional_ foot-shooting feature is a nice thing. I know I will enable it on my systems if it's committed, and probably keep it as a local patch if not. -- Simon L. Nielsen FreeBSD Bikeshed Team pgpLItYADoz5L.pgp Description: PGP signature
Re: make "quickworld"? (like in DragonFly)
On 2004.08.14 10:03:37 +0200, Geert Hendrickx wrote: > On Wed, Aug 11, 2004 at 02:47:14PM +0200, Simon L. Nielsen wrote: > > On 2004.08.11 00:36:06 +0200, Geert Hendrickx wrote: > > > Hi, > > > > > > is there any way (or could it be implemented) to rebuild only the > > > changes in world and kernel sources after a cvsup? DragonFly BSD > > > features "make quickworld" and "make quickkernel" which does exactly > > > that. > > > > You can do that already: > > > > make buildworld buildkernel -DNOCLEAN > > Does adding "NOCLEAN=true" to /etc/make.conf have the same effect? It should (though I haven't tried it); just remember to disable it when things start to blow up :-). -- Simon L. Nielsen FreeBSD Documentation Team pgpzXuNlJFEdW.pgp Description: PGP signature
Re: make "quickworld"? (like in DragonFly)
On 2004.08.11 00:36:06 +0200, Geert Hendrickx wrote: > Hi, > > is there any way (or could it be implemented) to rebuild only the > changes in world and kernel sources after a cvsup? DragonFly BSD > features "make quickworld" and "make quickkernel" which does exactly > that. You can do that already: make buildworld buildkernel -DNOCLEAN -- Simon L. Nielsen FreeBSD Documentation Team pgpdQMAuh4g5g.pgp Description: PGP signature
Re: FreeBSD and MySQL - mysqld eats CPU alive
On Saturday 31 July 2004 21:08, adp wrote: > I recently posted the following message to MySQL discussion list. The > response there, and the one I keep finding on Google, is that this is a > long-standing issue betweeen FreeBSD and MySQL. For me this has been > happening since FreeBSD 4.4. I don't have any additional info about the problem, but as you say it does seem to be a long-standing issue. The hosting company I use (johncompanies.com -- highly recommended) has a "nanny" script that you may find useful: http://www.johncompanies.com/collocation/knowledge/freebsd_mysqld_nanny.txt HTH, JN ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fundraising for FreeBSD development.
On 2004.04.08 23:34:26 +0200, Poul-Henning Kamp wrote: > In message <[EMAIL PROTECTED]>, John Von Essen writes: > >If the fund raising is connected with FreeBSD, could people who donate > >larger amounts get some form of acknowledgement on the FreeBSD site? This > >would give an incentive for vendors who sell products that rely or use > >FreeBSD to donate larger amounts. > > (see above) > > Everybody who donate will be listed (possibly anonymously) on > http://people.freebsd.org/~phk/donations.html > > I cannot promise exposure on the main FreeBSD Project pages, that > would be up to the webmasters (and to some extent the core team) > to arrange and allow for such precense. We currently have list of donors both on http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/index.html#DONORS and on http://www.freebsd.org/donations/donors.html so I don't see a reason why donations to phk's project could not be somewhere on the main FreeBSD website. -- Simon L. Nielsen FreeBSD Documentation Team pgp0.pgp Description: PGP signature
Re: Status GBDE attach at boot
On 2004.01.18 10:19:31 -0500, Allan Fields wrote: > On Sun, Jan 18, 2004 at 02:43:42PM +0100, Simon L. Nielsen wrote: > > On 2004.01.17 14:53:58 -0500, Allan Fields wrote: > > > Hi, > > > > > > I'm interested to know what may be in the pipeline as far as GBDE > > > boot time attach/automation support. Has anyone committed to > > > implementing these features? (I don't see it anymore (on the 5.3 > > > todo list) in releng pages.) > > > > 5.2 already has support for attaching GBDE volumes at boot by using the > > /etc/rc.d/gbde script. I have been using it for a while, and it works > > OK. > > Ahh.. ok, didn't see the changes yet. That is a straight forward > approach - could there just as easily be a similar facility for other > geoms? That shouldn't be a problem... of course depending on exactly you want to configure it might be more or less simple to do. The dependency tree for the rc system can make the script start when needed in the boot sequence without any hacks. Of course the issue of how to set user configuration still exists (as discussed a few times before on the lists), since rc.conf can fast become very cluttered. > > I sent a patch yesterday to the freebsd-rc mailing list make the gbde > > rc.d script work a bit better (see > > http://groups.yahoo.com/group/FreeBSD-rc/message/659 ). > > > > > As a fstab is concerned with mount hack, this is the right approach > > > > I think it's better to just use a rc.d script to attach gbde volumes > > before the normal filesystem mount, since it seems more "clean". Of > > This is good including specifying lockfile dir, but implies passphrase > entry before continuing on always the console? This is the way it works now, but this could be extended. I'm mainly using gbde to encrypt /home on desktops, so asking the password on the console works fine for me. > Which brings us to passphrase from file/filedesc issue vs. from tty > / on command line. Could password prompts be read from another > terminal or from secure source like key device or remote terminal > while the booting continues in the mean-time? I don't see any reason why not, if the "connection" is secure, but I haven't looked into this (since I haven't had the need to) so I'm not exactly sure what kind of problems there are (both programming and security issues). > > course the rc.d script could be enhanced e.g. to support random keys, > > like your "temp" feature. > > Yup. Idea was raised previously on the lists by lucky and phk. > Seems like a good idea for swap,/tmp setup. I actually have an rc.d script by Geoffrey T. Falk <[EMAIL PROTECTED]>, which was posted to some mailing list a few months ago, for gbde swap with random password, but since it confuses the crashdump system I'm not using it right now. -- Simon L. Nielsen FreeBSD Documentation Team pgp0.pgp Description: PGP signature
Re: Status GBDE attach at boot
On 2004.01.17 14:53:58 -0500, Allan Fields wrote: > Hi, > > I'm interested to know what may be in the pipeline as far as GBDE > boot time attach/automation support. Has anyone committed to > implementing these features? (I don't see it anymore (on the 5.3 > todo list) in releng pages.) 5.2 already has support for attaching GBDE volumes at boot by using the /etc/rc.d/gbde script. I have been using it for a while, and it works OK. I sent a patch yesterday to the freebsd-rc mailing list make the gbde rc.d script work a bit better (see http://groups.yahoo.com/group/FreeBSD-rc/message/659 ). > As a fstab is concerned with mount hack, this is the right approach I think it's better to just use a rc.d script to attach gbde volumes before the normal filesystem mount, since it seems more "clean". Of course the rc.d script could be enhanced e.g. to support random keys, like your "temp" feature. -- Simon L. Nielsen FreeBSD Documentation Team pgp0.pgp Description: PGP signature
Re: Gratituous ARP and the em driver
Yes, this is the case. I tested it again, and the arp packet in question doesn't get to the other machines. The sending machine does send gratituous arp, however the em NIC is down for 3 or 4 seconds, and the packet isn't sent on the wire. I find it odd that the em driver would need to reinitialize the NIC each time an alias is added. I haven't seen any other network drivers do this. And, yes, it occurs every time an alias is added or removed from the NIC. Not just the first time. Cheers, Nate Robert Watson wrote: On -1 xxx -1, Nielsen wrote: If you run tcpdump on the machine to sniff the interface in question looking for arp packets, does tcpdump see the gratuitous arp? I'm guessing that it does, and the lack of sending the arp is a result of delays in negotiating on the wire. Does this problem turn up only the first time you raise the interface, or every time you change the IP address on the interface? Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Senior Research Scientist, McAfee Research ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Gratituous ARP and the em driver
When I change IP addresses on my 'em' gigabit NIC, ARP isn't sent properly. This appears to be the problem in the following bug report, however i'm using the 'fixed' version of the em driver (in FreeBSD 4.9). http://www.freebsd.org/cgi/query-pr.cgi?pr=54488 Does anyone have any tips on how to get around this? I'm building new systems with gigabit ethernet support and this problem keeps cropping up. I have a failover system, and when moving an IP alias between machines, the em NIC driver doesn't properly send out gratituous ARP, resulting in the IP being inaccessible. - The problem does not occur when plugged into a 100BaseTX switch - FreeBSD 4.9p1 / em version 1.7.16 - Tried various gigabit switches. - One other odd thing is that when configuring the NIC (ifconfig) the machine locks up for several seconds. Thanks in advance. Nate ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Where is FreeBSD going?
On 2004.01.08 21:39:07 -0700, M. Warner Losh wrote: > In message: <[EMAIL PROTECTED]> > [EMAIL PROTECTED] (Gary W. Swearingen) writes: > > : and the "Copyright" page has that plus a similar claim for > : "FreeBSD, Inc." (For 2004, even.) > > That should be changed. To? I have noticed FreeBSD, Inc on the copyright page a few times, but I never really knew what to replace it with. -- Simon L. Nielsen FreeBSD Documentation Team pgp0.pgp Description: PGP signature
Re: optionally include file within a Makefile
On 2003.12.18 20:13:16 -0500, Dan Langille wrote:
> On 18 Dec 2003 at 19:02, Dan Langille wrote:
>
> > My goal is provide a way to override values in a Makefile with values
> > from a local config file.
>
> I'm getting further. What's the proper way to do an include?
Perhaps (not tested, so there may be typos):
.if exists(${HOME}/.bacula-regress)
.include "${HOME}/.bacula-regress"
.endif
or something along those lines. The make(1) manual page contains a lot
of useful information.
--
Simon L. Nielsen
FreeBSD Documentation Team
pgp0.pgp
Description: PGP signature
Re: non-root process and PID files
Christopher Vance wrote: May I suggest a different feature: the ability to mark an open file (not just its fd) 'remove on close', with permission checked at mark time rather than close time (this status forgotten if not permitted when set) and the unlink actually done at close time only if the file has exactly one link and one open file instance at that time. WinNT (2K etc...) has this capability. Not saying that this makes it a good idea though. Nate ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Archive for cvs-src
On 2003.10.10 14:08:21 -0700, Sandeep Kumar wrote: > Hi, > > The oldest message in > http://lists.freebsd.org/pipermail/cvs-src.mbox/cvs-src.mbox seems to be > from 2003/03/24. > Is there a way to get messages prior to that? Older messages for all the mailing lists are at http://docs.freebsd.org/mail/ . The source commit logs can also be found in CVSROOT-src/commitlogs in the CVS repository. -- Simon L. Nielsen FreeBSD Documentation Team pgp0.pgp Description: PGP signature
Re: NFS mounts and jails
> As far as I know, that means that NFS partition has to be mounted > (redundantly?) for each jail, even in (in my case), they'll all be > access in the the same way (eg. read-only). Yup, that's right. > - is my assertion correct; that is, do I need to redundantly mount > the same NFS partition for each jail for each jail to access it? As far as I know, yes that's the case. If you're mounting the same system however you may want to look into mount_null. Yes, there are cache issues, and these have been discussed multiple times (see the archives), but I've used null mounts successfully in read-only mode for several years now without problems. Cheers, Nate ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PUzzling sshd behaviour
On 2003.09.05 12:29:10 -0400, Dwayne MacKinnon wrote: > Ted Faber wrote: > >On Fri, Sep 05, 2003 at 12:04:04PM -0400, Dwayne MacKinnon wrote: > > > >>That much I know. I was just wondering why the daemon is trying DNS > >>lookup when the IP in question is listed in /etc/hosts. I thought > >>listings in /etc/hosts would supercede the need for a DNS lookup. Of > >>course, I could be wrong... it wouldn't be the first time. :-) > > > > > >If you haven't you need to check out /etc/host.conf , the file that > >configures the hostname lookup order (at least on 4.8). > >man 5 host.conf will tell you all about it. If you have already > >configured this, you might want to look again. (man -k resolver should > >help you find whatever it is on 5.x - I suspect it's nsswitch.) > > My host.conf is a FreeBSD 4.8 default one: it lists hosts, then bind. > That's why I don't understand why it's doing DNS... there's a listing in > hosts, and according to host.conf the hosts listing should be found first. Do you use Privilege Separation? That can give interesting results with DNS due to chroot into /var/empty... see the mailing lists archives. -- Simon L. Nielsen FreeBSD Documentation Team pgp0.pgp Description: PGP signature
Re: messing with CVS_LOCAL_BRANCH_NUM
On 2003.08.02 15:35:48 -0400, Brian Reichert wrote:
> I'm exploring the 'local repository' tactics as described in:
>
> <http://www.scriptkiddie.org/freebsd/setting_up_local_repo.html>
[snip]
> > cvs ci src
> cvs commit: Examining src
> You are committing on the wrong repository!
> cvs commit: Pre-commit check failed
> cvs [commit aborted]: correct above errors first!
>
> Where is this 'wrong repository' concept coming from? My CVSROOT
> hasn't changed. A google search for that disgnostic message yeilds
> no hits...
The problem is the file CVSROOT/nocommits.sh, which is used as a
safeguard in the FreeBSD tree. I replace the file every time I run
cvsup with the following version:
#! /bin/sh
# $FreeBSD$
#
# This is just some basic anti-foot-shooting to avoid accidental commits
# to cvsup'ed copies of the repository etc.
OKUSER="simonln"
if [ "x`/usr/bin/id -un`" = "x${OKUSER}" ]; then
exit 0
fi
echo "I should only commit as ${OKUSER}!"
exit 1
You could just make a simple script which call 'exit 0' (or perhaps
remove the file; I haven't tried that), but the above version fits
better into my rather odd setup :-).
I have started some work on documenting the CVS_LOCAL_BRANCH_NUM use,
but unfortunatly there are only 24 hours in a day, so I have no idea
when I will get around to finishing it.
--
Simon L. Nielsen
FreeBSD Documentation Team
pgp0.pgp
Description: PGP signature
Re: Committing a driver to -stable
On 2003.07.18 13:28:27 +, Bosko Milekic wrote: [CUT] > wait for someone from the TRB (is there a list of who's part of this > group somewhere, anyway?) and/or -core to respond before you take There is a list with the TRB members at http://www.freebsd.org/internal/staff.html . -- Simon L. Nielsen pgp0.pgp Description: PGP signature
Re: gethostbyname_r
On 2003.07.02 14:45:49 -0700, Wes Peters wrote: > On Monday 30 June 2003 14:39, Kris Kennaway wrote: > > > > There was a bogus non-reentrant version half-implemented in libc in > > both 4.x and 5.x, which I recently removed in 5.x. I need to remove > > it on 4.x as well. General consensus seems to be that implementing > > it properly is Hard. > > Yes, it is, or at least was in 4.x. I thought we got a shiny new > gethostbyname_r with Jacques Vidrine's nss implementation in 5.0, > though. Is this not right? Not yet. Jacques Vidrine explained what would be required to do it, on -threads about a week ago : Msg-id: [EMAIL PROTECTED] or http://www.freebsd.org/cgi/getmsg.cgi?fetch=16837+0+/usr/local/www/db/text/2003/freebsd-threads/20! -- Simon L. Nielsen pgp0.pgp Description: PGP signature
Re: gethostbyname_r
On 2003.06.30 16:43:27 +0200, Stijn Hoop wrote: > I was wondering if anybody was working on an implementation of a reentrant > gethostbyname_r function, mostly because it looks like mozilla/firebird will This was discussed on the -threads mailinglist a few weeks ago. Try looking at the achieves. I don't thin anybody is working on it at the moment. -- Simon L. Nielsen pgp0.pgp Description: PGP signature
Re: TODO list?
On 2003.06.27 16:10:13 -0700, Joshua Oreman wrote: > Hi -hackers, > > I currently have a lot of free time and I was wondering whether there was > a TODO list of some sort for bugs that need fixing in FreeBSD. I really > want to help the project, and I think such a list would make it much > easier to do so. If there's no official TODO list, could someone point > out some things? I know C/C++, but I'm very unfamiliar with the kernel. Great :-) There is always plenty to do. I would suggest looking at the PR system and at the 'Contributing to FreeBSD' article which can be found at http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/index.html Hope you find something interesting to spend some time on. -- Simon L. Nielsen pgp0.pgp Description: PGP signature
Re: Drawing graphics on terminal
On 2003.06.16 15:18:52 -0400, Leo Bicknell wrote: > In a message written on Mon, Jun 16, 2003 at 03:10:24PM -0400, Eric Jacobs wrote: > > I don't think the advantage of a GUI-based installer would be > > "eye-candy". libdialog looks fine IMO. It would be to increase the > > ease of use, allow more flexibility in installations, and add more > > troubleshooting/diagnostic options (disabling/enabling/loading > > device drivers, etc.) > > Some of this could be done in the current installer, if there wasn't > an effort to make it still fit on a floppy. Mind you, I'd like to see > the floppy based install stick around for a while, but I think FreeBSD > needs to embrace the CD reality. > > A problem, as I see it, is that the only bootable ISO is the full > FreeBSD CD. For someone who wants to do a minimal net-install on > a CD only computer that's too much. What I think needs to be done > is the current installer enhanced (a few more tools for the emergency > holographic shell, more help, etc), and produced in ISO form, eg a > 3 to maybe 10 meg ISO image you could burn on CD and use like a > floppy is used today. This is why there are mini CD's. E.g. : -rw-rw-r-- 1 1005 1005 237M 5 Jun 18:49 5.1-RELEASE-i386-miniinst.iso Of course it's not just the installer but also enough to install the base system. If you want only the install it should be very easy to make your own ISO with only floppies/boot.flp (2.8MB) which would then contain only the installer... I'm not really sure how many drivers boot.flp contains though. -- Simon L. Nielsen pgp0.pgp Description: PGP signature
Re: jail && (ping && traceroute)
This has been discussed at length. Search the archives of this mailing list (or maybe it was freebsd-security) for interesting insight. Sure set me straight as to the consequences Nate - Original Message - From: "Alexandr Kovalenko" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 30, 2003 8:35 Subject: jail && (ping && traceroute) > [Please Cc: me on reply] > > Hello, > > I have 2 questions: > > - where in code should I search for icmp socket binding prohibition in >jail?; > - what bad consequences will appear if I remove those checks and >prohibition?. > > Thanks in advance! > > -- > NEVE-RIPE, will build world for food > Ukrainian FreeBSD User Group > http://uafug.org.ua/ > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Trailing whitespace in FreeBSD
On 2003.02.10 17:41:47 -0800, Jordan Hubbard wrote: > >I have noticed that that several FreeBSD files (.c, .h and so on) have > >trailing whitespace (spaces/tabs after last charecter on a line). > Wow, deja-vu! /me runs and hides for not checking the achieves first :-) -- Simon L. Nielsen msg39895/pgp0.pgp Description: PGP signature
Trailing whitespace in FreeBSD
Hello I have noticed that that several FreeBSD files (.c, .h and so on) have trailing whitespace (spaces/tabs after last charecter on a line). Should I send patches for this, or is it not important to "fix"? A random example is stdbool.h v. 1.6 on line 30 which has a trailing tab. -- Simon L. Nielsen msg39858/pgp0.pgp Description: PGP signature
Re: Perl issue on freebsd 4.x?
On 2002.12.22 13:36:21 +, Leo Bicknell wrote: > Perl 5.8 does not seem to be a part of 4.x, is it in 5.0 or > -CURRENT? Perl 5.8 can be installed from ports (/usr/ports/lang/perl5.8/). FreeBSD 5/-CURRENT does not have perl in the base system at all. -- Simon L. Nielsen To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: jail
Just for the record, I've had this problem without using vnode backing files. It's exactly the same in all other areas. The machine would lock up at a specific time each week during 'find' in one of the periodic scripts. This occurred when the host and approximately 15 jails executed that command at the same time. Removing the periodic script from the host system solved the problem. This has occurred on a number of machines, and apparently has nothing to do with vn's although that may agravate the problem. Nate Nielsen > "Terry Lambert" <[EMAIL PROTECTED]> > Robert Watson wrote: > > On Thu, 28 Nov 2002, Terry Lambert wrote: > > I'm positive it's a problem. > > Someone posted test code for it already, which is simpler than > the code I've seen the problem reported with. > > I don't personally use jails this way, and it was really > complicated to repeat before the new test code. > > If you are interested, I can find the previous report for you; > it had to do with the guy's system with multiple jails locking > up every day at the same time, which turned out to be the time > the /etc/security cron job ran it's 'find'. > > This was about 4 months ago, and I helped him work around the > problem by rearranging his directories so that the vnode files > acting as backing store were never in the same subdirectory as > a similar file, if you want to look for it in the archives. > > -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: USB support for new HP printers?
On Monday 02 December 2002 05:13, Bernd Walter wrote: > On Sun, Aug 25, 2002 at 11:36:15PM -0600, John Nielsen wrote: > > Are there plans to add USB support for HP's newer printers to FreeBSD? > > Specificially, the OfficeJets and the LaserJet 1200? They use a > > new/different/broken USB interface so they're just recognized as ugen > > devices at the moment.. > > Can you tell details about the difference? Not really. Pretty much everything I know I learned from corresponding with David Paschal on the hpoj-devel mailing list (see hpoj.sourceforge.net). If Geocrawler ever comes back up today you can browse the list. See the thread "FreeBSD howto?" starting August 26 2002. Here is a quote from Mr. Paschal in one of those e-mails: "Hi, John. The LaserJet 1200 advertises several alternate settings for the printer-class interface: 7/1/3 (for IEEE 1284.4 packets, the "new and different USB interface" you mentioned), 7/1/2 (bidirectional raw print data), and 7/1/1 (unidirectional raw print data). If you can somehow convince the ulpt driver to bind to 7/1/2 or 7/1/1 rather than just blindly binding to the first alternate setting it finds, then that should be all you need." The above quote is in reference to getting printing (and only printing) to work on an LJ 1200. For full functionality, you'd need to do a bit more. I think the hpoj project was leaning towards a cross-platform userland solution (hack?) rather than doing kernel mods on several different platforms. JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Arp and Route Commands
On Sunday 17 November 2002 13:53, Karl Timmermann wrote: > I'm new to the list and was hoping maybe someone could help me. These > commands work in Linux (and in this order), but not in FreeBSD/Mac OS X > as the arp and route commands are different: > > arp -s 10.10.10.0 00:00:ca:13:4b:54 -i eth1 > arp -s 10.10.10.0 00:00:ca:13:4b:54 -i eth1 > route add -net 10.10.10.0 netmask 255.255.255.0 dev eth1 > route add default gw 10.10.10.0 dev eth1 > > anyone know how i would change these commands to work with the FreeBSD > versions of arp and route? man arp man route ask on -questions and because I'm feeling helpful: arp -s 10.10.10.1 00:00:ca:13:4b:54 arp -s 10.10.10.2 00:00:ca:13:4b:54 route add -net 10.10.10.0 -netmask 255.255.255.0 -interface fxp0 route add default 10.10.10.1 -interface fxp0 FreeBSD's arp doesn't allow you to specify an interface. Adding the same host to the arp table twice is pointless and would probably produce an error, so I changed the addresses. Replace "fxp0" with the name of the interface in question. With a netmask of 255.255.255.0, 10.10.10.0 is a network address and can't (or at least shouldn't) be used as a router or client address (changed in the example above). I'm forced to wonder why you would want to run this sequence of commands and if there isn't a better way to achieve the desired result. Please reply off-list if you feel so inclined. JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Just a wild idea
IPFW's forwarding feature can be used for transparent proxying on another machine. To do it on the same machine, you'd probably need to use NAT. Nate > I haven't actually tried this, but shouldn't it be possible > to use IPFW's forwarding feature for that? For example, > let sendmail run on port 2500 and then add ipfw fwd rules > to forward between ports 2500 and 25. > > Regards >Oliver To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: USB support for new HP printers?
On Monday 26 August 2002 02:51, Marco Molteni wrote: > On Sun, 25 Aug 2002 23:36:15 -0600, John Nielsen <[EMAIL PROTECTED]> > > wrote: > > Are there plans to add USB support for HP's newer printers to FreeBSD? > > > > Specificially, the OfficeJets and the LaserJet 1200? They use a > > new/different/broken USB interface so they're just recognized as ugen > > devices at the moment.. > > have a look at hpoj.sourceforge.net > they plan FreeBSD USB support for a next release I've been all over the site and read some of the docs. The most useful piece of information I found was this: "FreeBSD, NetBSD, and OpenBSD are not yet supported in USB mode, due to missing functionality in the kernel "ulpt" driver (bidirectional I/O, device ID retrieval, switching to 7/1/3, and HP channel-change-request)." The only FreeBSD information in the TODO section has to do with fixing the build so it works [better]. I don't get the idea that they are planning to add the missing kernel functionality themselves; they don't seem to have done any of that for Linux--they just list using a supported kernel as a requirement for USB. Since I'm mostly just interested in printing to an LJ 1200, I don't know if I'd even use the hpoj stuff unless necessary (although it does look interesting). I'm just wondering if kernel support for these beasties is already being worked on, and where I can get more information. JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
USB support for new HP printers?
Are there plans to add USB support for HP's newer printers to FreeBSD? Specificially, the OfficeJets and the LaserJet 1200? They use a new/different/broken USB interface so they're just recognized as ugen devices at the moment.. JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfilter
That's not how you specify rules. Read the ipf(8) manual page. Cheers Nate > (14:58) root@(bgd)[~] ipf block in all from any to any To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Uptime of a system
How do you apply your kernel patches? Just wondering. > Just like to share my experience with FreeBSD 4.x as a server: > > 4:17PM up 378 days, 5:41, 8 users, load averages: 0.00, 0.00, 0.00 > > This was as of today. The machine was installed 378 days ago and is > a rather active box normally. > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: offtopic: low level format of IDE drive.
Julian Elischer <[EMAIL PROTECTED]> wrote: > One of my FreeBSD development boxes had a hernia last week when it lost > power while writing to disk. The drive wrote out garbage to a track. > > I want to reformat the drive, (low level) but the bios doesn't have any > support to do this (In the past That is how I did this). > The machiine has 1 CD drive and no floppy.. > > anyone with any ideas as to how one can reformat a hard drive feel free to > lend me a clue.. Boot from a fixit CD, and use dd to zero out the whole disk, e.g.: dd if=/dev/zero of=/dev/ad0c JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: multi-link 802.11b through netgraph yields poor performance.
John Kozubik wrote: > Julian, Archie, et al, > > I have experimented with a multi-link 802.11b connection between two > laptops. Both are 4.5-RELEASE, one has two aironet LMC352 cards, and > one has two Lucent gold cards. > > I have successfully used ng_one2many, etc., to establish a working > multi-link between the two systems - however, I would appreciate any > comments regarding the very poor performance I see when networked in > this manner. > > The problem I see is that, when using `ping` on either machine, > exactly every other packet is dropped. After running `ping` for many > minutes, trying it from both machines, it is clear that _exactly_ > every other packet is dropped. Further, echo response time is > between 2.2 and 2.5 milliseconds, which seems very high. > Any comments as to why the problems I am seeing (half of packets > dropped and high latency) exist are appreciated. I am using a multilink connection between a fileserver and a switch, and it works fine. This is with regular 100Mbit ethernet cards. On one occasion I unplugged the "secondary" NIC from the switch without undoing the one2many setup. And every other packet to the machine was dropped. I saw the same thing you were seeing with your pings. So.. I would think that netgraph is doing its thing, distributing packets evenly between your two interfaces, but that one of the interfaces isn't behaving. My one2many script is essentially the same as yours except for the order. I don't know if it makes a difference (it _shouldn't_), but in my script I bring the secondary interface up before doing anything else (and then I load the ng_ether and ng_one2many modules, but I assume you're doing that elsewhere). I don't know a great deal about any of this, but I thought this might give you a clue as to what to look for. Good luck, JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw/dummynet suggestion
> Seriously, I'm wondering what "security restrictions" are so > onerous that users are willing to change their IP addresses to > get around them, and why they are there in the first place? Well in certain cases it's company policy that certain machines (ie: users) can't browse the web during certain hours. I didn't make the rules, just asked to implement them. > Finally, I'll suggest that if you truly want to implement this > thing, that the "correct" way to do it is probably to use the > per machine NT Domain Controller information via hacking up the > code from the SAMBA project, so that you can *ask* the NT domain > controller for the credentials associated with an IP address, > since this access control model is why NT Domaons were designed. True, but often the simplest, semi-reliable solution wins out, so it came down to machines and MAC addresses. Nate To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: ipfw/dummynet suggestion
Usually remote MAC address. It's used for restricting users on a subnet. I have an ugly hack that does this at present and am looking forward to the MAC address support. Yes, I know users can conceivably change their MAC addresses but most would never know how. They change their IP addresses to get around security restrictions all the time. Nate > Ken Ebling wrote: > > > >Part 1.1Type: Plain Text (text/plain) > >Encoding: quoted-printable > > | I know this isn't performed at the ip level, but I think a useful = > | addition to ipfw would be to allow filtering by mac addresses. I think = > | a lot of people would find it useful, and a lot of linux users I try and = > | ``convert'' to FreeBSD say they require this feature too. > > Local or remote MAC addresses? > > The remote MAC address is always going to be a peer on the local > wire; usually, this is your router. > > The local MAC address is a 1:N correspondance with IP addresses, > so you can always do whatever you were planning on doing there > using the local IP addresses that are associated with the MAC > in question. > > What is it you are trying to do that is apparently not very > obvious? > > -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: FreeBSD 2.2.x ISO images.
- Original Message - From: "Jefferson Harlough" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 23, 2002 12:19 PM Subject: FreeBSD 2.2.x ISO images. > Where might I find ISO images for the FreeBSD 2.2.x releases? Do such > files exist? > > I have an older system with a non-IDE Creative CD-ROM drive, and FreeBSD > 4.x seems to not support that drive any more. I do have several FreeBSD 3.x > releases, but they always hang with a kernel panic when booting via the > included bootdisks. Would the FreeBSD 2.2.x series of releases work with > such a CD-ROM drive? You CD-ROM is _probably_ usable under 4.x with one of either the mcd, scd, or matcd drivers. These have been removed from the GENERIC kernel, but are still available as options for a custom kernel. See their respective manpages (as well as LINT) for more info. JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: (jail) problem and a (possible) solution ?
> 1) do you allow them write access to their /dev/mem, /dev/kmem, /dev/io ? Actually haven't yet let anyone else inside a jail with root capabilities. Will soon though. So, no probably not, unless there's a daemon which does just that. > 2) does this sound like what you see? Can you still ping the crashed > server ? Kernel routing still works. And yes ping too. But come to think of this I've seen it on other (4.5, patched pretty much to date) machines I use exclusively as routers. These have no jails on them. In these cases after uptimes of let's say 2 or 3 months, the machine's daemons stop responding and although a socket can be opened (just barely) it closes again when the process listening on the other side doesn't pick it up. IPSEC, firewalls, kernel routing, and all that continue to function just fine. Like you said it's just the userland stuff that has problems. The strange thing is, on one of my machines I was (eventually) able to log in from the console, take the system down to single user mode and back up and then everything worked like a charm. Nate To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: (jail) problem and a (possible) solution ?
Yes I've had the same problem. One system runs just fine with it's jails, and another crashes habitually. It has to do with a certain jail (and services). Our system are set up to be able to move jails between them (great for backups and near perfect uptime), and a certain set of jails always hangs the system in this way. I'm trying to narrow it down. Do you get a core dump or does it just hang? Nate - Original Message - From: "Patrick Thomas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 21, 2002 16:43 Subject: (jail) problem and a (possible) solution ? > > A test server of mine running a number of jails keeps locking up - but the > odd thing about the lockup is that the userland stops, but the kernel > keeps running > > (sockets can be opened, but the servers never respond on them, the machine > still responds to pings, but logs show that all real activity stops) > > I just noticed today that some jails still have writable /dev/mem and > /dev/kmem and /dev/io nodes. I think it is plausable that some kind of > fiddling (writing) to these nodes is causing this kind of lockup. > > > > Is this assumption reasonable, or if some jail user fiddled with their > /dev/mem or /dev/kmem or /dev/io node would it just totally crash out the > machine and I _wouldn't_ still be able to ping the server after it crashes > ? > > thanks, > > PT > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: I Volunteer
- Original Message - From: "Evan Dower" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 18, 2002 11:35 PM Subject: I Volunteer > I don't know who might have use of my services (or what my services might be > for that matter), but I hereby offer them up. I'm a student at the > University of Washington and I'll be applying to the Computer Science major > in February. I'd like to get involved with the OS that is serving me so > well. I'll do what I can to help with whatever. Just let me know if anyone > needs a minion. I could use the experience. Probably the best thing you can do for the project is to show some initiative. The problem reports database (accessible over the web at http://www.freebsd.org/prstats/index.html) can always use a good looking-over. Some reports are outdated and just need to be closed; some have a working patch included but have fallen through the cracks; and depending on your interests and level of coding ability, some could be relatively easy to fix. Do some work, make some noise, and express your interests and then whoever wants you as a minion will be more likely to find you. Whether or not coding is your forte, you can support the project in other ways as well. FreeBSD has great documentation, but it can always be improved or added to. I tend to proofread everything I read, so I've sent in a couple "bug" reports about manpage typos. I've been pleasantly surprised at both the promptness with which they were addressed and the gratitude expressed for my filing the reports. Evangelism and peer support are other great things you can do. Educate people at your school about FreeBSD and suggest ways that using FreeBSD might improve a lab/program/service. Answer questions on the -questions mailing list and/or the comp.unix.bsd.freebsd.misc newsgroup. FreeBSD is a great platform with an even greater user/developer community, so letting people know about it is always a good thing. Just a few ideas from my own experience... :) JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: gif(4) tunnel through MSN DSL modem
- Original Message -
From: "Nielsen" <[EMAIL PROTECTED]>
To: "John Nielsen" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, June 14, 2002 1:31 AM
Subject: Re: gif(4) tunnel through MSN DSL modem
> I have this working fine. On the BSD machine behind NAT the tunnel looks
> like it's between a 192.168.x.x IP and the public IP of the machine across
> the internet. On the remote machine it looks like a normal tunnel between
> the two IPs. NAT takes care of the translation on the tunnel packets.
That's good news! However, I'm not sure I can do the same in this case.
> I've used gif tunnels, vtund, and even IPSEC in this configuration just
> fine. Of course holes have to punched in NAT (bimap, port mapping or
> whatever it's called on your DSL). That's for reliability and so that the
> tunnel can be "initiated" from either end.
Do you mean the NAT that the modem is doing? If so, that's a problem. I'm
using an Arescom NetDSL 800 series modem, which comes "pre-configured per
stringent specifications from MSN." And (as far as I know--and I've looked)
there is no way for me to do any kind of configuration on it at all. If
that weren't the case, I'd just put the thing in bridge mode and have done
with it.
If it were up to me, I'd switch to a sane ISP--but it's not up to me in this
case. If I've misunderstood and you think this will work without being able
to reconfigure the modem at all, then by all means please provide some more
detail. :)
JN
> - Original Message -
> From: "John Nielsen" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, June 11, 2002 13:20
> Subject: gif(4) tunnel through MSN DSL modem
>
>
> > Hi folks,
> >
> > I tried this on -questions without any luck, so I'm hoping for a better
> > response here . :)
> >
> > I remotely administer a FreeBSD 4.5 machine that is connected to the
> > internet through and MSN DSL modem. This modem does NAT (for a single
> > client) rather than bridging the connection. So the FreeBSD machine
> thinks
> > its public address is 192.168.1.2 (when in reality the modem is the only
> > device with a public address). This machine is itself doing NAT, acting
> as
> > a firewall and gateway for a private network.
> >
> > I would like to establish a gif(4) tunnel between this machine and my
> > firewall here in order to link the two private networks into one virtual
> > network. I have done this before with two machines that were directly
> > connected to the internet, but in this case the DSL modem on the far end
> > seems to be fouling things up. The modem seems to be passing everything
> > through, but I haven't gotten gif to work.
> >
> > Any ideas? Here's what I've tried--this is how I'd set it up if the DSL
> > modem weren't in the way.
> >
> > [excerpts from rc.conf on far (DSL) end]
> > # Private interface
> > ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0"
> > # "Public" interface -- 192.168.1.2 netmask 255.255.255.252"
> > ifconfig_ed0="DHCP"
> > gif_interfaces="gif0"
> > gifconfig_gif0="DSL.public.ip myend.public.ip"
> > ifconfig_gif0="192.168.6.1 192.168.0.1"
> > static_routes="john"
> > route_john="-net 192.168.0 -interface gif0"
> >
> > [excerpts from rc.conf on this {my) end]
> > # Private interface
> > ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0"
> > # Public interface
> > ifconfig_ed0="DHCP"
> > gif_interfaces="gif0"
> > gifconfig_gif0="myend.public.ip DSL.public.ip"
> > ifconfig_gif0="192.168.0.1 192.168.6.1"
> > static_routes="DSL"
> > route_DSL="-net 192.168.6 -interface gif0"
> >
> > I've tried both the modem's (real) public address and 192.168.1.1 (the
> > public interface's address) for DSL.public.ip, but neither seems to
work.
> > Can this be made to work? Can gif be hacked so it will work?
> >
> > I can't justify switching to a more expensive provider just so this
tunnel
> > will work, since it will mostly be a convenience for me and not the
> client.
> > As far as I know, there's no way to modify any settings on the DSL modem
> > itself. I do have full access to both FreeBSD machines. Again, any
> > suggestions or even a detailed description of why this won't work would
be
> > appreciated.
> >
> > Thanks,
> >
> > JN
> >
> >
> >
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe freebsd-hackers" in the body of the message
> >
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
Re: gif(4) tunnel through MSN DSL modem
I have this working fine. On the BSD machine behind NAT the tunnel looks
like it's between a 192.168.x.x IP and the public IP of the machine across
the internet. On the remote machine it looks like a normal tunnel between
the two IPs. NAT takes care of the translation on the tunnel packets.
I've used gif tunnels, vtund, and even IPSEC in this configuration just
fine. Of course holes have to punched in NAT (bimap, port mapping or
whatever it's called on your DSL). That's for reliability and so that the
tunnel can be "initiated" from either end.
Nate
- Original Message -
From: "John Nielsen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 11, 2002 13:20
Subject: gif(4) tunnel through MSN DSL modem
> Hi folks,
>
> I tried this on -questions without any luck, so I'm hoping for a better
> response here . :)
>
> I remotely administer a FreeBSD 4.5 machine that is connected to the
> internet through and MSN DSL modem. This modem does NAT (for a single
> client) rather than bridging the connection. So the FreeBSD machine
thinks
> its public address is 192.168.1.2 (when in reality the modem is the only
> device with a public address). This machine is itself doing NAT, acting
as
> a firewall and gateway for a private network.
>
> I would like to establish a gif(4) tunnel between this machine and my
> firewall here in order to link the two private networks into one virtual
> network. I have done this before with two machines that were directly
> connected to the internet, but in this case the DSL modem on the far end
> seems to be fouling things up. The modem seems to be passing everything
> through, but I haven't gotten gif to work.
>
> Any ideas? Here's what I've tried--this is how I'd set it up if the DSL
> modem weren't in the way.
>
> [excerpts from rc.conf on far (DSL) end]
> # Private interface
> ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0"
> # "Public" interface -- 192.168.1.2 netmask 255.255.255.252"
> ifconfig_ed0="DHCP"
> gif_interfaces="gif0"
> gifconfig_gif0="DSL.public.ip myend.public.ip"
> ifconfig_gif0="192.168.6.1 192.168.0.1"
> static_routes="john"
> route_john="-net 192.168.0 -interface gif0"
>
> [excerpts from rc.conf on this {my) end]
> # Private interface
> ifconfig_ep0="inet 192.168.0.1 netmask 255.255.255.0"
> # Public interface
> ifconfig_ed0="DHCP"
> gif_interfaces="gif0"
> gifconfig_gif0="myend.public.ip DSL.public.ip"
> ifconfig_gif0="192.168.0.1 192.168.6.1"
> static_routes="DSL"
> route_DSL="-net 192.168.6 -interface gif0"
>
> I've tried both the modem's (real) public address and 192.168.1.1 (the
> public interface's address) for DSL.public.ip, but neither seems to work.
> Can this be made to work? Can gif be hacked so it will work?
>
> I can't justify switching to a more expensive provider just so this tunnel
> will work, since it will mostly be a convenience for me and not the
client.
> As far as I know, there's no way to modify any settings on the DSL modem
> itself. I do have full access to both FreeBSD machines. Again, any
> suggestions or even a detailed description of why this won't work would be
> appreciated.
>
> Thanks,
>
> JN
>
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
Re: gif(4) tunnel through MSN DSL modem
- Original Message - From: "Lars Eggert" <[EMAIL PROTECTED]> To: "John Nielsen" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, June 11, 2002 4:13 PM Subject: Re: gif(4) tunnel through MSN DSL modem > John Nielsen wrote: > > [excerpts from rc.conf on far (DSL) end] > > # Private interface > > ifconfig_xl0="inet 192.168.6.1 netmask 255.255.255.0" > > # "Public" interface -- 192.168.1.2 netmask 255.255.255.252" > > ifconfig_ed0="DHCP" > > gif_interfaces="gif0" > > gifconfig_gif0="DSL.public.ip myend.public.ip" > > ifconfig_gif0="192.168.6.1 192.168.0.1" > > static_routes="john" > > route_john="-net 192.168.0 -interface gif0" > > The problem (one part, at least) is that you use the same IP address > (192.168.6.1) on your xl0 and gif0 interfaces (on both ends). You'll > want the tunnel addresses to be in a different subnet. I have another tunnel set up this way and it works fine. Why should the tunnel addresses be on a different subnet? > Also, the netmask in the infconfig_xl0 line doesn't match the comment, > which one is wrong? The public interface (ed0) always gets the same address from the DSL modem, even though it's using DHCP. I think you associated the comment with the wrong ifconfig line (I've added a break between them to clarify). I'm starting to think that it would be easier to use ppp/tun and ssh rather than gif in this instance, even though I'm less familiar with that arrangement. JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: gif(4) tunnel through MSN DSL modem
- Original Message - From: "Nick Rogness" <[EMAIL PROTECTED]> To: "John Nielsen" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, June 11, 2002 2:06 PM Subject: Re: gif(4) tunnel through MSN DSL modem > On Tue, 11 Jun 2002, John Nielsen wrote: > > > > I remotely administer a FreeBSD 4.5 machine that is connected to the > > internet through and MSN DSL modem. This modem does NAT (for a single > > client) rather than bridging the connection. So the FreeBSD machine > > thinks its public address is 192.168.1.2 (when in reality the modem is > > the only device with a public address). This machine is itself doing > > NAT, acting as a firewall and gateway for a private network. > > Why run nat on the internal machine? No need to do nat > twice. Just do basic routing between interfaces unless you need > this functionality. The DSL modem will only do nat for one address--namely 192.168.1.2. There are four machines that use this connection, hence nat on the FreeBSD box as well. > > I would like to establish a gif(4) tunnel between this machine and my > > firewall here in order to link the two private networks into one > > virtual network. I have done this before with two machines that were > > directly connected to the internet, but in this case the DSL modem on > > the far end seems to be fouling things up. The modem seems to be > > passing everything through, but I haven't gotten gif to work. > > > > Any ideas? Here's what I've tried--this is how I'd set it up if the > > DSL modem weren't in the way. > > > Are you receiving any packets on the remote BSD machine that are > of type ipencap? Either log it via ipfw log or use a packet > sniffer (like tcpdump or snort) to evaluate these packets. No. That's certainly a problem. They don't appear to be getting in OR out through the modem. > > I've tried both the modem's (real) public address and 192.168.1.1 (the > > public interface's address) for DSL.public.ip, but neither seems to > > work. Can this be made to work? Can gif be hacked so it will work? > > You will need to use the DSL's public IP probably. > > > > I can't justify switching to a more expensive provider just so this > > tunnel will work, since it will mostly be a convenience for me and not > > the client. As far as I know, there's no way to modify any settings on > > the DSL modem itself. I do have full access to both FreeBSD machines. > > Again, any suggestions or even a detailed description of why this > > won't work would be appreciated. > > > My best guess would be that the modem is doing some anti-spoofing > between it's interfaces to prevent packets coming from the inside > having it's outside IP. You will be able to tell if NO ipencap > packets are received on the remote BSD machine. Could you elaborate on this? Since that does seem to be the problem (or at least a strong candidate), what would I have to do to work around this? I don't suppose it's possible to create a gif tunnel inside an ssh tunnel, is it? > On the other hand, If you are receiving these ipencap packets on > the remote side, something else is going on (like nat > interrupting). No ipencap packets on either side so far... JN To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
