Re: How to know % of read file in cat?

[Luís Fernando Schultz Xavier da Silveira]

You might want to try the sysutils/pv port, which is a small
program that works like cat, but provides a progress bar.

On Sat, Mar 09, 2013 at 10:54:00AM +0100, Eduardo Morras wrote:
> 
> Hello,
> 
> I use cat to read a file and pass it to another app, the command is this:
> 
> camibar% cat file.git | fossil import --git file.fossil
> 
> It takes a lot of time, file.git is 12GB, and i want to know if there's some 
> 'magic' trick can I use to show me how many bytes or the % of the file.git 
> cat sent to the other app.
> 
> Maybe cat isn't the correct tool?
> 
> Thanks.
> 
> 
> ---   ---
> Eduardo Morras 
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
> 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Backup with mtree and rsync?

[schultz]

No (not directly, except overwriting directories with content),
but cpdup can; see "man cpdup" for details and inspiration.


True, but cpdup is not part of the base system.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Backup with mtree and rsync?

[schultz]

I apparently reinvented the wheel. :-)
Thanks for the link, it is indeed very inspiring.

Quoting Ciprian Dorin Craciun :


On Sat, Jan 5, 2013 at 8:12 PM,   wrote:

I have been wondering whether it is possible to create a backup system
using mtree and rsync. Essentially, the user would create a mtree
specification of the source directory and copy it over to the destination
directory with rsync. Any changes in the destination could then be
detected before restoring with the mtree specification, which should
contain strong hashes of the files and should not contain the nlink
keyword.



A little bit off-topic, but there is a small tool that does
something similar to your suggested `mtree` usage, but specifically
tailored for backups, `rdup`:

  http://miek.nl/projects/rdup

Although I've not used it myself (I use `rdiff-backup` and on
Linux), the idea is pretty similar with what you want to achieve:
* you run `rdup` with an old "descriptor file" plus a target path,
and in turn it generates:
  * a new "descriptor file";
  * a list of files that should be backed up;
* you then decide what you do with the list of files to be
backed-up (i.e. put them in a `tar`, `rysnc` them to a server, etc.);

Hope it helps,
Ciprian.




 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Backup with mtree and rsync?

[schultz]

I don't see any way to do this directly. What you probably want to do is
use find(1) to pick out the new files to check, and then merge the
changes into the old mtree(8) spec. Not trivial, but the spec syntax is
intended to be easy to parse, so it shouldn't be that hard either.


What I am currently doing somewhat fits your description. I feed find
output into a C program that merges the old description with the
directory state to produce a new description. However, I use a format
different than mtree. I was seeking a shorter, more elegant, solution.


It's possible that the mtree support in tar(8) might be able to do it,
but it would probably be a lot slower.


Wait, can tar be used to remove files?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Backup with mtree and rsync?

[schultz]

I have been wondering whether it is possible to create a backup system
using mtree and rsync. Essentially, the user would create a mtree
specification of the source directory and copy it over to the destination
directory with rsync. Any changes in the destination could then be
detected before restoring with the mtree specification, which should
contain strong hashes of the files and should not contain the nlink
keyword.

The problem is that mtree would be too slow. It would recompute the
hashes of big files even when they did not change from the last backup.
Therefore, I would like to ask if there is an easy way to accomplish
the following.

Let a mtree specification of a directory from a certain point in the
past be given. Also, assume that a (regular) file below that directory
has not changed if its current modification time (mtime) equals
its modification time in the past specification.
Produce as output the new mtree specification for the directory without
reading these files.

This is somewhat like rsync does to perform incremental backups.

P.S.: As an aside, is there an utility in the base system that can
reproduce the behavior of `rsync --delete -a dir0/ dir1/`?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Sysctls and privacy

[schultz]

Says who?  Is this your requirement?  Why?


I meant I don't see how it can be done differently.


If this is really a serious concern of yours, you have much bigger fish to
fry than sysctl(8).


Can you elaborate a bit more on this please?


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Sysctls and privacy

[schultz]

Did you specify elsewhere what a 'visible' does mean to you?

  - if this means network connectivity then you can put jails on the same
network, e. g. the same address on a lo(4) interface

  - if this means a read-only access to the directory located outside of a
jail then her4e is the trick:

  mount_nullfs -o ro /path/to/inject /your/jail/mount/detination


I did mean the second case. Your solution seems reasonable. Only
change I would do is check for symlinks in the path within the jail
roots to avoid symlink attacks.


The same trick can be done for every directory the freebsd base system
consists of. Excluding those different for each jail, e. g. /var,  
/etc. Nullfs

daesn't consume your disk space except for additional fstab lines, something
about a dozen per jail. (=


Here is the catch. I know I can read-only mount most static filesystems
from a template. However, the mutable ones have to be copied. This means
installing ports forces me to copy /usr/local, which is around half a
gigabyte (I have some pre-installed ports).

I have been looking into unionfs to solve this, but the BUGS section in
the man page scared me a bit. :-)


I don't think so. It's a task of the configuration of a second system without
hardware initialization and so on, and then spreading your configs around
other jails.


I mean configuring a user account is much simpler than configuring a jail.
Still this is not at all a good reason not to use jails. :-)


jail goes beyond with its jail_devfs_rules


I mean these changes are necessary in a user-based protection model.


What do you mean 'visible' here? Do you just chmod a-rwx on them? Say, to
avoid listing the /usr/bin/su you should chmod a-rx /usr/bin which  
is far from

the best idea...


I either chmod ug-s or chmod o-rwx.


Sounds interesting but doesn't seem googleable to me. Any URLs for xorg
patches and/or for the list of such a ports please?


I didn't find any URL too. The fact is the x11-servers/xorg-server has
the path /tmp/.X[n]-lock for the lock file hardcoded. Since I ended up
using many small Xephyr instances to isolate GUI applications, someone
could use that file before to prevent my application from starting. So
I myself made the (very small) patch, and compiled the port manually.


Ouch! a RELENG_9 feature...


If it does not go away in future versions I am happy with it.


How could the one know out that from overall system statistics only?


Because someone might know the program memory, cpu or network usage patterns
and extrapolate from the data. Firefox is a good example because it
eats up huge amounts of RAM and garbage collects it quite fast. So when
that pattern shows up you know someone is probably using Firefox.
This, of course, also applies to other programs.

Also, if you do know someone is going to run a single program in the
machine, you might just have the memory footprint of that program by
subtraction, and that reveals quite a lot.

I do realize this has a great deal of paranoia, but it is an issue
nonetheless.


ok but that can be the loss of a privacy of some other user?


Not if you have a single (human) user on the machine. Also, this
is quite informal reasoning.

Sure. You can convert PDFs to the set of images, reassemble them  
into your own

PDFs without the logs and post then.


Not without loss of quality, indexing and compactness. Also, steganography
might be employed by the attacker.


So without the need for the outside network connectivity there shouldn't be
much  care. (=


This can be done, it just is not practical. Additionally, unfortunately
some untrusted users have to have internet connection. I know they can
gather important personal identifying information (/etc/passwd). In
this sense, I have another question: can a user of jails realize he or
she is not in a real FreeBSD system? If so, how much about the host
can he or she gather?


Can't remind that. (=


I never said you did implement it. :-)


Err... what?


Before serving a sysctl, the kernel could check if UID == 0 or
if UID is in the special GID.


But they can hide the system statistics and improve the privacy, the what you
need having the consistency already? I have no idea if 'security' includes
'privacy', sorry.


Using emulators/virtual machines improves the situation for sure, but yet
that is not a silver bullet in terms of security, since these tools are
designed to be compatibility tools, not security tools. Also, the added
overhead does not justify it.


But it seems to. What if the code isolated doesn't interfere?


If it does not interfere then we have a proper (but slow) solution.


Do you mean here the emulators never release memory allocated once? And why
jail limits matter after that? Clarify please.


Yes, that is the point. There are situations in which the total memory
used by a program is very high and the maximum memory used at any time
is very low. The memory used by the emulator at any time is the total
memory due to its inabil

Sysctls and privacy

[schultz]

In my system I use separate user accounts for running untrusted
programs at the moment. While many will probably argue that jails
are a superior solution, in my specific case its the inverse.

I know FreeBSD is not ready by default to have multiple untrusted
users in the system, at least from a security viewpoint. I have
done quite a bit of changes to make the situation better.

However, there is something bugging me. Some sysctls apparently
expose too much information about the system. Some examples: the
number of context switches, the number of forks, the total used
memory (at the byte level), the total used space for each file
system (at the byte level) and even a graph of how my GEOM devices
are organized!

I know some programs like gkrellm need this information to function,
but on the other hand, I feel pretty uncomfortable with the
information presented by gkrellm being logged. It's at the very least
a loss of privacy.

So, I would like to ask for a way to disable user access to all
sysctls that are not needed by basic user programs (shell, terminal, etc).
Also, if possible, I would like to have a group of users to whom
these sysctls are accessible as an exception (to run gkrellm).

Thanks for your time.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Dedicated pointing device for a Xephyr instance

[schultz]

Hi,

I have a Xorg server (x11-servers/xorg-server) running receiving
input from a synaptics touchpad at /dev/psm0. I would like to run
a Xephyr (x11-servers/xephyr) instance in this server that would
take input from a different, dedicated pointing device, in this
case a USB mouse at /dev/ums0.

The Xephyr help mentions a -mouse option. I have searched a lot on
the internet about this and even tried to read the relevant part
of Xephyr's source code. While I could not understand the overall
structure of that code, I noticed no relevant KdPointerDriver
structure.

It also seems that is possible on Linux with a evdev driver. Is it
also possible on FreeBSD?



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

FreeBSD Security in Multiuser Environments

[schultz]

Hello,

I would like to raise a discussion about the security features
of FreeBSD as a whole and how they might be employed to actually
derive some meaningful guarantees.

I have found myself administering a system with many potentially
untrusted users. Furthermore, some users do not trust some of the
programs they run and are thus allowed to ask for some "slave"
accounts. A "slave" account is a user account accessible only to
root and the "master" user. This can lead to a hierachy of authority.
Also, each account has potentially confidential data that may be
accessed only by the account itself and its "ancestor" accounts. This
includes when a user is logged on and what the user is running.
Finally, the system must always be up so no user untrusted by root
may trash it.

This is a pretty harsh set of restrictions and is almost unmanageable.
However, I have taken three steps to ensure security: base system
hardening, using sudo for privilege granting and using rctl(8) for
resource accounting and control. Gathering enough information in these
three areas has been an ongoing task for almost half a year, and I
would like to discuss some problems of my approach.

In terms of system hardening, I have:
  * Encrypted the whole (except /boot) system with geli(8)
(HMAC/SHA256 and AES-XTS). It is not as nice and much slower
than proper filesystem-level checksumming but it is what
FreeBSD provides (ZFS is too unstable).
  * Disabled useless and potentially dangerous services: cron, devd
and sendmail.
  * Removed every setuid bit. The system works even then.
  * Hardened /dev: every non necessary device has had the 0007 bits
stripped. Optional groups were created (e.g. audio, mixer and mic
for devices /dev/{mixer,dsp,audio}*).
  * Hardened the sysctls:
- security.bsd.see_other_uids=0: Users can only see own processes.
- security.bsd.unprivileged_proc_debug=0
- security.bsd.unprivileged_read_msgbuf=0: The log is considered
  sensitive information.
- security.bsd.hardlink_check_uid=1: Avoid hardlinks to old SUID
  binaries.
- kern.log_console_output=0
- kern.coredump=0
- vm.overcommit=1: This avoids retarded Linux-like behaviour on
  OOM conditions.
  * Changed permissions on /root to 0700: root deserves privacy.
  * A boot script changes some permissions:
- /var/log to 0750: the logs are considered sensitive information.
- /var/run/dmesg.boot to 0640: this is also sensitive information.
  * Added a group sudoers and made sudo setuid only to users in
sudoers: would have avoided trouble with recent sudo exploit if
only trusted users have slaves.

As for using sudo to grant privilege, for each master-slave
relationship between users u and v, I have added a line like
"u ALL = (v) NOPASSWD: ALL" to /etc/sudoers. Then the user u is
supposed to become v by issuing "sudo -i -u v" and to execute a
command as v by issuing "sudo -i -u v ...".

It is worth noticing that sudo closes all file descriptors greater than
or equal to 3. It is important not to let your pseudo-terminal leak
through file descriptors 0, 1 and 2 if you have a shell connected to
it.  Also, the "-i" is mandatory because otherwise a file descriptor
open at directory "." is leaked via the cwd file descriptor. I
believe this is enough, but since this is not properly documented, I
am not sure.

As for resource limiting via rctl(8), for each user u root does not
trust, I have added three rules:
  * user:u:vmemoryuse:deny=
  * user:u:maxproc:deny=
  * user:u:pseudoterminals:deny=0

Here  and  are limits on total virtual memory usage and
total occupied entries in the process table for process u,
respectively. Furthermore, I never give access to pseudo-terminals to
untrusted users because all sessions are started from ssh or ptys of
trusted users. Also, ptys must be available otherwise trusted users can
not work on the machine. Finally, I have noticed "rctl -u user:u"
reports a single pty open for user u no matter how many open ptys u has
(except of course if u has no open pty, in which case 0 is reported).

One naively would expect these restrictions to be enough to prevent
abuse (trashing or DoS) as long as the sum of the MEM values (rounded
up to page size) is less than or equal to the total physical memory
plus swap space less the system (and trusted users') memory usage and
the sum of the PROC values is less than the process table size minus
the number of trusted processes. I sincerely do not know if this is the
case.

However, using vmemoryuse as a limit is overkill: it counts the total
mapped pages, not the total anonymous pages, which are the ones that
actually take resources. Of course, this assumes the memory management
data structures (including the page table) are accounted as anonymous
memory of the corresponding process, since it is easy (especially on
amd64), to map pages sparsely to greatly increase the size of the
page table. However, I do not know if this assumption holds 

Re: zpool not grabbing hot spare

[Randy Schultz]

On Tue, 28 Feb 2012, Matthew Seaman spaketh thusly:

-}
-}Yes.  That's the generally accepted meaning of the concept of a 'hot
-}spare.'  The fact that the spare hasn't been automatically bought
-}on-line in this case is a bug.  There's an open PR on the subject:
-}
-}http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/134491

Tnx for the pointer!


-}
-}That seems to suggest the problem was known to be solved at some point
-}in 2011, but it was not necessarily propagated to all stable branches.
-}However, given your experience perhaps that is not the case.

Yeah, current kernel src's (8.2-STABLE) were sup'd and rebuilt Dec 22.


-}
-}You should be able to use zfs commands manually to sub-in the spare
-}drive and get it resilvered.
-}
-}As an aside -- you've got a pretty odd setup there: 41 drives all in one
-}big RAIDZ2 vdev?  Standard practice would be to create something like 5
-}RAIDZ2 vdevs of 8 drives each (Or maybe 6 vdevs of 7 drives apiece: 6--9
-}drives is about the sweet spot for a RAIDZ2) and then stripe those vdevs
-}together to create your zpool.

We looked at doing things this way, especially since it give much better
performance.  However, performance was less important than maximizing storage.
Over the last 9 weeks we are averaging (including nighly backups):

   capacity operationsbandwidth
poolalloc   free   read  write   read  write
--  -  -  -  -  -  -
data1.41T  8.34T 47 29  2.82M  1.31M
  raidz21.41T  8.34T 47 27  2.82M  1.17M
da2 -  - 20  2  69.3K  30.1K
da3 -  - 20  2  69.3K  30.1K
da4 -  - 20  2  69.3K  30.1K
da5 -  - 20  2  69.3K  30.1K
da6 -  - 20  2  69.3K  30.1K
da7 -  - 20  2  69.3K  30.1K
da9 -  - 20  2  69.3K  30.1K
da10-  - 20  2  69.3K  30.1K
da11-  - 20  2  69.3K  30.1K
da12-  - 20  2  69.3K  30.1K
da13-  - 20  2  69.3K  30.1K
da14-  - 20  2  69.3K  30.1K
da15-  - 20  2  69.3K  30.1K
da17-  - 20  2  69.3K  30.1K
da18-  - 20  2  69.3K  30.1K
da19-  - 20  2  69.3K  30.1K
da20-  - 20  2  69.3K  30.1K
da21-  - 20  2  69.3K  30.1K
da22-  - 20  2  69.3K  30.1K
da23-  - 20  2  69.3K  30.1K
da25-  - 20  2  69.3K  30.1K
da26-  - 20  2  69.3K  30.1K
da27-  - 20  2  69.3K  30.1K
da28-  - 20  2  69.4K  30.1K
da29-  - 20  2  69.2K  30.1K
da30-  - 20  2  67.6K  29.9K
da31-  - 20  2  69.2K  30.1K
da32-  - 20  2  69.3K  30.1K
da33-  - 20  2  69.3K  30.1K
da34-  - 20  2  69.3K  30.1K
da35-  - 20  2  69.3K  30.1K
da36-  - 20  2  69.3K  30.1K
da37-  - 20  2  69.3K  30.1K
da38-  - 20  2  69.3K  30.1K
da39-  - 20  2  69.3K  30.1K
da40-  - 20  2  69.3K  30.1K
da41-  - 20  2  69.3K  30.1K
da42-  - 20  2  69.3K  30.1K
da43-  - 20  2  69.3K  30.1K
da44-  - 20  2  69.3K  30.1K
da45-  - 20  2  69.3K  30.1K
da46-  - 20  2  69.3K  30.1K
da47-  - 20  2  69.3K  30.1K


--
 Randy(schu...@earlham.edu)  765.983.1283 <*>

nosce te ipsum

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: zpool not grabbing hot spare

[Randy Schultz]

On Tue, 28 Feb 2012, Randy Schultz spaketh thusly:

-}
-}I thought the spare was supposed to come online and be resilvered
-}automatically.  Did I miss some config thing
-}or did I just misunderstand how the hot spare bit works?

Gah.  Forgot to check the beasty forums (tnx Mark for the gentle poke).  For 
any others not aware, the docs
all say the spare is hot, but this is not accurate.  See

   http://lists.freebsd.org/pipermail/freebsd-fs/2012-January/013428.html

Heh, shows how much I've been paying attention - I didn't even realize there 
was a freebsd-fs list.  "But I'm
feeling much better now".  ;>

--
 Randy(schu...@earlham.edu)  765.983.1283 <*>

nosce te ipsum

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

zpool not grabbing hot spare

[Randy Schultz]

Howdy howdy,

Got a zpool that lost a drive:
   Feb 24 20:46:01 booto kernel: (da30:mpt3:0:6:0): lost device
   Feb 24 20:46:41 booto kernel: (da30:mpt3:0:6:0): Synchronize cache failed, 
status == 0xa, scsi status ==
   0x0
   Feb 24 20:46:41 booto kernel: (da30:mpt3:0:6:0): removing device entry

however the spare never came online:
  zpool status -v
 pool: data
state: DEGRADED
   status: One or more devices has been removed by the administrator.
   Sufficient replicas exist for the pool to continue functioning in a
   degraded state.
   action: Online the device using 'zpool online' or replace the device with
   'zpool replace'.
scan: resilvered 0 in 0h2m with 0 errors on Tue Oct 25 13:40:59 2011
   config:

   NAMESTATE READ WRITE CKSUM
   dataDEGRADED 0 0 0
 raidz2-0  DEGRADED 0 0 0
   da2 ONLINE   0 0 0
   da3 ONLINE   0 0 0
   da4 ONLINE   0 0 0
   da5 ONLINE   0 0 0
   da6 ONLINE   0 0 0
   da7 ONLINE   0 0 0
   da9 ONLINE   0 0 0
   da10ONLINE   0 0 0
   da11ONLINE   0 0 0
   da12ONLINE   0 0 0
   da13ONLINE   0 0 0
   da14ONLINE   0 0 0
   da15ONLINE   0 0 0
   da17ONLINE   0 0 0
   da18ONLINE   0 0 0
   da19ONLINE   0 0 0
   da20ONLINE   0 0 0
   da21ONLINE   0 0 0
   da22ONLINE   0 0 0
   da23ONLINE   0 0 0
   da25ONLINE   0 0 0
   da26ONLINE   0 0 0
   da27ONLINE   0 0 0
   da28ONLINE   0 0 0
   da29ONLINE   0 0 0
   da30REMOVED  0 0 0
   da31ONLINE   0 0 0
   da32ONLINE   0 0 0
   da33ONLINE   0 0 0
   da34ONLINE   0 0 0
   da35ONLINE   0 0 0
   da36ONLINE   0 0 0
   da37ONLINE   0 0 0
   da38ONLINE   0 0 0
   da39ONLINE   0 0 0
   da40ONLINE   0 0 0
   da41ONLINE   0 0 0
   da42ONLINE   0 0 0
   da43ONLINE   0 0 0
   da44ONLINE   0 0 0
   da45ONLINE   0 0 0
   da46ONLINE   0 0 0
   da47ONLINE   0 0 0
   logs
 mirror-1  ONLINE   0 0 0
   da24ONLINE   0 0 0
   da16ONLINE   0 0 0
   spares
 da1   AVAIL

I thought the spare was supposed to come online and be resilvered 
automatically.  Did I miss some config thing
or did I just misunderstand how the hot spare bit works?

--
 Randy(schu...@earlham.edu)  765.983.1283 <*>

nosce te ipsum

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Ezjail & freebsd-update

[Randy Schultz]

On Sun, 21 Aug 2011, Rocky Borg spaketh thusly:

-}I had an opportunity to upgrade a server from freebsd 8.1 to 8.2 since it had
-}to be restarted any way. I upgraded it with freebsd-update and compiled a
-}custom kernel with no problem. However I haven't been able to find a procedure
-}for updating jails when they've been setup with ezjail. I did 'ezjail-admin
-}update -u' however it doesn't seem like that upgraded things like the /etc/
-}dir inside jails. I'm not too worried since everything is working however if
-}anyone can point me in the right direction I would appreciate it. I figure
-}this will be especially important when moving to 9.0 when it's released.

My understanding of ezjail is you just say "ezjail-admin update".  Ezjail then
grabs the sources and rebuilds everything.  If you already have everything
built locally, e.g. you csup'd the sources, did the make buildworld, etc., you
can then just issue an "ezjail-admin update -i".  I'm not familiar with the "-u"
option to ezjail and my man pages do not show it as an option.  ;>


--
 Randy(schu...@earlham.edu)  765.983.1283 <*>

nosce te ipsum

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Making installworld got stuck on SunFire v20z (Freebsd 8.0)

[Randy Schultz]

On Thu, 18 Feb 2010, Lucas Wang spaketh thusly:

-}I tried to install Freebsd 8.0 on one of our lab machines, which is
-}SunFire v20z. After successfully installing it from CD, I followed the
-}following steps trying to update the kernel and world:
-}
-}cvsup
-}make buildworld
-}make buildkernel
-}make installkernel
-}reboot
-}mergemaster -p
-}make installworld
-}
-}Everything was fine until the `make installworld` process run for a while and 
then got stuck, 
-}after that it won't respond to Ctrl-C. When I tried to login from another 
tty, it 
-}doesn't respond either. I even tried installing the machine from scratch
-}several times, and at different times it got stuck when installing different 
libraries. 

Hard tellin'.  When you tried to install from scratch, did you keep the same
partitions and not force a newfs?  When you rebooted, did you reboot into
single-user?

The steps that have never failed me are close to what you have:
   - csup
   - env -i make buildworld
   - env -i make buildkernel
   - env -i make installkernel
   - reboot into single user
   - mount -a
   - mergemaster -paU
   - make installworld
   - mergemaster -aU
   - reboot

Perhaps try a re-install but fiddle a bit with the partition sizes and/or
force a newfs of the partitions.  Also, at the install step where you select
the entire drive (assuming this is what you are doing), you can delete what's
there and re-select "use the entire drive".  That also forces newfs'ing.

YMMV

--
 Randy(schu...@earlham.edu)  765.983.1283 <*>

Love with your heart, think with your head;  not the other way around.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: freebsd

[Randy Schultz]

On Mon, 15 Feb 2010, tristan spaketh thusly:

-}i recently installed freebsd on my system. when i sign in to the root 
account, i get a prompt telling me about the documentation, then a # sign. how 
do i acess an interactive desktop like the one in windows/mac?

Freebsd does not install a window manager by default.  You have to pick one.
There are many for all ranges of needs.  If you do not wish to deal with
installing one but want the power/stability of freebsd, look for distros that
come complete with a window manager, such as pc-bsd.

--
 Randy(schu...@earlham.edu)  765.983.1283 <*>

Love with your heart, think with your head;  not the other way around.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

ipf fails after cvsup

[Randy Schultz]

Heya,

Running a fresh install of 7.0-RELEASE.  I've cvsup'd the sources, done the
standard updating, e.g.
 make buildworld
 make buildkernel
 make installkernel
 (reboot)
 mergemaster -p
 make installworld
 mergemaster
 (reboot)

But now ipf gives me ye olde
 Root Dude ? /sbin/ipf -Fa -f /etc/ipf.rules
 open device: No such file or directory
 User/kernel version check failed

The ipf version is:
 Root Dude ? ipf -V
 ipf: IP Filter: v4.1.28 (512)
 open device: No such file or directory


My supfile is pretty standard, with
 *default release=cvs tag=RELENG_7
 src-all

I've had this before when I've spaced out the make installworld.  I've never
gotten this *after* the sync/build.

Have I missed a bit of documentation somewhere?

--
 Randy([EMAIL PROTECTED])  765.983.1283 <*>

Love with your heart, think with your head;  not the other way around.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: mounting/reading a DVD

[David Schultz]

On Sat, Jan 26, 2008, Mikhail Teterin wrote:
>   g_vfs_done():acd0[READ(offset=4623824896, length=65536)]error = 5
>   acd0: FAILURE - READ_BIG ILLEGAL REQUEST asc=0x6f ascq=0x04 
>   g_vfs_done():acd0[READ(offset=4623828992, length=65536)]error = 5
>   acd0: FAILURE - READ_BIG ILLEGAL REQUEST asc=0x6f ascq=0x04 
>   ...
> 
> ``dd'' refuses to read from /dev/acd0:
> 
>   dd: /dev/acd0: Invalid argument
> 
> cat tries to, but fails:
> 
>   cat: stdin: Input/output error
> 
> Is there a step I'm missing? I strongly doubt, the disk is damaged, as I just 
> unwrapped it myself...

libdvdcss can probably help, and you can use mplayer or ogle as a
front end to it. mplayer has an option to copy the tracks to a
file as well. It may be necessary to set the drive's region code
to match the disc's before it allows you to read the track keys.
There's an ioctl for that...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

jails and security [was: Jails and multicore boxes]

[Randy Schultz]

On Fri, 16 Nov 2007, Federico Lorenzi spaketh thusly:

-}> > you trying to protect? If you're worrying about getting cracked and used
-}> > as a spam bot, jails are no more secure than a non-jail system.
-}>
-}> Maybe some qualification is needed here.
-}>
-}> If your mail jail gets broken into, then it will still be used as a spambot.
-}>
-}> But your host (the machine in which your jails run in) wouldn't have been 
compromised, necessarily, by the fact that the jail got compromised. Having 
root on a jail  > (if that's what we are talking about by 'compromised' ) 
shouldn't affect your host machine. Unless there is some other vulnerability 
that can be used, of course.
-}
-}Thats true indeed, however many people are saying that jails do not 
necessarily,
-}make an environment more secure. I'm not really knowledable in that area,
-}but they do add another layer to the proverbial onion. I use jails, but more
-}for convenience then security, if i get a new (home) server box, I can just
-}move some jails across with a simple tar and then scp, and have them
-}work pretty much instantly.

MHO.

This depends on your definition of "secure".  

If you have a receiving MTA then you must allow inbound on port 25.  If that
MTA has a security hole that allows remote access/exploitation then it really
doesn't matter a whole lot what you're running on/under/in/with.  You're MTA
will be hijacked.

MHO - the beauty of jails is threefold.

First, important parts of the jail can be mounted read-only.  If you use the
ezjail package then this is done for you.  Set up a jail with ezjail and try
to create a file in, say, /usr/include.  Not even root(inside the jail) can do
this.  

Second, it allows 1 piece of hardware to do multiple things, all separated.
Using a slightly contrived example, let's say a company has a piece of
hardware that has plenty of power to run authentication and mail.  If you put
these on the system, and the MTA has a security hole, everything is suspect.
Now run each in a jail.  Cracking in via the MTA only allows access to mail,
not authentication.

Third, the parent can monitor the jails.  The parent is completely blocked off
from all incoming traffic except ssh from an internal net.  Somebody cracks
into a jail via port 22 or 23(or really, any port).  They gain root access and
modify the logs such that no login shows up.  You look at the ipf logs on the
parent and see tons of traffic to/from a.b.c.d on port 22, with TCP bits set
so you know there's a conversation going on there, yet no sign of login in the
jail's logs.

Just some random musings.

--
 Randy([EMAIL PROTECTED])  765.983.1283 <*>

Love with your heart, think with your head;  not the other way around.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Fwd: Static Routes, gateways and the end of my sanity

[Randy Schultz]

On Tue, 29 May 2007, Reuben A. Popp spaketh thusly:
-}
-}Hello everyone, can someone please (_please_!!) let me know what I'm doing
-}wrong in the following example?  I am near my wits end on implementing this,
-}any suggestions are greatly appreciated!
-}
-}The scenario is that I have a server here with twin nics, bce0 and bce1; I
-}would like bce0 to be connected to our dmz network (192.168.x.x), while bce1
-}would be on our internal network.  A jail will reside on the ip assigned to
-}bce0, while the regular base system will bind to bce1.
-}
-}My current rc.conf consists of the following:
-}---
-}defaultrouter="10.228.228.254"
-}ifconfig_bce0="inet 192.168.4.80 netmask 255.255.255.0"
-}ifconfig_bce1="inet 10.228.228.228 media 100BaseTX mediaopt full-duplex
-}netmask 255.255.255.0"
-}
-}# Enable Jails for multi-homed box (video)
-}jail_enable="YES"
-}jail_list="video"
-}jail_video_rootdir="/usr/local/jail/video"
-}jail_video_hostname="video.eastcentral.edu"
-}jail_video_ip="192.168.4.80"
-}jail_named_exec_start="/bin/sh /etc/rc"
-}jail_video_devfs_enable="YES"
-}
-}# Routed and gateway settings
-}static_routes="net1"
-}route_net1="-net 192.168.4.80/24 -netmask 255.255.255.0 192.168.4.254"
-}--
-}
-}Of course there's other things in there like binding various services (inetd,
-}syslog, et al) to the internal ip.
-}
-}On bringing the machine up, I can ping both ips just fine; what I can't do is
-}ssh to the dmz address.  Yes, sshd is running inside the jail ;).  The output
-}of tcpdump shows a connect to that ip on bce0, but all responses appear to be
-}going out on bce1.

Are you remembering to edit /etc/ssh/sshd_config for both the jail and the
parent system to listen on the appropriate addresses?  The jail's
/etc/ssh/sshd_config needs a line that says "ListenAddress 192.168.4.80", the
parent's sshd_config needs to say "ListenAddress 10.228.228.228".  Also, crank
up the debugging for sshd with something like "LogLevel DEBUG3" and watch your
log files.

--
 Randy([EMAIL PROTECTED])  765.983.1283 <*>

Rain puts a hole in stone because of its constancy, not its force.
   - H. Joseph Gerber

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: syslog configuration

[Randy Schultz]

On Tue, 29 May 2007, grace ingabire spaketh thusly:

-}
-}Hello,
-}
-} 
-}
-}I have installed 
-}and configured  freeBSD 6.1  and have seen the configuration of the syslog in 
-}/usr/src/libexec/bootpd.
-}
-}I would like to 
-}monitor my system using SYSLOG.
-}
-} 
-}
-}How can I go 
-}forward?

Quite a few things are monitored/logged by default.  Check /etc/syslog.conf
for which.  To tweak, "man syslogd" and "man syslog.conf" will give you many
juicy details.

--
 Randy([EMAIL PROTECTED])  765.983.1283 <*>

Rain puts a hole in stone because of its constancy, not its force.
   - H. Joseph Gerber

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: building packages for dependencies

[Randy Schultz]

On Mon, 21 May 2007, Erik Norgaard spaketh thusly:

-}Hi:
-}
-}When I do a
-}
-}# make install package
-}
-}I only get a package built for the port in question, not for dependencies. How
-}do I make packages of all dependencies too?

portupgrade -N package

--
 Randy([EMAIL PROTECTED])  765.983.1283 <*>

Rain puts a hole in stone because of its constancy, not its force.
   - H. Joseph Gerber

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Anti Spam

[Randy Schultz]

On Fri, 20 Apr 2007, Derek Ragona spaketh thusly:

-}
-}If your volume of mail is >5 per day don't use the baracuda.  It won't
-}keep up.

I think this greatly depends on the model.  I've not used the 200 but it
certainly is a small box.  My experience shows the 600 could easily handle
this per hour.  I suspect the 400 could handle 50k/day w/o trouble.  (and no,
I have never worked for Barracuda, nor do I have any stock in them.  ;)

--
 Randy([EMAIL PROTECTED])  765.983.1283 <*>

Rain puts a hole in stone because of its constancy, not its force.
   - H. Joseph Gerber

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Anti Spam

[Randy Schultz]

On Fri, 20 Apr 2007, Grant Peel spaketh thusly:

-}Hi all,
-}
-}I am posting this question here because I know there are alot of ISPs using 
FreeBSD (including me) and am hoping to get feedback, either directly to me or 
to the list.
-}
-}We are wrestling (as I am sure many are), with spam. Up until now we have 
been employing Spamassassin locally and using some 3rd party Anti-Spam 
servervices that are getting less and less reliable as the weeks go by.
-}
-}We are considering two hardware solutions, Easyantispam and Barracuda. 
Barracuda is very expensive, so the most likely candidate is Easyantispam. Does 
anyone out there have thought on either or both of these? Usability? 
Reliability? Total Cost of ownership? Integration issues?

I have no experience with Easyantispam.  At a previous company I implemented a
Barracuda solution, 3 - 600's to be exact, after investigating numerous
(Postini, Brightmail, Ironport just to name 3).  I set them up in
geographically dispersed areas, including different timezones, and had them
clustered to look from the inside as 1 unit.  They took a tremendous beating,
frequently >1.5 million hits/day each.  Note that a "hit" != an email passing
through the box as many of the hits were quickly turned away via RBL's.  I
pounded on a demo model, again a 600, for 7 days, 2 or 3 of which I over-drove
the box(sending it more than it could handle, allowing the extras to build up
on the lab's source systems).  I had nearly every check enabled, including
multiple header and body regex matching, and saw a sustained throughput of
IIRC ~56,000/hr, for an average email size of IIRC 5kB.  In the 3 years that I
was there with the boxen IIRC only 2 had hardware fails, neither of which
impacted us due to the clustering(tho' response times for quarantine access
increased significantly).

I found their tech support to be easy to work with and very professional.  If
the first-level support didn't know the answer they quickly admitted it and
just as quickly called in second-level support.  A few times I actually got to
their third-level support.  ;>  In any case, I never sat on hold more than a
minute or two.  

I like their API.  It was powerful, having the ability to muck with any system
parameter.  I preferred the API when dealing with various setting enmasse.

I did not like their reporting capabilities.  IMHO they had the worst of all
we looked at.  A fair amount of data was available but nearly all of it
required further massaging by us to be useful.

All of these thoughts were circa 2003/2004 so FWIW.

--
 Randy([EMAIL PROTECTED])  765.983.1283 <*>

Rain puts a hole in stone because of its constancy, not its force.
   - H. Joseph Gerber

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: program/binary ip filtering

[Randy Schultz]

Hey Bill,

Tnx much for the input.  I'm the new lead sys admin here.  Been away from
freebsd for far too long.  It's good to be back.  ;>

On Wed, 18 Apr 2007, Bill Moran spaketh thusly:

-}
-}that you either need to write stateful rules (so that the initial connection
-}creates a state that is then used to allow traffic in both directions) or

That's what we currently have set up.

-}you need to create two rules -- one to allow traffic out, the other to
-}allow traffic in.  Stateful filtering is generally considered to be more
-}secure, but you then have concerns about properly maintaining state tables,
-}which can be a problem on very busy servers.

Oh?  Why is stateful considered more secure?  Anybody have links to good
reading on this?  I've been through the links in the handbook.  Tho' I could
have missed something, I didn't see anything on why stateful is more secure
than in/out.  

--
 Randy([EMAIL PROTECTED])  725.983.1283 <*>

Rain puts a hole in stone because of its constancy, not its force.
   - H. Joseph Gerber

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Mounting into a jail

[Troy Schultz]

Hello,

I am running FreeBSD 6.2.

I am currently mounting a smb share and then remounting the smb mount
into a jail with nullfs.

/etc/fstab
# smbfs mount
//@/ /path/to/smb/mount  smbfs   rw  0   0
# local mount
/path/to/smb/mount  /path/to/jail/directory nullfs  rw,late 0   0

The main reason I am using this jail is for a webserver and I need to  
have

the web developer be able to write to this samba share

I originally tried mounting in fstab the smb share like this
//@/ /path/to/smb/mount  smbfs   rw,uid=www  0 
  0
however, this did not work so I ended up making the share point owned  
by the
user and group www this took care of it but I was wondering if there  
was a
better way to do this as far as passing through to a jail and maybe  
getting

the uid to actually work from within the fstab file.

Any suggestions would be welcomed.

Thanks,

Troy
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Mount order of fstab

[Troy Schultz]

That was it.

Thank you!

--Troy

On Feb 21, 2007, at 8:25 PM, [EMAIL PROTECTED] wrote:


On 21/02/07, Troy Schultz <[EMAIL PROTECTED]> wrote:

Hello,

I am trying to mount a smb share into a jail.
The way that I am trying to accomplish this is:

1. mount the smb share onto /mnt read only
2. mount the /mnt share into the /jail/xxx.xxx.xxx.xxx directory  
nullfs


This all works by hand. However, when set in fstab to mount the smb
share and then the nullfs following it, the nullfs is mounted first
then the smb share and this shows nothing. Is there a way that I can
force the order or am I just plain doing something wrong?


No experience with this, but the "late" option
in mount(8) might be your key.

--
--


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Mount order of fstab

[Troy Schultz]

Hello,

I am trying to mount a smb share into a jail.
The way that I am trying to accomplish this is:

1. mount the smb share onto /mnt read only
2. mount the /mnt share into the /jail/xxx.xxx.xxx.xxx directory nullfs

This all works by hand. However, when set in fstab to mount the smb  
share and then the nullfs following it, the nullfs is mounted first  
then the smb share and this shows nothing. Is there a way that I can  
force the order or am I just plain doing something wrong?


Thanks,

Troy
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: which jdk?

[Eric Schultz]

Robert Huff wrote:

1) You need a working Java to build a working Java.


Just curious, does that mean after the first time you install Java 
subsequent re-installs or upgrades can use the /native/ port that was 
first installed using the Linux package?



2) Due to restrictions from Sun, there is no FreeBSD native JDK
_package_.


Write Once, Run Anywhere!  Except...

What's the GCJ story?  How do they get away with it?  Way off-topic 
though, and more than my brain could probably cope with right now. 
Never mind.



3) So, to build the 1.4 (or 1.5) _port_, we install the Linux
1.4 package and use it to compile the code.  Once the native port
has built successfully, you can delete the Linux port.


That just doesn't sound right, at a meta-physical level.

--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Remote Single User Mode?

[Eric Schultz]

Kris Kennaway wrote:

On Wed, Mar 22, 2006 at 10:11:48AM -0800, Chris Maness wrote:

I administer this box by remote.


Look into setting up a serial console; this is the "remote single user
mode" you're looking for.


Good morning...

How remote is "remote"?

If it's just down the hall you can probably get a DB25/DB9 (depending on 
the machine) to RJ45 adapter and use existing CAT5 cable to get to a 
serial console to your desk.  There even exist serial RJ45 switch boxes 
if you have several machines to "remote" administer.


If it's farther than that, like in another building/city/etc. you can 
always setup a modem on the box's serial port and dial in to that. 
You'll need a modem at your end too, which means either an analog line 
or a analog-to-digital tap for your office phone.


I have no idea whether there any serial-over-IP solutions.  But you 
could build one with FreeBSD!!!


--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: loader.conf != limits?

[Randy Schultz]

On Mon, 27 Feb 2006, Dan Nelson spaketh thusly:

-}In the last episode (Feb 27), Randy Schultz said:
-}> I've been running some code with larger data sets and needed to up
-}> some kernerl parameters.  I added this to loader.conf:
-}>kern.maxdsiz="1073741824"
-}>kern.dfldsiz="1073741824"
-}>kern.maxssiz="134217728"
-}> 
-}> The odd thing is limits shows:
-}> Resource limits (current):
-}>   cputime  infinity secs
-}>   filesize infinity kB
-}>   datasize  1048576 kB
-}>   stacksize  131072 kB
-}> 
-}> Anybody know what's up with this?
-}
-}Should something be up?  1073741824/1024 is 1048576, which is what the
-}limit command shows.  The stack size hasn't changed because you didn't
-}set kern.dflssiz.  You can also set the default sizes in
-}/etc/login.conf.

Doh!  Thinking powers of 10 not 2.  Sorry.  Didn't know about the login.conf
bit tho'.  Tnx.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,  there is no
snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

loader.conf != limits?

[Randy Schultz]

Hey all,

I've been running some code with larger data sets and needed to up some
kernerl parameters.  I added this to loader.conf:
   kern.maxdsiz="1073741824"
   kern.dfldsiz="1073741824"
   kern.maxssiz="134217728"

The odd thing is limits shows:
Resource limits (current):
  cputime  infinity secs
  filesize infinity kB
  datasize  1048576 kB
  stacksize  131072 kB
  coredumpsize infinity kB
  memoryuseinfinity kB
  memorylocked infinity kB
  maxprocesses 5547
  openfiles   11095
  sbsize   infinity bytes
  vmemoryuse   infinity kB

Anybody know what's up with this?

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,  there is no
snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Redirecting Traffic with PF

[Eric Schultz]

Frank Staals wrote:

Hey,


Good afternoon...

I'm just stabbing in the dark here since I use neither 5-Stable nor PF.

I have an FreeBSD server/firewall running 5-Stable with PF. I want to 
redirect all udp traffic on port 27902 from the internet to a computer 
in my network. I used this rule but I have some problem with it: 
sometimes connections on that port are refused and I can't connect with 
other players ( it's for a online game ) :


What do you mean by "sometimes" ???  "sometimes" problems are the worst 
kind.



rdr on $extif inet proto udp from any port 27902 -> 192.168.2.11 port 27902

I think the problem might have something to do with the different 
network interfaces since the traffic is comming in on $extif and has to 
go to an computer connected to $intif ? And how can I do that ? Can I 
change it to:


rdr on $extif inet proto udp from any port 27902 -> $intif 192.168.2.11 
port 27902


How are your two interfaces configured and what does your routing table 
look like?  If you do a traceroute to 192.168.2.11 from the firewall 
when you're having trouble connecting what is the result?


--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: [Total OT] Trying to improve some numbers ...

[Eric Schultz]

lars wrote:

A long uptime means that the machine hasn't been rebooted for a long
time. If that time's longer than the time to the last patch that
required a kernel recompilation and a reboot, it means the server is not
patched. 
Where's the point in advertising an unpatched machine?


Good afternoon...

Perhaps it means the OS doesn't need to be patched that frequently or 
has a patch mechanism that avoids reboots?  That's certainly worth 
advertising (if only were true).


The top machine has been running for almost 6 years on FreeBSD 3.3 which 
means the admin probably believes that "if it ain't broke, don't fix 
it."  I would also want to advertise the longevity of an OS.


(You might not like that last one if you're a hardware vendor :)

Also, a lot of work-arounds for security patches amount to "lock the 
front door."  So perhaps some systems don't need to be patched because 
they're administered so as not to require immediate patching/upgrading.


I had trouble finding any relative numbers on the website.  Individual 
machines had an Availability % figure; but I couldn't find anything by 
OS.  Also, I didn't see any pivots that broke-down OSes by usage or 
other crosstabs that would have been cool.


--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How is this List Connected with the usenet?

[Eric Schultz]

Chris Maness wrote:

Does this list crossover into Usenet?


Good afternoon...

check out http://dir.gmane.org/index.php?prefix=gmane.os.freebsd

they have various web interfaces, as well as nntp and rss feeds. 
read-only though.  to post you have to subscribe and send mail to the list.


--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: How do I download an older version of PDF Handbook

[Eric Schultz]

Good morning...

Lowell Gilbert wrote:

A newer version of the Handbook won't necessarily have less information
relevant to your system; just more information relevant to later
versions.


I seem to remember reading a thread in freebsd-docs that discussed 
forking the book when things changed between versions.




I suppose the easiest way to do it would be to extract it from the docs
collection of an install disk.  You'll need a tar program for your
Windows box and a program that understands the compression scheme used
on the tarball.  The tarball is split(1) into a bunch of files for
packaging convenience, but I think the Windows "copy" command can handle
that.  


Yup that worked, thanks!

ISOBuster to extract the doc directory from the 4.7-mini ISO

copy doc.* /B doc.tgz (note the /B to indicate binary was important, 
without it I ended up with a 20 byte .tgz file)


and then 7-Zip to extract the files I wanted.

Thanks again.

--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

How do I download an older version of PDF Handbook

[Eric Schultz]

Good afternoon...

I don't have access to my FBSD machine right now, only my WinXP machine; 
and I'd like to get an older version of the Handbook that matches my 
FBSD machine (4.7, but lets say 4-STABLE).  I've Googled, Gmaned, 
visited the ftp site and browed the CVS web interface (thinking I might 
find RELENG_4 SGML source) without any success.


I would prefer a PDF version but I suppose I could follow the steps to 
generate one from the SGML ('cept I have to be able to get the SGML 
version from my WinXP box).


Thanks.

--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: What functionality is provided by minimal install

[Eric Schultz]

Giorgos Keramidas wrote:

On 2006-01-30 13:42, Eric Schultz <[EMAIL PROTECTED]> wrote:

sysintall help that a Minimal install is "just the base system."  But
what _functionality_ is provided by a *base system*???


A short `overview' of a sort can be seen with:

# man 5 rc.conf

For every daemon, service, or option that you see in that manpage, there is
also a feature of the base system.


Good afternoon...

That's a very interesting idea.  I guess that would cover (excuse my 
un-certainty with the terminology here) the /kernel/ but not the 
/userland/.  For the /userland/ i assume I would still have to man every 
executable - and then some - that I find?


--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

What functionality is provided by minimal install

[Eric Schultz]

Good afternoon...

I did a minimal install from a 4.7 mini disc (yes 4.7, but this question 
could be quite generic) and I was wondering what I got.  I know from the 
sysintall help that a Minimal install is "just the base system."  But 
what _functionality_ is provided by a *base system*???


I did an ls -lR from the root of my machine after the installation to 
see what files I got.


I also added the man pages distribution, did another ls -lR, then added 
the ports collection and did a third ls -lR (this one was over 4 MBs, 
time to see if gzip is included with Minimal!!!).  So I can lookup what 
files I got each time; and I figure I can /man/ every file /bin, /sbin, 
/whatever/bin  but I was hoping that might already be documented somewhere.


So far Googling and searching gmane.org have not shown-up anything like 
what I'm looking for (The Handbook's section 2.6 does not provide any 
detail either).  Can anyone point me to a source?  Or let me know what I 
should do with that info if I end-up compiling it myself?


Thanks.

--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: did something change in SMP scheduling from 5.4 to 6.0?

[Randy Schultz]

Tnx for the response.

On Fri, 27 Jan 2006, Lowell Gilbert spaketh thusly:

-}
-}What was the actual workload at that point?  It looks like there's

Not much actually.  ~.3 or .4.

-}only one runnable process, and it's running, so there is no reason to
-}care which processor it's on.  

Yeah that's what I was thinking as well but I have been pushing it a fair
bit and still see everything on the first proc.  Here is 1 example:

last pid: 82302;  load averages:  2.20,  0.82,  0.41 up 6+23:37:10  11:24:50
127 processes: 6 running, 121 sleeping
CPU states: 16.1% user,  0.0% nice,  2.1% system,  0.0% interrupt, 81.9% idle
Mem: 295M Active, 1050M Inact, 294M Wired, 72K Cache, 112M Buf, 364M Free
Swap: 4096M Total, 4096M Free
 
  PID USERNAME  THR PRI NICE   SIZERES STATE  C   TIME   WCPU COMMAND
  655 schultz 1  760 30024K 29276K RUN0  50:32  2.25% Xorg
82301 root1 1390 10784K 10200K RUN0   0:00  2.25% cc1
12185 schultz 1  760 76532K 75704K select 0  22:37  0.00% opera
14583 schultz 1  760  5512K  4548K select 0   5:49  0.00% xterm-static
 3013 schultz 8  200 91760K 77840K kserel 0   4:57  0.00% evolution-2.2
10846 schultz 1  760  5452K  4460K select 0   3:24  0.00% xterm-static
41670 schultz 1  760 10236K  8572K select 0   2:23  0.00% pine
  667 schultz 1  760 20844K 10208K select 0   1:20  0.00% xchat
 

Now when running the compile it seemed to make no difference whether or not
I was running 1 or 3 compiles, the system still hugged cpu0.  I did see
occasional hops to the second cpu but they were rare.
 
-}
-}I'm not sure there's an issue here.  Spreading the work among two

Me either but I thought I'ld ask those who know more.

-}processors might make slightly better use of cache space, but would
-}make power-saving modes less useful.  Now if you run two completely
-}independent CPU-intensive processes, you'll see both CPUs in use.

Well, I have and have seen them running all on cpu0 and have seen some
spread out.  What I cannot be sure of is when multiple compiles are running
on the same cpu what exactly each was doing.  For example I've kicked off
several portupgrades and they all run mostly on cpu0 however with a 
portupgrade there is so much more going.  If I can get more data 
I'll post back here.  

Tnx again for the help.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,
 there is no snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Freebsd + samba + ssh+cvs

[Eric Schultz]

David Richards wrote:

Please can u cc me as I am not on the list


Good morning...

Gmane.org offers a number of alternatives if you do not like reading the 
posts as mail messages or digests (personally I like the news/nntp 
interface).


Check-out http://dir.gmane.org/gmane.os.freebsd.questions

or just http://dir.gmane.org/index.php?prefix=gmane.os.freebsd for a 
complete list of FreeBSD lists.


--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/

Using Mozilla's revolutionary e-mail client: 
http://www.mozilla.org/products/thunderbird/
Using SquirrelMail's revolutionary e-mail client: 
http://www.squirrelmail.org/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

did something change in SMP scheduling from 5.4 to 6.0?

[Randy Schultz]

Hey all,

I am curious if something changed in the way extra cpus are utilized in 6.0
vs. 5.4 in a SMP kernel.

My system is a dual-proc Xeon box.  When I was using 5.4 top would show
both procs being used roughly the same, e.g. the "C" column usually had
almost as many processes running on the second cpu as on the first.  On
Jan 23 I did a cvsup and compiled a new 6.0-STABLE SMP kernel.  Now 
watching top I rarely see the second proc being used, even though 
roundrobin is enabled.  FWIW, here's some possibly relevant config bits:
Dude ? sysctl -a|egrep smp
kern.timecounter.smp_tsc: 0
kern.smp.forward_roundrobin_enabled: 1
kern.smp.forward_signal_enabled: 1
kern.smp.cpus: 4
kern.smp.disabled: 0
kern.smp.active: 1
kern.smp.maxcpus: 16
Dude ? 
Dude ? sysctl -a|egrep hyperth
machdep.hyperthreading_allowed: 0

I've attached the output of a typical top with some builds running.  
Unfortunately I don't have any saved data from 5.4.

I do see the second processor being used but those times are rare.  When it 
does happen it seems almost exclusively when I'm seriously hammering the 
system.  This makes me think something has changed with 6.0 behind-the-scenes
such that if the system doesn't need the extra power then it sticks to cpu 0.  
I poked around the release notes and handbook but failed to find anything
on this topic.  Am I all wet and simply have something misconfigured or 
indeed all is well with 6.x doing it's thing hugging cpu 0?

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,
 there is no snare like folly, there is no torrent like greed."
last pid: 86336;  load averages:  0.37,  0.31,  0.22 up 2+22:34:02  10:21:42
148 processes: 2 running, 146 sleeping
CPU states: 14.9% user,  0.0% nice, 10.2% system,  0.0% interrupt, 74.8% idle
Mem: 312M Active, 963M Inact, 187M Wired, 11M Cache, 112M Buf, 529M Free
Swap: 4096M Total, 4096M Free

  PID USERNAME  THR PRI NICE   SIZERES STATE  C   TIME   WCPU COMMAND
86122 root1   80  1612K  1500K wait   0   0:00 16.50% make
86335 root1 1390   584K   476K RUN0   0:00 16.50% make
86288 root1  -80  1648K  1184K piperd 0   0:00 16.50% sh
85738 root1  -80 21276K 20924K piperd 0   0:02 14.99% ruby18
86121 root1   8    0  1636K  1172K wait   0   0:00 14.99% sh
  655 schultz 1  760 30148K 29220K select 0  15:43  0.00% Xorg
11160 schultz 1  760  2644K  1924K select 0   2:20  0.00% top
80862 schultz 7  200   203M   190M kserel 0   2:06  0.00% firefox-bin
  667 schultz 1  760 14136K 10276K select 0   0:32  0.00% xchat
 4023 schultz 1  760  6924K  5948K select 0   0:31  0.00% xterm-static
 3013 schultz 8  200 55640K 41624K kserel 0   0:29  0.00% evolution-2.2
 4006 schultz 1  760  5468K  4492K select 0   0:25  0.00% xterm-static
  801 schultz 1  760  5472K  4496K select 0   0:20  0.00% xterm-static
  592 root1  760  1216K   676K select 0   0:19  0.00% moused
41670 schultz 1  760  8672K  6968K select 0   0:15  0.00% pine
  692 schultz 1  760  5484K  4424K select 0   0:11  0.00% xterm-static
10846 schultz 1  760  5452K  4460K select 0   0:10  0.00% xterm-static
  708 schultz 1  760  5500K  4524K select 0   0:09  0.00% xterm-static
 1172 schultz 1  760  5452K  4476K select 0   0:09  0.00% xterm-static
80886 schultz 1  760  2632K  1912K CPU0   0   0:08  0.00% top
  494 root1  760  2924K  1760K select 0   0:08  0.00% ntpd
  888 schultz 1  760  5452K  4448K select 0   0:07  0.00% xterm-static
  660 schultz 1  760  5400K  3548K select 0   0:06  0.00% fvwm
12259 schultz 1  760  5472K  4496K select 0   0:05  0.00% xterm-static
81573 schultz 1  760  5468K  4492K select 0   0:05  0.00% xterm-static
20918 schultz 1  760  5500K  4524K select 0   0:05  0.00% xterm-static
32772 schultz 1  760  5452K  4448K select 0   0:05  0.00% xterm-static
  385 root1  76    0  1300K   828K select 0   0:04  0.00% syslogd
 9622 schultz 1  760  5468K  4504K select 0   0:03  0.00% xterm-static
 9287 schultz 1  760  5468K  4504K select 0   0:03  0.00% xterm-static
14583 schultz 1  760  5500K  4536K select 0   0:02  0.00% xterm-static
20866 schultz 1  760  5480K  4512K select 0   0:02  0.00% xterm-static
20907 schultz 1  760  5468K  4504K select 0   0:02  0.00% xterm-static
  688 schultz 1  76    0  4888K  3680K select 0   0:02  0.00% gconfd-2
  664 schultz 1  76    0  4664K  3040K select 0   0:02  0.00% FvwmPager
 3018 schultz 7  200 32768K 18764K kserel 0   0:02  0.00% evolution-alar
45374 schultz 1 1390  3336K  2780K select 0   0:01  0.00% ssh
  662 schultz 1  760  4844K  3992K select 0   0:01  0.00% xclock
 3015 schultz 8  200 1

Re: Summary of CD (ISO) contents

[Eric Schultz]

Peter Giessel wrote:

On Monday, January 23, 2006, at 09:41AM, Eric Schultz <[EMAIL PROTECTED]> wrote:

How can find out what I'm downloading before I download five images only 
to find out that the fifth one was all I needed?


ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/5.4/README.TXT


Thanks.  I missed that one.  I went from 5.3 to 6.0 to 4.7.

Hopefully I'll be able to go back to 6.x when I install on some newer 
hardware.  For now I'm crossing my fingers that my Toshiba Satellite 
2140CDS will be more accepting of 4.x than it was of the other two (so 
far so good, but then 6.0 was fine unless I wanted to use the network, 
floppy, USB, or X in more than 2 bit 320x200 mode).


--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/

Using Mozilla's revolutionary e-mail client: 
http://www.mozilla.org/products/thunderbird/
Using SquirrelMail's revolutionary e-mail client: 
http://www.squirrelmail.org/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Summary of CD (ISO) contents

[Eric Schultz]

Good afternoon...

I've searched high and low (handbook, readme.txt's, gmane.org, google, 
bsdforums) but I have not been able to find a summary of what is on the 
ISO images (CD's) for FreeBSD (various versions).


How can find out what I'm downloading before I download five images only 
to find out that the fifth one was all I needed?


Thanks.

--
Headed for the second star to the right and straight on 'til morning...

  Eric Schultz
  (aka Storkman)

Photos: http://community.webshots.com/user/schultznet
Homepage: http://www.schultznet.ca
Blog: http://schultznet.blogspot.com/

Using Mozilla's revolutionary e-mail client: 
http://www.mozilla.org/products/thunderbird/
Using SquirrelMail's revolutionary e-mail client: 
http://www.squirrelmail.org/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: openldap23 sasl server

[Randy Schultz]

On Fri, 6 Jan 2006, Denis Lemire spaketh thusly:

-}The port you are looking for is net/openldap23-server.
-}
-}If you do a make config on this port and enable SASL support the
-}resulting package will be openldap23-sasl-server.

Ah, there it is.  Tnx.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,  there is no
snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

openldap23 sasl server

[Randy Schultz]

Hi there,

I had a 5.4 system running the openldap23 sasl server that I did a bin upgrade 
to 6.0-stable.  Once that was done I cvsup'd everything to bring it up to 
date.  When I did a portupgrade -a I noticed, due to portupgrade dying, that

openldap23-sasl-server does not exist in the ports tree.  Yet using sysinstall,
which is what I did initially to install, it's there for installing.  Can
somebody point me to the answer as to why it's available using sysinstall
but not when using the ports tree?  The 2.3 sasl client is there but not
the 2.3 sasl server.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,  there is no
snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: wazzup with this java build warning?

[Randy Schultz]

On Thu, 6 Oct 2005, Kris Kennaway spaketh thusly:

-}> 
-}> Tnx Ken.
-}
-}Who's Ken? ;P

Blech.  Sorry about that Kris.  The Sam Smith Taddy Porter musta snuck up
on me when I wasn't looking.  ;>

-}
-}> So it's ok and the end result will be the native jdk?
-}
-}Yes.

Sweetness.  Tnx again.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,  there is no
snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: wazzup with this java build warning?

[Randy Schultz]

On Thu, 6 Oct 2005, Kris Kennaway spaketh thusly:

-}On Thu, Oct 06, 2005 at 07:32:41PM -0500, Randy Schultz wrote:
-}> Doing a make in ports/java/jdk14.  Have in ports/distfiles the files the
-}> make asks for.  When the make continues it warns with:
-}> 
-}> ===>Verifying install for /usr/local/linux-sun-jdk1.4.2/bin/javac in 
/usr/ports/java/linux-sun-jdk14
-}> ==
-}> Warning: This JDK may be unstable. You are advised to use the native
-}> FreeBSD JDK, in ports/java/jdk14.
-}> 
-}> 
-}> I don't get this.  I am using ports/java/jdk14, performing the make there,
-}> yet it barks with this.  Is this some debris from a bygone check or did I 
-}> miss a step?
-}
-}No, read what it says..it's installing the linux-sun-jdk14 port as
-}part of the build of jdk14.  Why?  Because you need a java compiler to
-}bootstrap the java compiler.

Tnx Ken.

So it's ok and the end result will be the native jdk?

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,  there is no
snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

wazzup with this java build warning?

[Randy Schultz]

Doing a make in ports/java/jdk14.  Have in ports/distfiles the files the
make asks for.  When the make continues it warns with:

===>Verifying install for /usr/local/linux-sun-jdk1.4.2/bin/javac in 
/usr/ports/java/linux-sun-jdk14
==
Warning: This JDK may be unstable. You are advised to use the native
FreeBSD JDK, in ports/java/jdk14.


I don't get this.  I am using ports/java/jdk14, performing the make there,
yet it barks with this.  Is this some debris from a bygone check or did I 
miss a step?

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,  there is no
snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: sendmail or another mail server?

[Randy Schultz]

On Mon, 26 Sep 2005, Efren Bravo spaketh thusly:

-}Hi,
-}
-}I've installed a fBSD and now I'm tuning it 'cause I need to put it to
-}serve as mail server.  
-}  
-}My questions is if sendmail is able to serve as a serious mail server or I
-}should try with another software for this job.  
-}  
-}In case I choose sendmail or another mail server software, exists an web
-}interface for them?  

In-house volume testing I've done for with fbsd 5.4 has postfix smokin' 
sendmail with at least a 260% increase.  With softupdates enabled and a
few other simple things pfix on fbsd rocks.  FWIW.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,
 there is no snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Performance of mailserevr in FreeBSD 5.4

[Randy Schultz]

On Tue, 20 Sep 2005, Deepak Naidu spaketh thusly:

-}Thanx Randy,
-} 
-} It would be good, if I have some data of posted doc regarding 
this... or of 
-}your own experience. Thanx for your advise   

Ok.  I'm posting this to advocacy as well in case any find it useful or
at least interesting.

Here's a summation of the testing I did and the results of those tests.
As we were only looking for a few things this is far from a scientific 
analysis so FWIW.

Test background/setup:
   I wanted to test various configs to see what gave the best throughput in 
   a relay configuration for our real-time requirements, i.e. ave # of 
   recipients, ave size of each email, etc. 

   - OS's: FreeBSD 5.4 with and w/o softupdates, Fedora Core 3, Fedora Core 4.
 The FC installations used ext3 for the filesystems.  I wanted to try
 with Reiser but ran out of time.
   - Sink systems simply threw everything to /dev/null.  We had multiple sink
 systems to ensure they were never a chokepoint.  
   - Source systems used fbsd's postal package as:
 postal -m 11 -p 4 -c 2 d3 usernames -
 where usernames contained 2 and 3 usernames.  No significant 
 difference was found using 2 or 3 usernames.
   - Test relay was a dual-proc 800 MHz system PC with 1 GB RAM and the 
 entire system on 1 5400 RPM drive.  (I know - nobody would ever run
 a mail server with /var/spool on the root drive but we were really
 just looking for difference percentages, not max throughput and had 
 some old systems lying around... ;)
   - All installs were default installs.  I thought about tweaking this or
 that, e.g. postfix has some notes on things to do for high-volume
 installations that we didn't do.  I wanted out-of-the-box as much as
 possible.  Tweaking can quickly turn into a slippery slope of just 1 
 more here and 1 more there.  I figured we can tweak all we want for
 more specific needs as they arise.
   - The versions of sendmail and postfix were whatever was current stable
 in June, compiled locally with default build instructions.

So, given all that, here's the #'s I came up with.  

Sendmail
   Linux:47,000 emails/hr
   FreeBSD:  66,000 emails/hr

   this is about a 40% increase in throughput.

Postfix
   Linux: 86,000 emails/hr
   FreeBSD:  223,000 emails/hr

   this is about a 260% increase in throughput.

The above data is for FC4 and FBSD 5.4 with softupdates enabled.  My 
apologies but I can't find the notes for FC3 and FBSD w/o softupdates.  FC4 
was faster but not by much, and by about the same % for sendmail and postfix.
Softupdates showed a similar pattern(as expected) - not as fast as with 
softupdates.  IIRC the data for postfix/fbsd w/o softupdates was still
around 190k emails/hr(this is from memory so take it with a grain of salt).

I was amazed at the difference with postfix.  Whatever Mr. Venema did inside
postfix really works well on fbsd.  Even though I can't find the #'s I 
remember my amazement that fbsd w/o softupdates still smoked FC4 when using 
postfix.

Pls remember this is far from a scientific analysis.  Your mileage will vary
in many ways.  I would recommend doing your own tests with your own criteria.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,
 there is no snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Performance of mailserevr in FreeBSD 5.4

[Randy Schultz]

On Tue, 19 Sep 2005, Chuck Swiger spaketh thusly:

-}Deepak Naidu wrote:
-}>I wanted to know whether FreeBSD can make a perfect
-}> mailserver compared to mailservers on linux.  I am in
-}> process of porting them, but needed some statistical
-}> info regarding its performance compared with other os.
-}
-}FreeBSD makes a fine mailserver.

It certainly does.

A few months ago I did some testing and found that freebsd 5.4 with softupdates
enabled was able to process IIRC ~300% more email than fedora core 4.  In fact 
sendmail on fbsd 5.4 handled nearly as much email as postfix on fc4 while 
postfix on fbsd 5.4 was smokin' the wire.  I still have the hard data around 
somewhere if you think it'll be useful to you.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,
 there is no snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: wizard mode docs

[Randy Schultz]

On Fri, 12 Aug 2005, Giorgos Keramidas spaketh thusly:

-}On 2005-08-11 16:09, Randy Schultz <[EMAIL PROTECTED]> wrote:
-}> Hey all,
-}> Is there any documentation on wizard mode?  I'm just wondering what
-}> the scan function does.
-}
-}What is "wizard mode" supposed to be?

Arg.  Forgot about other wizard modes like ye olde sendmail wizard mode.
My apologies all...

This is during the install process when deciding what partitions to put on
the drives.  In that screen there is a wizard mode.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,
 there is no snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

wizard mode docs

[Randy Schultz]

Hey all,

Is there any documentation on wizard mode?  I'm just wondering what the
scan function does.

--
 Randy([EMAIL PROTECTED])  715-726-2832 email bodhisattva <*>

 "There is no fire like passion, there is no shark like hatred,
 there is no snare like folly, there is no torrent like greed."

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: expat portupgrade dies

[Randy Schultz]

On Thu, 3 Mar 2005, Michael C. Shultz wrote:

-}On Thursday 03 March 2005 01:59 pm, Randy Schultz wrote:
-}> On a 5.3 system when I try to portupgrade some ports the portupgrade
-}> dies on expat:
-}>   --->  Upgrading 'expat-1.95.6_1' to 'expat-1.95.8'
-}> (textproc/expat2) --->  Building '/usr/ports/textproc/expat2'
-}>   ===>  Cleaning for libtool-1.3.5_2
-}>   ===>  Cleaning for expat-1.95.8
-}>   ===>  Vulnerability check disabled, database not found
-}>   ===>  Extracting for expat-1.95.8
-}>
-}>   >> Checksum OK for expat-1.95.8.tar.gz.
-}>
-}>   ===>  Patching for expat-1.95.8
-}>   ===>  Applying FreeBSD patches for expat-1.95.8
-}>   1 out of 2 hunks failed--saving rejects to lib/expat.h.rej
-}>
-}>   >> Patch patch-expat.h failed to apply cleanly.
-}>   >> Patch(es) patch-configure applied cleanly.
-}>
-}>   *** Error code 1
-}>
-}>   Stop in /usr/ports/textproc/expat2.
-}>
-}>
-}> I've tried doing a pkg_delete on the old expat, same effect.  Is
-}> there a standard way to continue from this fail other than patching
-}> by hand?
-}
-}Make sure you first run "make clean" to get rid of old patched files,
-}then run "make patch". If the patches still fail to apply then notify
-}the portmaintainer, if the patches apply then just continue with a
-}normal "make install clean".

Hmm.  I did try to run the patch command by hand.  Hadn't tried the make patch. 
 
(stepping into a nearby phone booth...)

Ok.  Same issues.  I'll contact the port maintainer.

Tnx all for the pointers.

--
 Randy([EMAIL PROTECTED])  715-726-2832  <*>

 The Penguin Cometh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: expat portupgrade dies

[Randy Schultz]

On Thu, 3 Mar 2005, Paul Schmehl wrote:

-}--On Thursday, March 03, 2005 03:59:00 PM -0600 Randy Schultz 
-}<[EMAIL PROTECTED]> wrote:
-}
-}> On a 5.3 system when I try to portupgrade some ports the portupgrade
-}> dies on expat:
-}>
-}> I've tried doing a pkg_delete on the old expat, same effect.  Is there
-}> a standard way to continue from this fail other than patching by hand?
-}>
-}Try running make distclean in the expat2 ports directory.  Then run make 
-}install and see if it installs independently of portupgrade.

Ah, forgot to mention I had tried this with the same effect.

--
 Randy([EMAIL PROTECTED])  715-726-2832  <*>

 The Penguin Cometh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

expat portupgrade dies

[Randy Schultz]

On a 5.3 system when I try to portupgrade some ports the portupgrade
dies on expat:
 --->  Upgrading 'expat-1.95.6_1' to 'expat-1.95.8' (textproc/expat2)
 --->  Building '/usr/ports/textproc/expat2'
 ===>  Cleaning for libtool-1.3.5_2
 ===>  Cleaning for expat-1.95.8
 ===>  Vulnerability check disabled, database not found
 ===>  Extracting for expat-1.95.8
 >> Checksum OK for expat-1.95.8.tar.gz.
 ===>  Patching for expat-1.95.8
 ===>  Applying FreeBSD patches for expat-1.95.8
 1 out of 2 hunks failed--saving rejects to lib/expat.h.rej
 >> Patch patch-expat.h failed to apply cleanly.
 >> Patch(es) patch-configure applied cleanly.
 *** Error code 1
 Stop in /usr/ports/textproc/expat2.
I've tried doing a pkg_delete on the old expat, same effect.  Is there
a standard way to continue from this fail other than patching by hand?
--
 Randy([EMAIL PROTECTED])  715-726-2832  <*>
 The Penguin Cometh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Fwd: How to read bad blocks error message & marking of same

[David Schultz]

On Fri, Aug 06, 2004, Gary Corcoran wrote:
> Dan Nelson wrote:
> 
> >In the last episode (Aug 06), Gary Corcoran said:
> >
> >>Mike Meyer wrote:
> >>
> >>
> >>>Modern drives deal with bad block substitution all by themselves.
> >>
> >>Umm - not quite, right?  That is, if a block "goes bad" and you get a
> >>read error, the drive isn't going to do any "substituting" at that
> >>point.  You'll just continue to get the read error if you try to
> >>access (read) that block.  It's only when you allow another *write*
> >>to that block (e.g. by deleting the original file and writing new
> >>files) that the drive will automatically substitute a spare block for
> >>the one that went bad.
> >
> >
> >SCSI drives, at least, may do automatic reallocation on both reads and
> >writes ( camcontrol mode da0 -m 1, the ARRE and AWRE flags ).  If the
> >drive had to reread the block or had to use ECC to recover data, AND
> >the entire block was recovered, it will relocate the data if ARRE is
> >set.
> 
> Good to know, although I stopped buying SCSI disks (for home use)
> years ago.  I presumed the more common case these days, that we
> were talking about IDE disks.  In fact doesn't this (from the original
> question):
> 
> ad0s1a: hard error
> 
> necessarily refer to an ATA (IDE) disk?  I don't believe any (current)
> ATA disks will do automatic reallocation on reads, will they?  Though
> of course serial ATA drives seem to be "the future" and are taking
> on more and more SCSI-like features as time goes by.

Both ATA and SCSI drives may relocate blocks that were difficult
to read (e.g. correctable errors, took multiple attempts, etc).
But if the block can't be recovered at all, the drive will still
report an error to the OS (in addition to relocation).
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Usability Of NOCLEAN

[Peter Schultz]

Hi,

I'm just curious about the usability of NOCLEAN.  If I've just updated 
world and things are fine with the installation, is it considered safe 
to use NOCLEAN?  A couple updates to libc came in this morning just 
after I installed a fresh world and I'm wondering what others do in 
cases like this.

Thanks,
Pete...
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ACPI causing trouble for X in 5.2

[Peter Schultz]

David Cramblett wrote:
Robert Watson wrote:

On Fri, 16 Jan 2004, David Cramblett wrote:

I have problem with X on 5.2-RC2. Sometimes the whole
system hangs when I start X by startx or 'setpmac mls/equal startx'
(with MAC policies loaded). In about 30% of attempts it hangs on
XFree startup messages and hard reset is required.
The problem occurs a little bit too often for some unrelated
accident and it doesn't occur at all on 5.1-RELEASE (the same
hardware and configuration).
Does anyone have similar problem ?

Yes, see my post from earlier today called "Can't shutdown, logout, or
restart cleanly."  I have not run 5.1-RELEASE before, so I can't say
if it didn't happen there, but it definitely happens with
5.2-CURRENT.  I'm at my wit's end trying to find out why!
Per a post I received on bsdforums.com, try booting up with ACPI turned
off.  This can be done in 5.1 and later by choosing option 2 in the >boot
menu (Boot FreeBSD with ACPI disabled).  Once I did this, it worked >like
a champ.  I'm not sure why earlier versions may not have been affected
by this or if it only affects certain hardware.

Let me know if this worked for you.
I have the same problem on two builds of 5.2, one is a Sony Vaio 
PCG-F360 Laptop (PII 400MHz) and the other is a newer P4 system with 
Asus mother board.  Both worked fine with 5.1 and both broke with 5.2. 
I was able to work around this problem by booting up with ACPI disabled. 
Is there a known issue with ACPI that is being worked on for 5.2 or
did someone already submit a bug report?  Thanks, David


I was seeing this on my Dell Latitude notebook from a couple of years ago
(C600).  I found that the problem "went away" when I switched off either
ACPI or device apic, so it looks like it's basically an interrupt problem
of some sort.  I'm running with the r128 kernel module for DRI, and John
Baldwin suggested that it might be part of the problem.  I've also been
experiencing continuing ATA problems, so it may well be that a combination
of ACPI and apic changes has resulted in improper handling/routing/... of
interrupts on the box.
You might want to check and see if there are any BIOS upgrades available
for your system -- as ACPI support evolves, older systems with more
questionable ACPI sometimes work less well.  A number of vendors have
released BIOS updates to address this.
Seems kinda strange that it would work fine in 5.1 and then break in 
5.2, if it were hardware/bios related.  Keep in mind, one of my systems 
is less than a year old P4 system (you seem to just be referencing my 
older laptop), so were not just talking about old pre-ACPI hardware/bios 
either.  I may be wrong, but it seems something has changed for ACPI 
between 5.1 and 5.2, either in the FreeBSD implementation or in the 
specification that would require a BIOS update on my newer hardware and 
make the older hardware need it disabled.

In November John Baldwin changed how interrupts are handled and this 
shook up ACPI support for a lot of people.  I've created the following 
in an effort to help people sort through the difficulties:
http://bis.midco.net/pmes/acpi.html

Pete...
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: 20TB Storage System

[David Schultz]

On Fri, Sep 05, 2003, David Gilbert wrote:
> > "Poul-Henning" == Poul-Henning Kamp <[EMAIL PROTECTED]> writes:
> 
> Poul-Henning> In message <[EMAIL PROTECTED]>, Petri Helenius
> Poul-Henning> writes:
> >> fsck problem should be gone with less inodes and less blocks since
> >> if I read the code correctly, memory is consumed according to used
> >> inodes and blocks so having like 2 inodes and 64k blocks should
> >> allow you to build 5-20T filesystem and actually fsck them.
> 
> Poul-Henning> I am not sure I would advocate 64k blocks yet.
> 
> Poul-Henning> I tend to stick with 32k block, 4k fragment myself.
> 
> Poul-Henning> This is a problem which is in the cross-hairs for 6.x
> 
> That reminds me... has anyone thought of designing the system to have
> more than 8 frags per block?  Increasingly, for large file
> performance, we're pushing up the block size dramatically.  This is
> with the assumption that large disks will contain large files.
> 
> ... but I havn't seem that, myself.  Large arrays that we run tend to
> have multiple system images (for diskless or semi-diskless operation)
> and many more thousands of users ... all with their usual complement
> of small files.
> 
> It strikes me that driving the block size up (as far as 1M) and having
> a 256 (or so) fragments might become appropriate.
> 
> We probably also need to address disks with larger block sizes soon,
> but that's another issue alltogether.

To that end, UFS2 is supposed to be able to support ``jumbo
blocks''.  The code for that isn't in the tree, but I presume Kirk
is working on it.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: x86 Disassembler

[David Schultz]

On Tue, Aug 12, 2003, Ryan Sommers wrote:
> Are there any tools to disassemble an x86 binary file? objdump does a nice 
> job on most files. However, I'm messing with some machine-code binary files 
> that don't have ELF headers or anything other then the machine-code (ie 
> MBR's). I'd like to disassemble them on FreeBSD, possibly to a format that 
> G(as) could reassemble. Then I don't have to use something like debug.exe. 

One kludge that may work is to use objcopy --add-section to insert
the machine code into an ELF file.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Why is there no JFS?

[David Schultz]

Thus spake Darren Pilgrim <[EMAIL PROTECTED]>:
> David Schultz wrote:
> >Thus spake Terry Lambert <[EMAIL PROTECTED]>:
> >>IMO, this is not the reason for them being off on /; the real
> >>reason is as I've stated: sysinstall expects the common case to
> >>be an initial install, not operations after the initial install,
> >>and so does not turn it on by default.
> >
> >
> >The original reason was due to the possibility of installworld
> >failing, due to the case described above not being handled
> >particularly well in FreeBSD 4.X.  Sysinstall is perfectly happy
> >with creating a root FS with softupdates enabled.  If someone
> >wants to bother changing the default for what little difference it
> >might make in installworld/installkernel times, I would support it.
> 
> For what its worth, I think all that's needed is to change line 339 in 
> usr.sbin/sysinstall/label.c:
...
> I think softupdates is still (viewed as) riskier than synchronous 
> writes, at least for large numbers of writes (like installworld) to a 
> filesystem of limited size, so someone is going to inevitably ask if 
> FreeBSD should be loading the bullets as well.  Personally, if it's a 
> matter of choosing overall safety or a performance gain for something 
> you really shouldn't be doing to a live machine anyway, I'll take the 
> safe route and option the performance gain.

I've heard that argument, and while I think it has *some* validity
in general, I don't buy it for installworld/installkernel in
particular.  Softupdates guarantees metadata consistency (modulo
hardware issues that have been discussed on this list before), but
it can reorder writes and delay the amount of time it takes your
data to hit the disk.  For an installworld, this means that the
window during which you have a partially installed world is
slightly larger, but installworld takes a while, so the window is
already pretty darn big.  The whole rationale for doing
installworld/installkernel in a particular sequence is that with
any luck, you can boot to single-user mode after something goes
wrong and finish the job (or revert to the old kernel.)

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Why is there no JFS?

[David Schultz]

Thus spake Terry Lambert <[EMAIL PROTECTED]>:
> David Schultz wrote:
> > > The easy way to fix this is to insert a new dependency for the
> > > completion of the allocation.  Basically, this would put in a
> > > stall barrier that would cause the outstanding I/O to drain before
> > > the new I/O was attempted.  All other operations behind the one
> > > that caused the stall would b held off, which would avoid the
> > > starvation deadlock you describe.  Most likely, all this would
> > > require some minor code to maintain a running tally of virtual vs.
> > > real free block count.
> > 
> > It really isn't a big deal.  You're saying you can fix the problem
> > where allocations can sometimes fail on a busy 99% full
> > filesystem, but on such a filesystem, you're just as likely to hit
> > it when it's 100% full.  Kirk's solution is simple and has the
> > advantage of not requiring additional dependency tracking for the
> > common case.
> 
> No, actually it should work for "100% full", as well, as long as
> that "100% full" is "the real disk" vs. "the real disk, after all
> pending updates have been applied".
> 
> In other words, if it would have worked with soft updates turned
> off, then it will work with soft updates turned on.

My point was that a busy disk that is nearly 100% full will
probably experience intermitted ``disk full'' errors anyway,
so it suffices to simply deal with cases such as
'rm -rf foo && immediately create lots more files', which
softupdates does handle in -CURRENT.

> IMO, this is not the reason for them being off on /; the real
> reason is as I've stated: sysinstall expects the common case to
> be an initial install, not operations after the initial install,
> and so does not turn it on by default.

The original reason was due to the possibility of installworld
failing, due to the case described above not being handled
particularly well in FreeBSD 4.X.  Sysinstall is perfectly happy
with creating a root FS with softupdates enabled.  If someone
wants to bother changing the default for what little difference it
might make in installworld/installkernel times, I would support it.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Why is there no JFS?

[David Schultz]

Thus spake Terry Lambert <[EMAIL PROTECTED]>:
> David Schultz wrote:
> > > There's no chicken and egg problem when you're booting off install
> > > media or for that matter from single user mode.  The problem was that
> > > softupdates means you don't get space back from deleted files immediatly
> > > so previously / tended to fillup during installworld or installkernel.
> > > I know some fixes have been implemented in that area, but I'm not sure
> > > if then mean you can always write to the space occupied by unlinked
> > > files or just that you have a better chance.
> > 
> > The problem is effectively fixed in 5.0.  Basically, when no space
> > can be found, the syncer is accelerated to try to speed up frees.
> > Technically it's possible to run into a livelock, where you keep
> > freeing space and it keeps getting snatched up before you can grab
> > it, so you wait forever.  So IIRC, there is a point where it just
> > gives up on finding the space.  However, that won't happen with an
> > install, so the free space problem isn't a reason not to use
> > softupdates on the root FS.  I think the default hasn't been
> > changed just because nobody has bothered.
> 
> The easy way to fix this is to insert a new dependency for the
> completion of the allocation.  Basically, this would put in a
> stall barrier that would cause the outstanding I/O to drain before
> the new I/O was attempted.  All other operations behind the one
> that caused the stall would b held off, which would avoid the
> starvation deadlock you describe.  Most likely, all this would
> require some minor code to maintain a running tally of virtual vs.
> real free block count.

It really isn't a big deal.  You're saying you can fix the problem
where allocations can sometimes fail on a busy 99% full
filesystem, but on such a filesystem, you're just as likely to hit
it when it's 100% full.  Kirk's solution is simple and has the
advantage of not requiring additional dependency tracking for the
common case.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Why is there no JFS?

[David Schultz]

Thus spake Brooks Davis <[EMAIL PROTECTED]>:
> On Wed, Feb 12, 2003 at 07:40:00PM -0800, Terry Lambert wrote:
> > Darren Pilgrim wrote:
> > > Not really.  A properly laid-out filesystem hierarchy will result in no
> > > writes to / (except for installworld/kernel).  That removes the problem
> > > that journalling addresses, and is probably why softupdates is disabled
> > > by default for /.  For large, active filesystems, journalling would be a
> > > big improvement when you had to run a foreground fsck.
> > 
> > Soft updates are disable on / by default because of the chicken
> > and egg problem of runing tunefs on /.
> 
> There's no chicken and egg problem when you're booting off install
> media or for that matter from single user mode.  The problem was that
> softupdates means you don't get space back from deleted files immediatly
> so previously / tended to fillup during installworld or installkernel.
> I know some fixes have been implemented in that area, but I'm not sure
> if then mean you can always write to the space occupied by unlinked
> files or just that you have a better chance.

The problem is effectively fixed in 5.0.  Basically, when no space
can be found, the syncer is accelerated to try to speed up frees.
Technically it's possible to run into a livelock, where you keep
freeing space and it keeps getting snatched up before you can grab
it, so you wait forever.  So IIRC, there is a point where it just
gives up on finding the space.  However, that won't happen with an
install, so the free space problem isn't a reason not to use
softupdates on the root FS.  I think the default hasn't been
changed just because nobody has bothered.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Why is there no JFS?

[David Schultz]

Thus spake Daxbert <[EMAIL PROTECTED]>:
> The inspiration for this email was from a thread in 
> -questions: "Re: fsck takes very long after crash/reset"
> 
> Is anybody currently working on or does there exist
> a JFS for FreeBSD?
...
> Is there not a JFS for FreeBSD becuase, Softupdates 
> do the job just fine and nobody has the 
> time or interest to work on this?

Various people have indicated that they might try to implement
them, but there really isn't a lot of support for the idea.
People already have softupdates, so there's substantially less
incentive to support another technology for ensuring metadata
consistency.  (As Terry will surely point out if I don't,
Softupdates and journalling don't solve *exactly* the same set of
problems.)

> I'm not running FreeBSD 5.x. So I'm not able to take 
> advantage of the background fsck. Can anybody comment 
> on their success w/ the background fsck?

Problems have been reported for very large (60 GB+) drives, but
otherwise it seems to work well.  It is only appropriate to use if
the reason you need to fsck is a crash or power failure.  If a
hardware or software bug messes up part of your FS, you need to
run a foreground fsck.

> If a JFS were to be ported and/or developed for FreeBSD
> what should it be based on? XFS, JFS, ReiserFS???

It would be easier to add journalling to FFS than to port one of
the above filesystems, and the licensing would be problematic.  It
is less problematic for ReiserFS because Hans Reiser is willing to
make exceptions to the GPL as long as e.g. Apple can't build OS X
on top of FreeBSD and thereby get ReiserFS without sharing the
profits with him.  But you still have to find someone for whom
softupdates isn't good enough who is willing to do the work.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

sysinstall suddenly quitting

[Randy Schultz]

Hey all,

I've got a 4.6 system that I'm trying to get to 4.7.  I've dropped on the
sysinstall from 4.7(per the docs).  I run it as 
"/stand/sysinstall installUpgrade".  When I get to the "Choose Installation
Media" screen I go into Options to change the Release Name.  Regardless of
what I do on this screen, in fact even if I do nothing at all, when I press
'Q' to quit sysinstall exits, dropping right to the commandline.  On the 
screen it says "chflags'ing old binaries - please wait".  There doesn't 
seem to be anything about this in docs or list/newsgroup archives and I've
tried a number of different things - making sure I'm root, perms on chflags,
getting chflags from the 4.7 dist, even different term types and keyboards
(hey - maybe there was some weird key bounce going on ;).  I'm guessing
PEBCAK but am not sure where to look.

-- 
 Randy([EMAIL PROTECTED])  715-726-2832  <*>

 The BeaSD Cometh


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: mac os x 10.2.3 jaguar and port forwarding?

[David Schultz]

Thus spake Ralph Freibeuter <[EMAIL PROTECTED]>:
> Ho can I exactly define a rule (and where?) that forwards
> incoming requests to port 445 (samba?) to an internal machine
> with lan ip 192.168.2.50 ?
> 
> The routing Macs IP is 192.168.2.1 and the external IP is
> given by ISP via pppoe.
> 
> Please help me.
> 
> I've already tried:
> 
> sudo natd -redirect_port tcp 192.168.2.50:445 445
> 
> But all I get are messages about errors and addresses
> that already have been given.

This isn't an OS X list, but...

have you tried killing any existing natd instances before you try
the command above?  I just use natd_flags in rc.conf to specify
the -redirect_port options, and it works fine.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Drawing diagrams a-la-Visio

[David Schultz]

Thus spake Cliff Sarginson <[EMAIL PROTECTED]>:
> I am looking for an application that will allow diagrams to be drawn
> (such as network topologies) similar to the Windows program Visio (I
> think that is what it is called). One that has some pre-defined
> shapes/lines etc suitable for technical use. Does anyone have any
> suggestions ... ?

I can't think of a direct comparison any closer than xfig, and
xfig isn't as featureful as Visio.  However, if you just want a
nice looking graph of network connections, and you're happy
letting the computer arrange the nodes (for the most part), try
graphviz.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: chown broken??

[David Schultz]

Thus spake Mark <[EMAIL PROTECTED]>:
> - Original Message -
> From: "Ceri Davies" <[EMAIL PROTECTED]>
> To: "Mark" <[EMAIL PROTECTED]>
> Cc: "Andrew Cutler" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, December 20, 2002 3:15 PM
> Subject: Re: chown broken??
> 
> 
> > On Fri, Dec 20, 2002 at 03:12:17PM +0100, Mark wrote:
> >
> > > I must say, though, that while I understand this behaviour, one can
> > > argue on what exactly "recursive" is to mean here. Intuitively,
> > > the definition of "the current sub-directory and all sub-directories
> > > below the current directory (and that for each subdirectory)" seems
> > > the correct one. Which would exclude "..", as this is not a
> sub-directory
> > > of the current directory, but the parent.
> >
> > Not really.  It recurses through the directories named on the command
> > line, of which '..' happens to be one.
> 
> 
> Yes, "the directories named on the command line" within the CURRENT
> directory. Technically, "." and ".." are entries within the current
> directory (try: "od -c ."), and they have inode numbers too. But that does
> not deter me from deeming it a bit counter-intuitive to consider ".." a
> directory of the current directory. :) Especially in the context of
> recursion.

So you want 'chown foo ..' to fail, as a special case?  As I
mentioned before, rm gets away with this because you don't want to
remove the parent of the directory you're currently in.
(Actually, some rm implementations *will* let you shoot yourself
in the foot.)  But it's perfectly reasonable to chown '..', even
recursively, so chown can't make any assumptions.

I object to going around and documenting this caveat in the
manpages for every single utility that supports recursion through
a directory tree.  It doesn't really belong there, it belongs in a
``How to use the shell'' tutorial.  The way Unix traditionally
does parameter expansion makes it easy to shoot yourself in the
foot in at least a dozen ways, and this is just one of them.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: chown broken??

[David Schultz]

Thus spake Andrew Cutler <[EMAIL PROTECTED]>:
> I realise that now, but why does chown not ignore the match since most
> other commands simply return?
> . is a directory -- ignored
> .. is a directory -- ignored
> 
> This inconsistency is not logical.

rm makes a special case for '.' and '..' specifically to avoid
this kind of foot-shooting.  It gets away with it because it
doesn't make much sense to remove your current directory, much
less its parent.  Unfortunately, you can't really do the same
thing for chown because people sometimes do say 'chown -R foo .'
and really mean it.  Since the '.*' is expanded by the shell,
chown has no way of knowing what was really meant.  (BTW, the
example I gave shows you how to do what you were trying to do,
without the problems you ran into.)

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: How to truncate a file in the beginning

[David Schultz]

Thus spake Andre Albsmeier <[EMAIL PROTECTED]>:
> Are there any special features in FreeBSD that I can use
> to truncate a file in the beginning?
> 
> Let's assume I have a 50GB file. Only the last 10GB are
> interesting for me and I have to free the first 40GB for
> some reason. Of course, I could seek to the appropriate
> position and copy the 10GB to a new file and unlink the
> old one. The problem is that I don't have a lot of time
> to do this so I am looking for something like ftruncate()
> but for the beginning...

Nope, you have to copy the data.  Technically something like this
could be implemented by copying metadata only, but it would only
work if the amount you want to snip is a multiple of the
filesystem's block size.  However, it's a lot of work for a rather
uncommon case; even ftruncate() is used infrequently.  Perhaps you
could devise a scheme for striping your data across multiple 10GB
files.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Quota help

[David Schultz]

Thus spake Andrew Knapp <[EMAIL PROTECTED]>:
> Does anyone out there know how to change the grace period on file-system
> quotas? I know the default is 7 days, but if I wanted to change it,
> where would I look? The man pages don't seem to be of any help on this,
> and I didn't find anything in the archive.

See edquota(8).

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: maxusers and random system freezes

[David Schultz]

Thus spake Varshavchick Alexander <[EMAIL PROTECTED]>:
> On Fri, 6 Dec 2002, David Schultz wrote:
> 
> > Thus spake Varshavchick Alexander <[EMAIL PROTECTED]>:
> > > Well, now I made KVA space 2G, we'll see later on if it helps to get rid
> > > of the sudden system halts, but for some reason a side-effect has
> > > appeared: pthread_create function returns EAGAIN error now, so I had to
> > > recompile the software using it with linux threads to make it working.
> > > With the old kernel these pieces worked without problems. Can it be that
> > > somehow the enlarged KVA space messed up with the threads mechanism?
> >
> > I'm not a pthreads expert, but my best guess is that your program
> > tried to create a thread with a stack address that was too high.
> > Remember that with a 2 GB KVA, user processes have only 2 GB to
> > play with instead of 3 GB, so attempting to mmap() a stack above
> > about 2 GB would cause pthread_create() to return EAGAIN.
> >
> 
> Yes this makes sense, however this call to pthread_create didn't specify
> any special addresses for the new thread. The pthread_create was called
> with the NULL attribute which means that the system defaults were being
> used. Something in the system has gone wrong...

I just glanced at the source in -STABLE, and it appears to be a
pthreads bug.  (Then again, maybe I'm missing something, since
nobody seems to have noticed this before.)  The default address at
which new thread stacks are created is just below the main stack.
This address is based on the lexical constant USRSTACK, but it
should be initialized in uthread_init() based on the kern.usrstack
value returned by sysctl.  (The correct value is already used to
map the main stack's red zone.)  The result is that you need to
make world and recompile any apps statically linked against
pthreads after building your new kernel in order to get things to
work.

I don't have time to fiddle with pthreads until after Christmas,
but you might see if the following patch (against -STABLE) helps
when you reduce the configured KVA size without remaking pthreads.

Index: uthread/uthread_init.c
===
RCS file: /home/ncvs/src/lib/libc_r/uthread/uthread_init.c,v
retrieving revision 1.23.2.10
diff -u -r1.23.2.10 uthread_init.c
--- uthread/uthread_init.c  2002/10/22 14:44:03 1.23.2.10
+++ uthread/uthread_init.c  2002/12/06 13:41:06
@@ -245,6 +245,8 @@
len = sizeof (int);
if (sysctl(mib, 2, &_usrstack, &len, NULL, 0) == -1)
_usrstack = (void *)USRSTACK;
+   _next_stack = _usrstack - PTHREAD_STACK_INITIAL -
+   PTHREAD_STACK_DEFAULT - (2 * PTHREAD_STACK_GUARD);
/*
 * Create a red zone below the main stack.  All other stacks are
 * constrained to a maximum size by the paramters passed to

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: maxusers and random system freezes

[David Schultz]

Thus spake Varshavchick Alexander <[EMAIL PROTECTED]>:
> Well, now I made KVA space 2G, we'll see later on if it helps to get rid
> of the sudden system halts, but for some reason a side-effect has
> appeared: pthread_create function returns EAGAIN error now, so I had to
> recompile the software using it with linux threads to make it working.
> With the old kernel these pieces worked without problems. Can it be that
> somehow the enlarged KVA space messed up with the threads mechanism?

I'm not a pthreads expert, but my best guess is that your program
tried to create a thread with a stack address that was too high.
Remember that with a 2 GB KVA, user processes have only 2 GB to
play with instead of 3 GB, so attempting to mmap() a stack above
about 2 GB would cause pthread_create() to return EAGAIN.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: maxusers and random system freezes

[David Schultz]

Thus spake Varshavchick Alexander <[EMAIL PROTECTED]>:
> Thank you David for such an excellent explanation. So if sysctl reports
> 
> vm.zone_kmem_pages: 5413
> vm.zone_kmem_kvaspace: 218808320
> vm.kvm_size: 1065353216
> vm.kvm_free: 58720256
> 
> does it mean that total KVA reservation is 1065353216 bytes (1G) and
> almost all of it is really mapped to physical memory because only 58720256
> (56M) is free, and the server is balancing on the edge of crashing with
> KVA going out?

Yes, 56 MB of unreserved kernel virtual memory (modulo
fragmentation) is probably pushing it for a busy server.
Try bumping KVA_PAGES.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: -O3 optimization?

[David Schultz]

Thus spake Evren Yurtesen <[EMAIL PROTECTED]>:
> Well, I made searches from google and people talk that O3 produced quite
> noticably faster code. But well I am not so hungry for speed. I just
> wondered if the binary might have something wrong with it or not even
> though the compiler didnt complain while compiling.
> 
> What about using -O or not using any optimizations? Is it very rare that
> -O breaks somethings? I was using -Os and I also didnt notice anything
> wrong but maybe there can be something I am missing too...

-O is the most widely tested setting, and it is significantly
faster than no optimization.  The higher optimization levels
usually increase performance marginally, but they're still just
microoptimizing.  Maybe if you were running some compute-intensive
scientific software you would see more of a difference.

> Is there big performance improvement between -O and -O2 ? or from not
> using any optimizations to -O or -O2? Lets say if I am compiling
> KDE,XFree86. How much would it effect? is there a web page with some
> statistical data about this?

I don't know of any serious benchmarks.  Try compiling the
software in question with -O3.  If it works and performs better,
great; if you can't tell the difference you might want to be a bit
more conservative about the setting...

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: maxusers and random system freezes

[David Schultz]

Thus spake Varshavchick Alexander <[EMAIL PROTECTED]>:
> A question arises. The value 256 (1G KVA space) acts as a default for any
> system installation, not depending of real phisical memory size. So for
> any server with RAM less than 2G (which is a majority I presume) the KVA
> space occupies more than half of physical memory. It can even be more than
> TOTAL phisical memory for servers with RAM less than 1G. Isn't it bad for
> a system? It seems that it is not. Then why cannot the KVA space always be
> made as some big value? If it is important for servers with large RAM, why
> it is not or a smaller servers?

In FreeBSD, each process has a unique 4G virtual address space
associated with it.  Not every virtual page in every address space
has to be associated with real memory.  Most pages can be pushed
out to disk when there isn't enough free RAM, and unallocated
parts of the virtual address space aren't backed by anything.
(Referencing an unmapped page that the system doesn't know about
generally causes the program or OS to crash.  You've probably seen
these as ``segmentation faults'' and ``page fault in kernel mode''
panics.)

To simplify things, the kernel is mapped into a fixed location in
every address space.  The KVA parameter controls how big a chunk
the kernel gets; the remainder goes to user processes.  However,
only the part of the KVA reservation that the kernel actually uses
is wired to physical memory.  For example, if you have a 1 GB KVA
reservation and the kernel allocates only 20 MB of RAM, then only
20 MB of RAM is needed (plus some epsilon if you want to be
picky), but in theory, the kernel could allocate and manage up to
1 GB of data.  You don't lose extra physical memory for increasing
KVA, but a large KVA size does constrain the virtual address space
available to user processes.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: -O3 optimization?

[David Schultz]

Thus spake Evren Yurtesen <[EMAIL PROTECTED]>:
> I wonder if a source is compiled with -O3 without any problems, might
> there be any problems in binaries which might create crashes?

You're welcome to try it out, but it isn't supported.  GCC has a
few obscure misfeatures at -O3.  Some applications break at -O3,
usually because they violate C's aliasing rules or contain broken
inline assembly.  At one point, the kernel's TCP checksum code had
some difficult-to-solve problems with -O3, and I'm not sure
whether that has been fixed.

Despite all of that, I built world and kernel with -O2 a while ago
and noticed no problems whatsoever.  Just note that you've been
warned, and you probably won't see a significant performance
improvement anyway.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: maxusers and random system freezes

[David Schultz]

Thus spake Terry Lambert <[EMAIL PROTECTED]>:
> As a rule, swap should be at least physical memory size + 64K on
> any system that you need to be able to get a system dump from,
> since it needs to dump physical RAM.  If you are not worried about
> the machine falling over, then you can ignore that.

IIRC, the extra 64K are not required anymore for core dumps.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Always mystified by this. /stand file sizes

[David Schultz]

Thus spake Cliff Sarginson <[EMAIL PROTECTED]>:
>  I have been meaning to ask this since I started using FreeBSD but have
> never dared to, since I thought I ought to know :)
> Excerpt from /stand
> 
> -r-xr-xr-x  31 root  wheel  1865544 Sep 18  2001 -sh
> -r-xr-xr-x  31 root  wheel  1865544 Sep 18  2001 [
> -r-xr-xr-x  31 root  wheel  1865544 Sep 18  2001 arp
> -r-xr-xr-x  31 root  wheel  1865544 Sep 18  2001 boot_crunch
> -r-xr-xr-x  31 root  wheel  1865544 Sep 18  2001 cpio
> -r-xr-xr-x  31 root  wheel  1865544 Sep 18  2001 dhclient
> ..
> etc
> 
> What does this mean all these things of size 1865544.
> And where is /stand exactly ? It certainly isn't taking up all
> this space on root...

See crunchgen(1).

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Disk copying

[David Schultz]

Thus spake Mark <[EMAIL PROTECTED]>:
> > Are the disks the same size/geometry?  If so:
> >
> > dd if=/dev/olddisk of=/dev/newdisk bs=32k
> 
> Can "dd" also be used to copy to/fro my RAID disks (40G), to a single 40G
> disk? The latter is of a different brand, but has the same size. In other
> words: how identical does the geometry need to be?
> 
> If I can use dd here, I think I will use dd to create a "core" system; and
> then use additional dumps to backup individual slices.

If the drives have the same geometry as far as the BIOS is
concerned, you should be okay.  Basically, the partition table you
copy has to be valid for the target drive.  But it's much more
reliable to just use dump/restore.  If you want to have a spare
`live filesystem', just restore the backup to the new disk.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Confirmation: ext2fs requires kernel rebuild?

[David Schultz]

Thus spake Cliff Sarginson <[EMAIL PROTECTED]>:
> On Thu, Nov 21, 2002 at 03:09:12PM -0800, David Schultz wrote:
> > Thus spake Cliff Sarginson <[EMAIL PROTECTED]>:
> > FreeBSD support for ext2fs is a specific instance of the more
> > general problem that features that very few people care about tend
> > not to get maintained.  FreeBSD already has a filesystem that is
> > more complete and faster than ext2fs,[1] so the only people using
> > both UFS and ext2fs are also running Linux.  If you mount an
> > ext2fs filesystem r/w, consider yourself a beta tester.
> > 
> Oh I am not comparing their relative merits. But the thing is there are
> people who for one reason or another run heterogenous networks. I mean
> it is not a crime to run both Linux and FreeBSD (or is it ?). My feeling
> is that it is a shame that is all. 
> 
> As for your scathing comment about the evolution of EXT2, I have no comment
> since it sounds like opinion rather than fact. 

The point of my post was to point out why nobody is interested in
maintaining FreeBSD's ext2fs support.  But ext2fs really is a
simplified version of FFS!  Basically, they took out support for
fragments and vastly simplified the allocation policies.  Some of
the things they took out aren't even used anymore in FFS, like the
code to take rotational offsets on the disk into consideration.
On the other hand, they left out Kirk's realloc algorithm, which
has been shown to significantly reduce fragmentation as
filesystems age.

(FYI, some people have expressed interest in porting ReiserFS to
FreeBSD.  Hans Reiser is willing to negotiate special exceptions
to the license, as long as Microsoft can't build the next version
of Windows on top of FreeBSD and be able to use his filesystem for
free.)

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Disk copying

[David Schultz]

Thus spake [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> I want to backup my disk with all of its contents. Exactly, I want to copy 
> it completely to another disk. 
> 
> I have only one freebsd partition and several slices on my disk. I want to 
> copy all the data to another bigger disk preserving my user and group 
> settings. 

Are the disks the same size/geometry?  If so:

dd if=/dev/olddisk of=/dev/newdisk bs=32k

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: OSS drivers from 4Front

[David Schultz]

Thus spake John Bleichert <[EMAIL PROTECTED]>:
> Is anybody using the OSS sound drivers from 4Front? If so, are they any 
> good? I'm trying to do some recording and mixing in BSD (using 
> Audacity) and I'm getting whacked by the lack of full-duplex support in 
> the native drivers for my sound card.

They're great for playback on an SBLive!.  I haven't tried
recording.  They are a bit more CPU-intensive than the default
drivers, but I haven't had any problems on a P3-450.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Reacting to spam targetted to freebsd.org [was: Re: PLS GET BACK TO ME.]

[David Schultz]

Thus spake Yann Golanski <[EMAIL PROTECTED]>:
> Quoth Giorgos Keramidas on Thu, Nov 21, 2002 at 15:58:03 +0200
> > This very spammer has hit the lists more than once, and every time I
> > mailed {abuse|postmaster} at a2000.nl.  If they receive a few hundred
> > messages for each spam message they let through they will certainly
> > start acting fast >:-)
> 
> Would it be possible for the owners of the lsit to install something
> like SpamAssassin so that those messages actually don't get to us? 

Just add a SPAM filter at your end.  By the way, this works far
better if people don't *reply* to the SPAM, circumventing your
filters.  ;-)

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Boot stuck at F1 after swapping drives

[David Schultz]

Thus spake Andrew Y Ng <[EMAIL PROTECTED]>:
> Hi all, I shutdown FreeBSD and changed my harddrive and
> booted up Win2K this morning (needed Windoze for something
> real quick). I put the FreeBSD harddrive back and it wouldn't
> boot, it got stuck at the F1 boot0 prompt.  Like it couldn't
> find the MBR or something. How do I get it to boot again?

Make sure you've got boot0 on the primary master (assuming IDE) or
da0 (SCSI) and on no other drives.  Booting from one boot manager
on the BIOS boot disk to boot0 on another drive hasn't worked well
in my experience.

Also, make sure FreeBSD's idea of your drive geometry matches what
the BIOS thinks.  Posting disklabel and 'fdisk -s' output might
help.  (The fixit CD is your friend here.)

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Buf, Wired and Inact memory

[David Schultz]

Thus spake Avleen Vig <[EMAIL PROTECTED]>:
> I understand that Inact memory is memory that has been requested by
> processes but not in use. Is this correct?
> 
> I don't understand however, what Buf and Wired memory is used for. How
> many I free some of this up for use by my other processes?

An inactive page is one that a process used at one time, but which
hasn't been used for a while and is a candidate for being swapped
out if memory pressure on the system increases.  A cached page is
has already been written to stable storage and can be immediately
reused if necessary.  However, cached pages can also be reused by
the processes that own them without having to fetch the contents
from disk again.

Wired memory, on the other hand, is memory that can never be paged
out.  Typically kernel memory falls into this category, although
user processes may request that some of their pages be wired as
well.

`Buf', as reported by top(1), refers to the size of the
filesystem buffer cache, which is statically allocated and used
for I/O.

> The top of my Top output looks like:
> 66 processes:  2 running, 64 sleeping
> CPU states:  1.5% user,  0.0% nice,  1.5% system,  0.0% interrupt, 96.9% idle
> Mem: 49M Active, 37M Inact, 27M Wired, 6000K Cache, 22M Buf, 5448K Free
> Swap: 256M Total, 5920K Used, 250M Free, 2% Inuse
> 
> Yeah it's a fairly idle system but has a few stability issues which I
> think as disk related.
> It's running qmail, djbdns (may switch to bind but i know that would use
> more memory), apache 2, and some user apps like pine, irssi, screen, etc.
> 
> Any advice on optimizin memory usage would be really appreciated. It's
> only a little P166 with 128Mb :-)

This looks normal for an unloaded system.  Your system isn't
paging, so what are you worried about?

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Confirmation: ext2fs requires kernel rebuild?

[David Schultz]

Thus spake Cliff Sarginson <[EMAIL PROTECTED]>:
> > LINT says:
> > >#
> > ># Add support for the EXT2FS filesystem of Linux fame.  Be a bit
> > ># careful with this - the ext2fs code has a tendency to lag behind
> > ># changes and not be exercised very much, so mounting read/write could
> > ># be dangerous (and even mounting read only could result in panics.)
> > >#
> > >options EXT2FS
> > 
> This message has been in LINT since the dawn of time and is extremely
> mystifying. "Be a bit careful" .. meaning what ? You either mount it or
> don't mount it, use it or don't use it. What exactly are you supposed to
> be careful of :) Saying "Boo!".

FreeBSD support for ext2fs is a specific instance of the more
general problem that features that very few people care about tend
not to get maintained.  FreeBSD already has a filesystem that is
more complete and faster than ext2fs,[1] so the only people using
both UFS and ext2fs are also running Linux.  If you mount an
ext2fs filesystem r/w, consider yourself a beta tester.


[1] The designers of ext2 basically took FFS and removed the parts
they didn't care for or were hard to implement.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: panic: kmem_map too small

[David Schultz]

Thus spake Petri Helenius <[EMAIL PROTECTED]>:
> >Most kernel memory is not pageable, so swap probably won't help
> >you.  Your `kmem_map too small' error message should report to you
> >the size of the attempted allocation and the size of kmem_map.
> >If the map really isn't full, I'm not sure why you would get this
> >panic, unless you're somehow running into excessive fragmentation.
> > 
> >
> 
> Nov  3 21:44:52 giga /kernel: panic: kmem_malloc(7164): kmem_map too 
> small: 183193600 total allocated
> Nov  3 22:10:30 giga /kernel: panic: kmem_malloc(7164): kmem_map too 
> small: 175476736 total allocated
> 
> This is what I'm seeing. Most of the kernel allocated memory was free at 
> the time the panic occurred, but
> fragmented though.

71 MB of contiguous wired memory is a huge amount to expect in the
kernel at runtime.  What exactly are you trying to do?  Can you
post a backtrace?  I'm not a networking guru, so I probably won't
be able to tell you what you might not be able to do differently,
although you might have better luck if you tried to grab the
memory earlier on, when KVA is relatively unfragmented.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: panic: kmem_map too small

[David Schultz]

Thus spake Petri Helenius <[EMAIL PROTECTED]>:
> > > With about 150M in use and KVA_PAGES undefined in config (default),
> > > both 4.7-STABLE and 5.0-CURRENT panic (1G installed memory).
> >
> > Yes, the default is 256, IIRC.  That corresponds to 1 GB of KVA,
> > and you have only 1 GB of physical memory to back it.  I take it
> > this is a very busy machine.  Short of getting more memory, you
> > can decrease memory utilization by the network, e.g. by decreasing
> > TCP window sizes, or you can limit memory usage by the network so
> > you don't get panics.  I forget the details here, so perhaps
> > someone else can fill them in.
> >
> The thing I´m concerned about that if with 150M kernel memory usage and
> >200M free and >300M inact memory the system panics, how much "extra"
> memory is needed to keep it running? And the swap is never touched.

Most kernel memory is not pageable, so swap probably won't help
you.  Your `kmem_map too small' error message should report to you
the size of the attempted allocation and the size of kmem_map.
If the map really isn't full, I'm not sure why you would get this
panic, unless you're somehow running into excessive fragmentation.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Confirmation: ext2fs requires kernel rebuild?

[David Schultz]

Thus spake Chris Pepper <[EMAIL PROTECTED]>:
> >> >even into GENERIC.  To do the latter, the module must exist;
> >> >it will be created if you make the kernel with -DWANT_EXT2FS_MODULE.
> >> >It is also installed by sysinstall, IIRC.
> >>
[...]
> >
> >Hmm...I think you're right.  I don't see any documentation for the
> >option.  I would just as soon hook the module up to the default
> >build like all the other modules, but maybe the license is an issue.
> 
>   I think it's off by default for stability, but would like to 
> submit a patch to the LABI Handbook chapter  linking to a discussion 
> of the FS module. Unfortunately, I haven't yet found a URL that 
> describes it.

Thus spake Giorgos Keramidas <[EMAIL PROTECTED]>:
> The license *is* an issue.  Distributing kernels that by default
> include GPL'ed code can have many complications for people who make
> commercial applications based on FreeBSD source.

I'm not talking about linking ext2fs support into the kernel by
default, I'm talking about just *creating* the module by default.
See previous discussion.  Stability isn't an issue, except for
people who explicitly load the module.  I'm aware of the problems
with linking GPL'd code into the kernel, but that's not what is
being discussed here.  The license would only be a problem if
there are legal or religious reasons against people building
binaries that *could* be linked into the kernel.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Confirmation: ext2fs requires kernel rebuild?

[David Schultz]

Thus spake Chris Pepper <[EMAIL PROTECTED]>:
> To use ext2fs, you can either add
> >the option EXT2FS to your kernel config to compile it statically
> >into your kernel, or you can load the ext2fs module dynamically,
> >even into GENERIC.  To do the latter, the module must exist;
> >it will be created if you make the kernel with -DWANT_EXT2FS_MODULE.
> >It is also installed by sysinstall, IIRC.
> 
> David,
> 
>   I know they're distinct, but it's silly for a discussion of 
> Linux applications to ignore the possibility of those apps residing 
> on a Linux filesystem. I couldn't find ext2fs documented anywhere, 
> which is the first issue. The second is adding a link & comment to 
> the LABI chapter.

Hmm...I think you're right.  I don't see any documentation for the
option.  I would just as soon hook the module up to the default
build like all the other modules, but maybe the license is an issue.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: panic: kmem_map too small

[David Schultz]

Thus spake Petri Helenius <[EMAIL PROTECTED]>:
> > Read LINT (or NOTES) carefully.  You can't set KVA_PAGES to 1024,
> > because then your kernel would take up the entire 4 GB virtual
> > address space.  Since the kernel must fit into 4 GB alongside
> > every user process, that leaves you no room for programs.  Try a
> > more reasonable value like 512 (2 GB).
> >
> Am I correct assuming that the default is 256? I´m not coming near this
> utilization when the system panics.
> 
> With about 150M in use and KVA_PAGES undefined in config (default),
> both 4.7-STABLE and 5.0-CURRENT panic (1G installed memory).

Yes, the default is 256, IIRC.  That corresponds to 1 GB of KVA,
and you have only 1 GB of physical memory to back it.  I take it
this is a very busy machine.  Short of getting more memory, you
can decrease memory utilization by the network, e.g. by decreasing
TCP window sizes, or you can limit memory usage by the network so
you don't get panics.  I forget the details here, so perhaps
someone else can fill them in.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: panic: kmem_map too small

[David Schultz]

Thus spake Petri Helenius <[EMAIL PROTECTED]>:
> >>I seem to get kmem_map too small panics when using large buffers with
> >>bpf. Is there a tunable I should be increasing?
> >>   
> >>
> >
> >Yes, increase KVA_PAGES in your kernel config.
> > 
> >
> I put in KVA_PAGES=1024
> with following results on next boot:
> 
> Fatal trap 12: page fault while in kernel mode

Read LINT (or NOTES) carefully.  You can't set KVA_PAGES to 1024,
because then your kernel would take up the entire 4 GB virtual
address space.  Since the kernel must fit into 4 GB alongside
every user process, that leaves you no room for programs.  Try a
more reasonable value like 512 (2 GB).

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Changing the boot manager

[David Schultz]

Thus spake Anand Buddhdev <[EMAIL PROTECTED]>:
> I currently have the booteasy boot manager on my FreeBSD system, so it
> prompts me with a menu on startup (F1 FreeBSD) and waits 5 seconds before
> defaulting to F1. But I only have FreeBSD my box. Is there any way to
> go back to the simpler, standard boot code that loads FreeBSD directly?
> 
> I have read about boot0cfg, which is supposed to allow me to change the
> MBR, but I can't seem to find the correct boot code to install there to
> get rid of booteasy.

fdisk -B /dev/foo0
where foo0 is the boot disk.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Question about memory usage

[David Schultz]

Thus spake Matt Winslow <[EMAIL PROTECTED]>:
> I'm running FreeBSD 4.5, on a P-133 system.  I just upgraded my RAM
> yesterday from 80MB to 256MB, because it always used to sit at 93-94% used
> when I had 80.  Well now that I installed more, it's sitting at 93% used
> again.  Being newer to BSD, is there a way I can check what is using
> memory...or does it just do that automatically?

Free memory is wasted memory.  If you have more of it, FreeBSD
will use more, e.g. by caching things longer.  With the additional
memory, you will probably notice that your system is faster and
accesses the disk less frequently under load.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: panic: kmem_map too small

[David Schultz]

Thus spake Petri Helenius <[EMAIL PROTECTED]>:
> I seem to get kmem_map too small panics when using large buffers with
> bpf. Is there a tunable I should be increasing?

Yes, increase KVA_PAGES in your kernel config.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Re: Confirmation: ext2fs requires kernel rebuild?

[David Schultz]

Thus spake Chris Pepper <[EMAIL PROTECTED]>:
>   I'm trying to get at a file on an ext2fs slice. I'm a bit 
> confused about kernel recompiles vs. KLDs for Linux compatibility, 
> though. Am I reading correctly at 
>  
> & , that I can 
> run Linux applications with a single command or rc.conf entry, but 
> accessing files on ext2 file systems requires a kernel rebuild?
> 
>   This seems a bit backwards -- is anyone aware of work to make 
> ext2fs a standard module, so it can be loaded under GENERIC?

Running Linux binaries and using Linux filesystems are two
completely different things.  To to the former, and the
appropriate rc.conf entry and install ports/emulators/linux_base
as described in the Handbook.  To use ext2fs, you can either add
the option EXT2FS to your kernel config to compile it statically
into your kernel, or you can load the ext2fs module dynamically,
even into GENERIC.  To do the latter, the module must exist;
it will be created if you make the kernel with -DWANT_EXT2FS_MODULE.
It is also installed by sysinstall, IIRC.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message