Re: EVFILT_VNODE doesn't scale to large directory trees?
On Mon, 25 Oct 2010, Kenton Varda wrote: |On Mon, Oct 25, 2010 at 1:54 AM, Igor V. Ruzanov wrote: | |> I thought so too but was not sure about his problem. With |> kqueue()/kevent() we can monitor every open file descriptor. So how many |> files are laid down in the directory tree, 100, 1000, 15000? In every |> such way its possible to write or find already written daemon that |> monitors every file in selected folder doing several jobs in separate |> threads. There is might be little problem with receiving of *lots* events, |> so we could create several pipes (for example) for setting up of |> communication between deamon and system. |> Note that we must remember to set proper meaning of kern.maxfiles sysctl |> variable. |> | |I worry that simply increasing the FD limits to meet my needs would have |some negative effects, otherwise the limits would be much higher in the |first place. How much kernel memory does each open FD consume? Probably |most of that is wasted space, since I'm opening these FDs for no other |purpose than to pass them to kqueue -- I never read or write them. But it |sounds like you're saying that there is no alternative (other than polling, |which would obviously be a lot worse), so I guess I'll live with it. | |Well, one other idea: Is there a way to simply monitor *all* I/O by all |processes owned by the current user? I could then filter the events down to |the directory I'm interested in. Not the ideal solution, but it would scale |to a source tree of infinite size (since the machine can only be accessing a |finite number of those files at once). It seems likely that this has been |implemented somewhere due to the obvious system monitoring applications, but |I'm not quite sure where to start looking. | As a weak solution - is to install `lsof' on your system and do grepping of the command output periodically to see what the files are opened by process(es) with a certain their owner. But this method not very good since we must collect any system event in real time way that is implemented in kqueue. Another way is to poll events with FAM mechanism that comes from SGI IRIX. Try to research if any solutions to use FAM under FreeBSD and what the methods of events monitoring could be used in FAM together with your project. +---+ ! CANMOS ISP Network! +---+ ! Best regards ! ! Igor V. Ruzanov, network operational staff! ! e-Mail: ig...@canmos.ru ! +---+ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: EVFILT_VNODE doesn't scale to large directory trees?
Ivan Voras wrote: > Short answer: no. > > Long answer: There should be. There were past discussions on writing > such a facility to e.g. receive events for all files on per-mountpoint > basis (which you could filter...), but we're not there yet. Thanks! That answers my question. I'll find some sort of hack for now. (Sorry, I didn't see this answer at first since I wasn't CC'd.) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: EVFILT_VNODE doesn't scale to large directory trees?
On Mon, Oct 25, 2010 at 1:54 AM, Igor V. Ruzanov wrote: > I thought so too but was not sure about his problem. With > kqueue()/kevent() we can monitor every open file descriptor. So how many > files are laid down in the directory tree, 100, 1000, 15000? In every > such way its possible to write or find already written daemon that > monitors every file in selected folder doing several jobs in separate > threads. There is might be little problem with receiving of *lots* events, > so we could create several pipes (for example) for setting up of > communication between deamon and system. > Note that we must remember to set proper meaning of kern.maxfiles sysctl > variable. > I worry that simply increasing the FD limits to meet my needs would have some negative effects, otherwise the limits would be much higher in the first place. How much kernel memory does each open FD consume? Probably most of that is wasted space, since I'm opening these FDs for no other purpose than to pass them to kqueue -- I never read or write them. But it sounds like you're saying that there is no alternative (other than polling, which would obviously be a lot worse), so I guess I'll live with it. Well, one other idea: Is there a way to simply monitor *all* I/O by all processes owned by the current user? I could then filter the events down to the directory I'm interested in. Not the ideal solution, but it would scale to a source tree of infinite size (since the machine can only be accessing a finite number of those files at once). It seems likely that this has been implemented somewhere due to the obvious system monitoring applications, but I'm not quite sure where to start looking. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: EVFILT_VNODE doesn't scale to large directory trees?
On 10/25/10 03:05, Kenton Varda wrote: > Hi all, > > I am trying to write some code which monitors a possibly-large directory > tree for changes. Specifically, it's a build system, and I want it to > automatically start rebuilding whenever I modify a source file. > > So far the approach I've taken is to use EVFILT_VNODE to watch every file > and directory in the tree. This seems to work OK so far, but it worries me > that I have to open() every single file. When I ran the same code on > Darwin, it promptly hit the open file descriptor limit, and I'm worried that > FreeBSD will do the same on larger code trees. > > Is there any better way to accomplish this? Hate to say it, but Linux's > inotify() seems more scalable here. From what I can tell from the docs, it > doesn't require opening the watched files and it will even watch all files > in a directory with one call. Short answer: no. Long answer: There should be. There were past discussions on writing such a facility to e.g. receive events for all files on per-mountpoint basis (which you could filter...), but we're not there yet. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: EVFILT_VNODE doesn't scale to large directory trees?
On Mon, 25 Oct 2010, Erik Trulsson wrote: |On Mon, Oct 25, 2010 at 10:48:58AM +0400, Igor V. Ruzanov wrote: |> On Sun, 24 Oct 2010, Kenton Varda wrote: |> |> |That doesn't answer my question. I'm not even using make. I could write a |> |few thousand words describing exactly what I'm trying to do and why it does, |> |in fact, make sense, but it's really beside the point. I just want to know |> |if there is any scalable way to monitor a very large directory tree for |> |changes. Is there? |> | |> Dig `kqueue' - its the native FreeBSD's events polling/notification |> mechanism. | |Since the OP mentioned using EVFILT_VNODE I would assume he is already |using kqueue but is not satisfied with it. | I thought so too but was not sure about his problem. With kqueue()/kevent() we can monitor every open file descriptor. So how many files are laid down in the directory tree, 100, 1000, 15000? In every such way its possible to write or find already written daemon that monitors every file in selected folder doing several jobs in separate threads. There is might be little problem with receiving of *lots* events, so we could create several pipes (for example) for setting up of communication between deamon and system. Note that we must remember to set proper meaning of kern.maxfiles sysctl variable. +---+ ! CANMOS ISP Network! +---+ ! Best regards ! ! Igor V. Ruzanov, network operational staff! ! e-Mail: ig...@canmos.ru ! +---+ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: EVFILT_VNODE doesn't scale to large directory trees?
On Mon, Oct 25, 2010 at 10:48:58AM +0400, Igor V. Ruzanov wrote: > On Sun, 24 Oct 2010, Kenton Varda wrote: > > |That doesn't answer my question. I'm not even using make. I could write a > |few thousand words describing exactly what I'm trying to do and why it does, > |in fact, make sense, but it's really beside the point. I just want to know > |if there is any scalable way to monitor a very large directory tree for > |changes. Is there? > | > Dig `kqueue' - its the native FreeBSD's events polling/notification > mechanism. Since the OP mentioned using EVFILT_VNODE I would assume he is already using kqueue but is not satisfied with it. -- Erik Trulsson ertr1...@student.uu.se ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: EVFILT_VNODE doesn't scale to large directory trees?
On Sun, 24 Oct 2010, Kenton Varda wrote: |That doesn't answer my question. I'm not even using make. I could write a |few thousand words describing exactly what I'm trying to do and why it does, |in fact, make sense, but it's really beside the point. I just want to know |if there is any scalable way to monitor a very large directory tree for |changes. Is there? | Dig `kqueue' - its the native FreeBSD's events polling/notification mechanism. +---+ ! CANMOS ISP Network! +---+ ! Best regards ! ! Igor V. Ruzanov, network operational staff! ! e-Mail: ig...@canmos.ru ! +---+ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: EVFILT_VNODE doesn't scale to large directory trees?
That doesn't answer my question. I'm not even using make. I could write a few thousand words describing exactly what I'm trying to do and why it does, in fact, make sense, but it's really beside the point. I just want to know if there is any scalable way to monitor a very large directory tree for changes. Is there? On Sun, Oct 24, 2010 at 9:46 PM, Robert Bonomi wrote: > > From owner-freebsd-questi...@freebsd.org Sun Oct 24 22:17:42 2010 > > Date: Sun, 24 Oct 2010 18:05:34 -0700 > > From: Kenton Varda > > To: freebsd-questions@freebsd.org > > Subject: EVFILT_VNODE doesn't scale to large directory trees? > > > > Hi all, > > > > I am trying to write some code which monitors a possibly-large directory > > tree for changes. Specifically, it's a build system, and I want it to > > automatically start rebuilding whenever I modify a source file. > > > > So far the approach I've taken is to use EVFILT_VNODE to watch every file > > and directory in the tree. This seems to work OK so far, but it worries > me > > that I have to open() every single file. When I ran the same code on > > Darwin, it promptly hit the open file descriptor limit, and I'm worried > that > > FreeBSD will do the same on larger code trees. > > > > Is there any better way to accomplish this? Hate to say it, but Linux's > > inotify() seems more scalable here. From what I can tell from the docs, > it > > doesn't require opening the watched files and it will even watch all > files > > in a directory with one call. > > > You're re-inventing the wheel. > > 1) Set up a 'makefile' for the entire tree. > > 2) set up a daemon task that > a) cd's to the root direcory of the build tree, > b) executes a loop, consisting of > 1) the 'make all' command, > 2) a reasonably short 'sleep' > > > If 'efficiency' is a concern, then establish a procedure for checking-out/ > checking-in files from the repository. When a file is checked in, check > for (a) it being a new file, *OR* (b) having changes from the prior > version. > If either condition is true, fire off 'make' to do the necessary re-build. > > NOTE: 'cvs' has the above feature as a built-in option. simply specify > 'make' as a program to be run when you do a 'cvs commit' to store changes > back into the repository. > > Did I say soemthing about re-inventing the wheel?? > > > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: EVFILT_VNODE doesn't scale to large directory trees?
> From owner-freebsd-questi...@freebsd.org Sun Oct 24 22:17:42 2010 > Date: Sun, 24 Oct 2010 18:05:34 -0700 > From: Kenton Varda > To: freebsd-questions@freebsd.org > Subject: EVFILT_VNODE doesn't scale to large directory trees? > > Hi all, > > I am trying to write some code which monitors a possibly-large directory > tree for changes. Specifically, it's a build system, and I want it to > automatically start rebuilding whenever I modify a source file. > > So far the approach I've taken is to use EVFILT_VNODE to watch every file > and directory in the tree. This seems to work OK so far, but it worries me > that I have to open() every single file. When I ran the same code on > Darwin, it promptly hit the open file descriptor limit, and I'm worried that > FreeBSD will do the same on larger code trees. > > Is there any better way to accomplish this? Hate to say it, but Linux's > inotify() seems more scalable here. From what I can tell from the docs, it > doesn't require opening the watched files and it will even watch all files > in a directory with one call. You're re-inventing the wheel. 1) Set up a 'makefile' for the entire tree. 2) set up a daemon task that a) cd's to the root direcory of the build tree, b) executes a loop, consisting of 1) the 'make all' command, 2) a reasonably short 'sleep' If 'efficiency' is a concern, then establish a procedure for checking-out/ checking-in files from the repository. When a file is checked in, check for (a) it being a new file, *OR* (b) having changes from the prior version. If either condition is true, fire off 'make' to do the necessary re-build. NOTE: 'cvs' has the above feature as a built-in option. simply specify 'make' as a program to be run when you do a 'cvs commit' to store changes back into the repository. Did I say soemthing about re-inventing the wheel?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
EVFILT_VNODE doesn't scale to large directory trees?
Hi all, I am trying to write some code which monitors a possibly-large directory tree for changes. Specifically, it's a build system, and I want it to automatically start rebuilding whenever I modify a source file. So far the approach I've taken is to use EVFILT_VNODE to watch every file and directory in the tree. This seems to work OK so far, but it worries me that I have to open() every single file. When I ran the same code on Darwin, it promptly hit the open file descriptor limit, and I'm worried that FreeBSD will do the same on larger code trees. Is there any better way to accomplish this? Hate to say it, but Linux's inotify() seems more scalable here. From what I can tell from the docs, it doesn't require opening the watched files and it will even watch all files in a directory with one call. -Kenton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD router - large scale
On 27 May 2010 12:12, Matthew Seaman wrote: > The hardest job I've had an OpenBSD firewall do is actually as a > mid-level firewall between a DMZ full of web servers and a back-end > database layer. The thing to watch out for is running out of states in > PF. It's trivial to change that in the config, and given a machine with > 1GB or so RAM dedicated to running PF, you can up the number of states > by a factor of a hundred or more without problem. Also if you know all > your connections are from directly attached networks and very low > latency, you can be a lot more aggressive about dropping old states. Matthew - thanks for the information! For other reasons I'm limited to about 500k states...since our typical hardware build has at least 4GB of RAM, I'm not overly concerned about RAM exhaustion when routing. As I stated in another post the potential for something like a squid cache does exist, in which case I'll take all the RAM I can get my hands on (a 16GB+ build is not out of the question at that point). Preliminary testing has been favorable. My big concerns have mostly been related to state and packets per second. The first test environment was as follows: | one NIC, 4 routable addresses | | -- | FreeBSD 8 Router | -- | | one NIC with aliases for | 10.10.10.254 | 10.10.20.254 | 10.10.30.254 | 10.10.40.254 | |switch| Attached to the switch are four workstations/laptops: 10.10.10.1/255.255.255.0 10.10.20.1/255.255.255.0 10.10.30.1/255.255.255.0 10.10.40.1/255.255.255.0 All connections are gigabit. The idea is that in a production environment, we'll have multiple /22 networks coming in so I wanted to test having multiple network aliases. There will be a pool of public addresses for the outside interface(s), possibly as large as a class C but probably 20 - 30 addresses. By using sticky-address on a NAT rule, we can watch each RFC-1918 address get mapped to a different outside address via round-robin while enforcing that all connections from one inside host are consistently mapped to the same external address. Generating 10k active pings on each of the workstations/laptops, we were able to get an idea of how the machine would respond with 80k active states (two per connection, one in each direction). Adding in a couple of BitTorrent and HTTP .iso downloads only supported the conclusions we were beginning to form. Currently I'm testing it with multiple BitTorrent downloads and a very lively World of Warcraft installer. While nowhere near an indication of what we could expect in production it is showing us RAM usage, processor usage and state maintenance behaviour that gives us pretty good indications that we can go ahead and test in a larger environment. Like I said, we are otherwise limited to approximately 500k states (actually 250k connections) and only about half of that will be allotted for the population this project is targeting so testing with 100k states is actually pretty realistic at this point. We will wait, of course, to attempt a production deployment until after we have tested with a larger sample of the target population. Thanks to everyone for their comments and suggestions, both on and off list! kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD router - large scale
On 28 May 2010 07:38, Bruce Cran wrote: > This is possibly the wrong place to be saying this, but isn't OpenBSD > usually recommended for > routers? I believe the version of pf, for example, is normally kept more > up-to-date than than > in FreeBSD. The major downside I know of is that it's not nearly as > user-friendly; for example > my recollection of its installer is that you have to input sector offsets > manually in the partition editor! Bruce - sorry for taking so long to reply, this project has been slow-moving. Yes, you are correct, OpenBSD is typically used in this situation and, if the project were strictly for a routing component, it may indeed be a better choice. My concern was that if we decided to add any proxy capability then we would need much more RAM than OpenBSD could address (this will front at least 8k users). I have found the OpenBSD installer to be quite friendly but that's probably because it is pretty minimal and just sort of "clicks" with me. As long as you're dedicating the system to *BSD, I generally prefer the OpenBSD installer for its flow but have found no particular allegiance with either their installer or sysinstall. As long as I can have a running system within four or five minutes of powering on with the install CD, I don't really care. kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD router - large scale
Svein Skogen (Listmail Account) wrote: > Actually, I'd find an answer from the FreeBSD Networking gurus useful as well. My trusted Cisco 3640 is getting old (had it's ten-years-of-service birthday a little while ago), so I guess I must be prepared to replace it with something new. Preferrably something that can do proper NAT port mapping to the inside servers in an RFC1918-adressed DMZ, proper NAT mapping for the client net, incoming VPDN (virtual private dialin network, such as PPTP+MPE and L2TP+IPSEC tunelling), sane IDS in the border-gateway, GRE or IPinIP tunelling with crypto for remote-sites, etc If somebody has a good starting-point for documentation on these features, I'm more than willing to "do a procject on it" to create a mini-howto/handbook-section on "setting up FreeBSD as your border gateway", provided I have someone to ask when the documentation is ... flaky. ;) Although I feel that you'll have to write book to cover all the things mentioned above, I'll try to reply to your question... These is just pointers... Several forms of NAT are supported with the following tools: ipfw pf ipf ng_nat I doubt there is some form of NAT you will miss. the net/mpd5 port can do PPTP, the MPPE part is blurry to me. L2TP is supported for LNS/LAC scenarios. I don't know "if you can"/"how difficult is to" combine IPSEC with L2TP. The most famous open source IDS is snort, you'll find it in the ports. For GRE and IPIP read gre and gif manual pages. Again, IPSEC is not integrated to these, yet there is IKE support via ipsec-tools port. You'll have to check for yourself the documentation. Though I can say that all the FreeBSD stuff mentioned above are well documented as usual and there is always this list if you have questions. Good luck replacing the aging Cisco... Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD router - large scale
On 28.05.2010 13:38, Bruce Cran wrote: *snip!* > > This is possibly the wrong place to be saying this, but isn't OpenBSD > usually recommended for > routers? I believe the version of pf, for example, is normally kept more > up-to-date than than > in FreeBSD. The major downside I know of is that it's not nearly as > user-friendly; for example > my recollection of its installer is that you have to input sector > offsets manually in the partition editor! My main reasoning for wanting this done on FreeBSD i "don't introduce yet another OS into the equation, there is sufficient confusion as there is" ;) //Svein -- +---+--- /"\ |Svein Skogen | sv...@d80.iso100.no \ / |Solberg Østli 9| PGP Key: 0xE5E76831 X|2020 Skedsmokorset | sv...@jernhuset.no / \ |Norway | PGP Key: 0xCE96CE13 | | sv...@stillbilde.net ascii | | PGP Key: 0x58CD33B6 ribbon |System Admin | svein-listm...@stillbilde.net Campaign|stillbilde.net | PGP Key: 0x22D494A4 +---+--- |msn messenger: | Mobile Phone: +47 907 03 575 |sv...@jernhuset.no | RIPE handle:SS16503-RIPE +---+--- If you really are in a hurry, mail me at svein-mob...@stillbilde.net This mailbox goes directly to my cellphone and is checked even when I'm not in front of my computer. Picture Gallery: https://gallery.stillbilde.net/v/svein/ signature.asc Description: OpenPGP digital signature
Re: FreeBSD router - large scale
On 28/05/2010 12:31, Svein Skogen (Listmail Account) wrote: On 27.05.2010 17:00, Kevin Wilcox wrote: Hello everyone. We're in the very early stages of considering [Free|Open]BSD on commodity hardware to handle NAT *and* firewall duties for (what I consider to be) a sizable deployment. Overall bandwidth is low, only a gigabit connection, but we handle approximately fifteen thousand devices. DHCP and DNS would be passed through to other servers, this hardware would only be responsible for address translation and pf. I've done this on a very, very small scale (small/home office, small business) but I'm curious how many other folks are doing it on this scale, the hardware they are running on and any "gotchas" they may have faced. Does pf on FreeBSD take advantage of multiple cores/SMP? Is it preferable, as with OpenBSD, to go for a very stout processor without much consideration to cores? Would freebsd-net@ be a better place to ask this? I'm getting ready to start digging in to memory and other resources needed based on available documentation but real-world usage is much preferred to my academic assessment. Actually, I'd find an answer from the FreeBSD Networking gurus useful as well. My trusted Cisco 3640 is getting old (had it's ten-years-of-service birthday a little while ago), so I guess I must be prepared to replace it with something new. Preferrably something that can do proper NAT port mapping to the inside servers in an RFC1918-adressed DMZ, proper NAT mapping for the client net, incoming VPDN (virtual private dialin network, such as PPTP+MPE and L2TP+IPSEC tunelling), sane IDS in the border-gateway, GRE or IPinIP tunelling with crypto for remote-sites, etc If somebody has a good starting-point for documentation on these features, I'm more than willing to "do a procject on it" to create a mini-howto/handbook-section on "setting up FreeBSD as your border gateway", provided I have someone to ask when the documentation is ... flaky. ;) This is possibly the wrong place to be saying this, but isn't OpenBSD usually recommended for routers? I believe the version of pf, for example, is normally kept more up-to-date than than in FreeBSD. The major downside I know of is that it's not nearly as user-friendly; for example my recollection of its installer is that you have to input sector offsets manually in the partition editor! -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD router - large scale
On 27.05.2010 17:00, Kevin Wilcox wrote: > Hello everyone. > > We're in the very early stages of considering [Free|Open]BSD on > commodity hardware to handle NAT *and* firewall duties for (what I > consider to be) a sizable deployment. Overall bandwidth is low, only a > gigabit connection, but we handle approximately fifteen thousand > devices. DHCP and DNS would be passed through to other servers, this > hardware would only be responsible for address translation and pf. > > I've done this on a very, very small scale (small/home office, small > business) but I'm curious how many other folks are doing it on this > scale, the hardware they are running on and any "gotchas" they may > have faced. Does pf on FreeBSD take advantage of multiple cores/SMP? > Is it preferable, as with OpenBSD, to go for a very stout processor > without much consideration to cores? Would freebsd-net@ be a better > place to ask this? > > I'm getting ready to start digging in to memory and other resources > needed based on available documentation but real-world usage is much > preferred to my academic assessment. > Actually, I'd find an answer from the FreeBSD Networking gurus useful as well. My trusted Cisco 3640 is getting old (had it's ten-years-of-service birthday a little while ago), so I guess I must be prepared to replace it with something new. Preferrably something that can do proper NAT port mapping to the inside servers in an RFC1918-adressed DMZ, proper NAT mapping for the client net, incoming VPDN (virtual private dialin network, such as PPTP+MPE and L2TP+IPSEC tunelling), sane IDS in the border-gateway, GRE or IPinIP tunelling with crypto for remote-sites, etc If somebody has a good starting-point for documentation on these features, I'm more than willing to "do a procject on it" to create a mini-howto/handbook-section on "setting up FreeBSD as your border gateway", provided I have someone to ask when the documentation is ... flaky. ;) It would be interesting to see what kind of performance modern hardware could get, compared to dedicated hardware a decade old. :) //Svein -- +---+--- /"\ |Svein Skogen | sv...@d80.iso100.no \ / |Solberg Østli 9| PGP Key: 0xE5E76831 X|2020 Skedsmokorset | sv...@jernhuset.no / \ |Norway | PGP Key: 0xCE96CE13 | | sv...@stillbilde.net ascii | | PGP Key: 0x58CD33B6 ribbon |System Admin | svein-listm...@stillbilde.net Campaign|stillbilde.net | PGP Key: 0x22D494A4 +---+--- |msn messenger: | Mobile Phone: +47 907 03 575 |sv...@jernhuset.no | RIPE handle:SS16503-RIPE +---+--- If you really are in a hurry, mail me at svein-mob...@stillbilde.net This mailbox goes directly to my cellphone and is checked even when I'm not in front of my computer. Picture Gallery: https://gallery.stillbilde.net/v/svein/ signature.asc Description: OpenPGP digital signature
Re: 'Serious' crypto? (was: FreeBSD router - large scale)
Hi Chuck, Thanks for the response. > > Or is it still worthwhile to consider hardware accelerators such as the > ones guys like soekris [1] and others offer? Does anyone have an idea "how > much" such an accelerator may help on older vs. on newer hardware? > > Something like a 1GHz P3 or equivalent can generally do the symmetric > crypto about as fast as a decent PCI crypto card like the HiFN 795x could; bus > limitations made faster CPUs better, although a newer PCIe crypto device > ought to be more competitive. > > What matters more for some common use cases is that crypto H/W tends to do > asymmetric crypto like RSA/DSA signing to negotiate a shared session key-- > aka SSL session creation for SSL websites, secure email, SSH keys, etc > much faster than normal CPUs could. I guess I try first without and see where I hit the ceiling. Then go to plan b. I was more thinking of many IPSEC connections but then there's also only so many slots and so many NICs in them. I'll try without and monitor that for a while and then see what happens. > > Would multiple engines work (and help) at all? From crypto(4), I would > not guess so. One consequence would be that there may be certain limitations > in using a separate accelerator once the platform comes with its own > accelerator device? > > Sure, you can setup multiple engines, although this does better if you > have separate services using each, since you do want to use an SSL session > cache, but you don't want to pollute one for HTTPS with sessions from IMAPS > and vice versa. Also, the config interface for Apache/IIS/whatever, or > Dovecot/Cyrus/Exchange, etc might not let you specify more than one SSLEngine. > > On the other hand, it's not very much coding to adjust things to use > multiple engines even within Apache or whatever-- I can recall some custom > webserver modules from CryptoSwift for NSAPI / ISAPI / ASAPI which let you use > multiple CryptoSwift boxes via ethernet network or local PCI slots, for > example. Hmm... I was thinking more like round-robin the devices but I probably now too little about 'serious' crypto to see the side-effects. Anyways, I think the question is a bit academic at this time since I probably divide the servers anyways. Thanks again, All the best regards, Peter. -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: 'Serious' crypto? (was: FreeBSD router - large scale)
On May 27, 2010, at 1:49 PM, Peter Cornelius wrote: > Hi, > >> NAT. Doing serious crypto slows things up somewhat. > > I've been pondering this since a while but thought that crypto engines on > modern hardware would make 'extra' hardware accelerators obsolete? It depends upon usage. > Or is it still worthwhile to consider hardware accelerators such as the ones > guys like soekris [1] and others offer? Does anyone have an idea "how much" > such an accelerator may help on older vs. on newer hardware? Something like a 1GHz P3 or equivalent can generally do the symmetric crypto about as fast as a decent PCI crypto card like the HiFN 795x could; bus limitations made faster CPUs better, although a newer PCIe crypto device ought to be more competitive. What matters more for some common use cases is that crypto H/W tends to do asymmetric crypto like RSA/DSA signing to negotiate a shared session key-- aka SSL session creation for SSL websites, secure email, SSH keys, etc much faster than normal CPUs could. > Would multiple engines work (and help) at all? From crypto(4), I would not > guess so. One consequence would be that there may be certain limitations in > using a separate accelerator once the platform comes with its own accelerator > device? Sure, you can setup multiple engines, although this does better if you have separate services using each, since you do want to use an SSL session cache, but you don't want to pollute one for HTTPS with sessions from IMAPS and vice versa. Also, the config interface for Apache/IIS/whatever, or Dovecot/Cyrus/Exchange, etc might not let you specify more than one SSLEngine. On the other hand, it's not very much coding to adjust things to use multiple engines even within Apache or whatever-- I can recall some custom webserver modules from CryptoSwift for NSAPI / ISAPI / ASAPI which let you use multiple CryptoSwift boxes via ethernet network or local PCI slots, for example. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
'Serious' crypto? (was: FreeBSD router - large scale)
Hi, > NAT. Doing serious crypto slows things up somewhat. I've been pondering this since a while but thought that crypto engines on modern hardware would make 'extra' hardware accelerators obsolete? Or is it still worthwhile to consider hardware accelerators such as the ones guys like soekris [1] and others offer? Does anyone have an idea "how much" such an accelerator may help on older vs. on newer hardware? Would multiple engines work (and help) at all? From crypto(4), I would not guess so. One consequence would be that there may be certain limitations in using a separate accelerator once the platform comes with its own accelerator device? Thanks, Peter. --- [1] http://www.soekris.com/vpn1401.htm -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD router - large scale
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27/05/2010 16:00:12, Kevin Wilcox wrote: > Hello everyone. > > We're in the very early stages of considering [Free|Open]BSD on > commodity hardware to handle NAT *and* firewall duties for (what I > consider to be) a sizable deployment. Overall bandwidth is low, only a > gigabit connection, but we handle approximately fifteen thousand > devices. DHCP and DNS would be passed through to other servers, this > hardware would only be responsible for address translation and pf. > > I've done this on a very, very small scale (small/home office, small > business) but I'm curious how many other folks are doing it on this > scale, the hardware they are running on and any "gotchas" they may > have faced. Does pf on FreeBSD take advantage of multiple cores/SMP? > Is it preferable, as with OpenBSD, to go for a very stout processor > without much consideration to cores? Would freebsd-net@ be a better > place to ask this? > > I'm getting ready to start digging in to memory and other resources > needed based on available documentation but real-world usage is much > preferred to my academic assessment. I've used OpenBSD/pf + carp for several sites; also + relayd for a reasonably high traffic website, plus various setups using IPSec tunnels. All very successfully. On a reasonably fast modern processor, PF can run pretty much at GB wirespeed for straight packet forwarding or NAT. Doing serious crypto slows things up somewhat. The hardest job I've had an OpenBSD firewall do is actually as a mid-level firewall between a DMZ full of web servers and a back-end database layer. The thing to watch out for is running out of states in PF. It's trivial to change that in the config, and given a machine with 1GB or so RAM dedicated to running PF, you can up the number of states by a factor of a hundred or more without problem. Also if you know all your connections are from directly attached networks and very low latency, you can be a lot more aggressive about dropping old states. PF is basically single-threaded -- even on FreeBSD, multiple cores won't help you a great deal. (Unless you've got anything else running on the firewall, when several cores is really useful, of course.) On the other hand, PF is not hugely CPU intensive. Better to spend your money on the best NICs you can afford. There are some useful enhancements in OpenBSD-4.7/pf which haven't made it into FreeBSD yet -- FreeBSD pf is basically equivalent to about OpenBSD-4.1 I think. FreeBSD is compatible with more varieties of amd64/i386 based hardware, and it does threading and multi-cpu very much better. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv+mesACgkQ8Mjk52CukIyB4gCff56iOhw7jRwmH4jzhaRmZPiK COwAoINJQZ8YRk3s4plAuoru4CIdQr/h =xyZm -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD router - large scale
Hello everyone. We're in the very early stages of considering [Free|Open]BSD on commodity hardware to handle NAT *and* firewall duties for (what I consider to be) a sizable deployment. Overall bandwidth is low, only a gigabit connection, but we handle approximately fifteen thousand devices. DHCP and DNS would be passed through to other servers, this hardware would only be responsible for address translation and pf. I've done this on a very, very small scale (small/home office, small business) but I'm curious how many other folks are doing it on this scale, the hardware they are running on and any "gotchas" they may have faced. Does pf on FreeBSD take advantage of multiple cores/SMP? Is it preferable, as with OpenBSD, to go for a very stout processor without much consideration to cores? Would freebsd-net@ be a better place to ask this? I'm getting ready to start digging in to memory and other resources needed based on available documentation but real-world usage is much preferred to my academic assessment. Thanks! kmw -- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
BSD perspective at SCALE?
Is the anyone who attend SCALE this weekend that would be interested in writing a couple of paragraphs about the event on BSD News? Please contact me off list. Regards, Mikel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
SCALE
I just wanted to say the FreeBSD booth at SCALE this year was great. There was a guy named Matt there, but I don't remember his last name. If you read this please message me directly. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Port Management on a larger scale
On Tue, 22 Jul 2008 00:41:46 -0400 Derek Belrose wrote: > Sorry if this has been asked before, but I've inherited a fairly large > number of FreeBSD servers. All of them are running 6.3. > What is the recommended way of doing port management? Or if there > isn't a recommended way of updating ports on 10-15 servers, what do > people do? How do you handle port upgrades that deal with custom > compile configurations (such as exim with postgresql)? Do you build a > port on one system and install it as a package on all the others? > I come from a Slackware background, and in the past I would compile > the update on a test system then distribute and install to all the > other servers. You may take a look at ports-mgmt/tinderbox. It builds packages with custom configuration. Those packages may be installed by a "portupgrade -PP" command. We use a special 8-CURRENT tinderbox machine to build packages for 8-x, 7-x, 6-x FreeBSD versions. WBR -- bsam ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Port Management on a larger scale
On Thursday 24 July 2008, Peter Boosten wrote: > Roland Smith wrote: > > On Tue, Jul 22, 2008 at 12:41:46AM -0400, Derek Belrose wrote: > >> What is the recommended way of doing port management? > > > > Alternatively you could use one server to build packages which are then > > stored on a shared filesystem to install on all others, but that sounds > > like more work to me. > > It would be a great feature to actually being able to build packages > without having to install them. Or did I miss that feature in the > man-pages? > > Peter It is technically impossible to create a package without first installing it's dependencies, so people usually a create chroot for that purpose. -- Pieter de Goeje ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Port Management on a larger scale
Roland Smith wrote: On Tue, Jul 22, 2008 at 12:41:46AM -0400, Derek Belrose wrote: What is the recommended way of doing port management? Alternatively you could use one server to build packages which are then stored on a shared filesystem to install on all others, but that sounds like more work to me. It would be a great feature to actually being able to build packages without having to install them. Or did I miss that feature in the man-pages? Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [freebsd-questions] Re: Port Management on a larger scale
On Wed, Jul 23, 2008 at 6:06 PM, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> wrote: >2) Taking down or a failure of the NFS server pulls EVERY > other system with it. ..just thinking out loud here...but.. what if you had 2 identical NFS/rsync servers and used them together in a standby/failover method. i.e. when you have to bring down one NFS/rsync server, you direct all clients to the other and vice versa. > >3) Working with lockd/statd can be problematic at times. >4) NFS on FreeBSD varies (I'M TOLD) between versions as to > effectiveness, issues, etc. >5) I've run into issues where some programs are just NOT > happy running over NFS (hylafax for me for example. POTENTIALLY a locking > issue, but running a locking tester shows everything fine, but it > just for the life of it won't work over NFS for me atleast). > >Since this is a "personal" system, I put up with it. When > I get the time/energy I'm going to break all the systems apart. > >Tuc/TBOH > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > -- regards, dg "..but the more you use clever tricks, the less support you'll get ..." -- M.W.Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [freebsd-questions] Re: Port Management on a larger scale
> > Or you could mount /usr/local from a single NFS server on all others, > keeping them automatically in sync but that might strain the NFS server > and make it a single point of failure which is undesirable. Maybe it > would be better to use the Coda filesystem in this case.=20 > In theory this sounded great when I first did it, but now, not so great. 1) I have to keep all the machines on the same OS release. 2) Taking down or a failure of the NFS server pulls EVERY other system with it. 3) Working with lockd/statd can be problematic at times. 4) NFS on FreeBSD varies (I'M TOLD) between versions as to effectiveness, issues, etc. 5) I've run into issues where some programs are just NOT happy running over NFS (hylafax for me for example. POTENTIALLY a locking issue, but running a locking tester shows everything fine, but it just for the life of it won't work over NFS for me atleast). Since this is a "personal" system, I put up with it. When I get the time/energy I'm going to break all the systems apart. Tuc/TBOH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Port Management on a larger scale
On Tue, Jul 22, 2008 at 12:41:46AM -0400, Derek Belrose wrote: > What is the recommended way of doing port management? There doesn't seem to be a single standard way of doing this. There are several things you could do, assuming that all servers use identically configured software. Probably the least effort would be to update and test the ports one server, then use rsync to push /usr/local from that server to all others. This is efficient because you only have to build stuff once, an can then easily push it to other machines. Alternatively you could use one server to build packages which are then stored on a shared filesystem to install on all others, but that sounds like more work to me. Or you could mount /usr/local from a single NFS server on all others, keeping them automatically in sync but that might strain the NFS server and make it a single point of failure which is undesirable. Maybe it would be better to use the Coda filesystem in this case. I'd favor the rsync approach, because it keeps data and programs locally accessible on each machine while making in easy and efficient to syncronize from a test machine to others. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp0RPMWiPfaC.pgp Description: PGP signature
Port Management on a larger scale
Sorry if this has been asked before, but I've inherited a fairly large number of FreeBSD servers. All of them are running 6.3. What is the recommended way of doing port management? Or if there isn't a recommended way of updating ports on 10-15 servers, what do people do? How do you handle port upgrades that deal with custom compile configurations (such as exim with postgresql)? Do you build a port on one system and install it as a package on all the others? I come from a Slackware background, and in the past I would compile the update on a test system then distribute and install to all the other servers. Thanks for your input! Derek ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Large scale NAT
On Fri, 11 May 2007, Todor Dragnev wrote: Hello list, I have about 4000 users behind NAT. I use ipnat(ipf) on single freebsd box( v6.2) to translate RFC1918 ip addresses to real one. All works fine, but my CPU usage is very high and router starts to drop packets and sometimes freeze. I fix freezes problem with POLLING but CPU usage is still very high. Throughput on one interface is about 200Mbit/s, but next month I will need more speed to pass through this box and I looking for better solution What is the throughput limit what I can expect from FreeBSD in this situation? Are someone in the list have experience with large NAT tables? It is time to switch to Cisco or something similar - any suggestions ? There is a comparison of ip-filter and packet filter here http://www.benzedrine.cx/pf-paper.html Rather old now, but as I understand, pf does a better job when tables grow large when filtering is stateful. Cheers, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Large scale NAT
Hello list, I have about 4000 users behind NAT. I use ipnat(ipf) on single freebsd box( v6.2) to translate RFC1918 ip addresses to real one. In ipnat.conf I have: --- map vlan0 10.X.0.0/16 -> a.b.c.X/32 proxy port ftp ftp/tcp map vlan0 10.X.0.0/16 -> a.b.c.X/32 portmap tcp/udp auto map vlan0 10.X.0.0/16 -> a.b.c.X/32 --- Where X is in range from 0 to 40. $ "ipnat -s" mappedin1192241264out1082773308 added58509192expired0 no memory65394bad nat9642 inuse212292 rules1160 wilds2 $ netstat -w 1 input(Total) output packets errs bytespackets errs bytes colls 75681 0 47043801 73193 0 38853537 0 74908 0 46345012 72391 0 37946719 0 CPU: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz (1864.81-MHz 686-class CPU) network cards em0: sk0: <3Com Gigabit NIC (3C2000) rev. (0x1) - Marvell Semiconductor, Inc. Yukon> All works fine, but my CPU usage is very high and router starts to drop packets and sometimes freeze. I fix freezes problem with POLLING but CPU usage is still very high. Throughput on one interface is about 200Mbit/s, but next month I will need more speed to pass through this box and I looking for better solution What is the throughput limit what I can expect from FreeBSD in this situation? Are someone in the list have experience with large NAT tables? It is time to switch to Cisco or something similar - any suggestions ? Thanks, Todor Dragnev -- There are no answers, only cross references ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Portupgrade failure: / filesystem full.... any suggestionsshort of full-scale re-install?
[EMAIL PROTECTED] wrote: Hello, I'm not sure what's next: hedgehogs falling from the skies, perhaps? Mostly, I know I'm flailing around in the newbie waters, an otherwise straightforward 5.2.1 install (single user, desktop) gone horribly, horribly wrong. The story so far... And what have you against hedgehogs? Or is it just that they might hurt if they hit you? I got through most of the sysinstall program without too many surprises. It's a new machine, 40G HD. Loosely following Mr. Lehey's configuration suggestions in Complete FreeBSD, / got 4G, swap 2G, and /home the rest. [snip rest of sad story] We love Mr. Lehey, of course, although my last attempt to get one of his books on Ebay went awry. However, I've read vinum(8) once, I think --- and found his website pretty interesting. ;-) That said, I wouldn't partition a drive in this way. Here's a report on the disks on my workstation: $df -h Filesystem Size Used Avail Capacity Mounted on /dev/ad0s1a 989M 149M 761M 16% / devfs 1.0K 1.0K 0B 100% /dev /dev/ad0s1e 34G 17G 14G 56% /usr /dev/ad0s1d 989M 410M 500M 45% /var /dev/ad1s1d 180G 14G 152G 8% /backup //[EMAIL PROTECTED]/SHAREDDOCS 19G 15G 3.8G 80% /house Even allowing that the users in (/usr)/home on my system are using approximately 13GB, there's still 4GB in /usr, and another half GB in the root and /var filesystems, which in my case are seperate partitions. Most certainly in doing cvsup+buildworld+buildkernel and friends, you're going to take up space with /usr/src and /usr/obj. By installing the instant-workstation port, you're going to be filling up /usr/ports/distfiles and /usr/local. Fetch is probably holding "temporary" files open in either /tmp or /root, so it's not inconceivable that your / is up to its 4 GB maximum as /var, /tmp, and /usr are all in your root fs... Greg Lehey's recommendations have, AFAIK (but I'm no expert) never been the same as the ones recommended by /stand/sysinstall (and therefore the project??) However, generally there's nothing wrong with his ideas, and certainly he would know better than a peon like myself. BUT---IIRC, sometime in the last few months he was discussing this very issue on the lists, and mentioning that his thought on the subject had changed a bit (and perhaps he's changed his recommendations in a later edition?) As for what you might do ... one workaround might be to move some things like /usr/src, /usr/ports and /usr/obj to your big filesystem: $cd /usr $mv ports /home $ln -s /home/ports ports I don't think this would cause any problems, and might be a way to manage until later. I guess you could just do it that way permanently. There would be other options, too, of course... Kevin Kinsey ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Portupgrade failure: / filesystem full.... any suggestions short of full-scale re-install?
Hello, I'm not sure what's next: hedgehogs falling from the skies, perhaps? Mostly, I know I'm flailing around in the newbie waters, an otherwise straightforward 5.2.1 install (single user, desktop) gone horribly, horribly wrong. The story so far... I got through most of the sysinstall program without too many surprises. It's a new machine, 40G HD. Loosely following Mr. Lehey's configuration suggestions in Complete FreeBSD, / got 4G, swap 2G, and /home the rest. Among other things, I downloaded and installed the instant-workstation 1.0.3 port, in part because a presumably earlier version had worked fine last fall when I installed it on my wife's dual boot machine.[1] This time, although XFree86 -configure tested okay, i.e. grey screen with X in the middle, then Ctrl-Alt-Backspace to return to the CLI, I couldn't seem to configure X. I had it working a couple of times, but the mouse cursor was a 64x64 pixel barcode! Exiting seemed to cause the x-server the most trouble. The box locked up complaining primarily of "unresolved symbols," although both Knoppix 3.4 and FreeSBIE's versions of x-windows work(ed) fine, booting from the CD drive. I see a note [2] suggesting the more current XFree86 4.4 version might work better with the SiS74x video card, which at that point, seemed the most likely candidate for FreeBSD incompatibility. More googling around and freebsd-questions digest traffic reading suggested cvsup and portupgrade, as a general tidying up strategy en route to updating to 4.4. [upmusic: theme from Jaws] Cvsupping seems to be chugging along for quite a while, but previous install on older machine also took the better part of a weekend, so I figure what the hell. A strong sense of fear and loathing began to develop, however, when "filesystem full" began in large numbers to scroll off the screen, late this past afternoon. A du -sk * showed relatively expected numbers next to most of the sub-directories, but /usr and /var showed 3 038 096 & 71 990 respectively! ??? /var/tmp seems to contain lots of 512K .bak files right underneath .tgz behemoths with the same name. I've seen messages suggesting deleting /tmp directories, as well as growfs, as a way to regain room to at least email log and error messages, but I'm also getting a little gunshy. Any suggestions, even starting over from scratch, would assist me greatly. Everything I've read so far suggests FreeBSD installs into _at most_ 5G, so what's going on??? If a more realistic cvsup/portupgrade manoevering room works out to 10G, maybe this message will help someone else. Thanks in advance. df (dave) armour my real box calm! # not. [1] previous install, 5.0-RELEASE, admittedly in 18G, on dual-boot (Windows ME, with 10G) box. [2] The SiS driver author's site suggests XFree86 4.4.0 works more successfully with SiS74x series. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sun, 5 Oct 2003 09:54, Gabriel Striewe wrote: > Hello! > > Can anybody recommend a low-scale presentation programm in > OpenOfficeImpress or PowerPoint style, but which does not use as much > resources. > From other responses you'll see there are quite a number of options. I guess you need to try a few to see which best suits what you have in mind. I suggest you also take a look at xnview, at the very least it seems to be resource conservative. In addition it will handle many, many graphical formats, but does not itself generate graphics. You need something like xfig or a paint program (or something else with which I probably have no experience) to do that. I also find xv handy for cropping and resizing. Malcolm ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
Hello! I found this website with information on LaTeX- and HTML-based screen presentation tools. http://www.miwie.org/presentations/presentations.html I hope this is any helpful. Gabriel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sun, Oct 05, 2003 at 01:21:43PM -0400, Todd Stephens wrote: > > What about OperaShow? > > http://www.opera.com/support/tutorials/operashow/ > > Assuming one knows how to author an html document. Is this part of the > Opera port? On the web page is says it is part of Opera for Windows, > but does not mention it being part of Opera for Linux or otherwise. It > is an interesting idea though. It does work with native FreeBSD port at least since 6.11. m&f -- What do you care what other people think? pgp0.pgp Description: PGP signature
Re: low-scale presenter for FreeBSD?
On Sunday 05 October 2003 07:26 am, Michal F. Hanula wrote: > On Sun, Oct 05, 2003 at 02:24:33AM +0200, Gabriel Striewe wrote: > > Hello! > > > > Can anybody recommend a low-scale presentation programm in > > OpenOfficeImpress or PowerPoint style, but which does not use as > > much resources. > > > > Thanks for any hints > > What about OperaShow? > http://www.opera.com/support/tutorials/operashow/ > m&f Assuming one knows how to author an html document. Is this part of the Opera port? On the web page is says it is part of Opera for Windows, but does not mention it being part of Opera for Linux or otherwise. It is an interesting idea though. -- Todd Stephens "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Plato ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sun, 5 Oct 2003 13:26:31 +0200, Michal F. Hanula <[EMAIL PROTECTED]> wrote: On Sun, Oct 05, 2003 at 02:24:33AM +0200, Gabriel Striewe wrote: Hello! Can anybody recommend a low-scale presentation programm in OpenOfficeImpress or PowerPoint style, but which does not use as much resources. What about OperaShow? http://www.opera.com/support/tutorials/operashow/ A very good suggestion, as the pages can be written in HTML with CSS to change the presentation as appropriate when displaying on a website or as a series of slides. The other benefit is when you are finished you can instantly put it on the web. TjL -- Tim & Tracey & Ethan http://tntluoma.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
Am Sun, 05 Oct 2003 08:57:10 -0600 schrieb Tillman Hodgson: > On Sun, Oct 05, 2003 at 10:16:07AM +0200, Simon Rutishauser wrote: >> Hi, >> >> give the Latex Prosper Package a try (you have to fetch it separately). >> With it you can create pdf files. >> >> These you can present using "xpdf -fullscreen " (I think xpdf doesn't >> need too much ressources ;-)) >> >> Peschmä > > I also recommend Prosper with LaTeX. It looks great - I have some up at > http://www.rospa.ca/documents/ under "Presentations" if anyone would like > to take a look. It presents well under acroread in full-screen mode. xpdf > -fullscreen also works well, though the slide transition effects are lost > (most likely considered a feature ;-) ). Well, the transition effects look ugly and always the same. Thus I don't use them ;-) Anyway Acrobat Reader doesn't work properly on my system so I don't use it. And it needs plenty of ressources... Peschmä ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sun, Oct 05, 2003 at 10:16:07AM +0200, Simon Rutishauser wrote: > Hi, > > give the Latex Prosper Package a try (you have to fetch it separately). > With it you can create pdf files. > > These you can present using "xpdf -fullscreen " (I think xpdf doesn't need > too much ressources ;-)) > > Peschmä I also recommend Prosper with LaTeX. It looks great - I have some up at http://www.rospa.ca/documents/ under "Presentations" if anyone would like to take a look. It presents well under acroread in full-screen mode. xpdf -fullscreen also works well, though the slide transition effects are lost (most likely considered a feature ;-) ). -T -- Page 356: Part of the charm of Unix is, all of a sudden, having a great insight and saying to yourself, "So THAT's why they did it that way." - Harley Hahn, _The Unix Companion_ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sunday 05 October 2003 09:22 am, Todd Stephens wrote: > Slideshow seems like an impressive application to me from looking at > the web site http://www.alobbs.com/slideshow. It has an option to > create "ASCII Slides", so I don't know if that means it can read from > a text file or not. I might try it out just to see, but I am trying > to cut back on what I am installing these days. The ports system > almost makes it *too* easy to install things and I've gone a little > crazy with it lately. Follow up to this. Slideshow is indeed a very powerful presentation program. The problem lies in figuring out how to use it. It appears to me that you have to write the slides in XML, then program the actual slideshow in Python, since slideshow is apparently a Python module. The 'example' slideshow that is installed doesn't really tell me much, and the docs installed simply refer you to the sample slideshow. -- Todd Stephens "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Plato ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sunday 05 October 2003 02:56 am, Greg 'groggy' Lehey wrote: > I'd be very interested to hear from people who are picky, who have > actually used any of these packages, and who can tell me how to use > them well. (Amongst other things, this is a roundabout way of > saying that I don't know anything good myself). Out of the applications I mentioned the only one I have done any real work on was KPresenter. It could certainly be more... (better?) ... but it was sufficient for my needs. It lacks animation and is probably every bit the PowerPoint clone that OpenOffice is. I stay away from OpenOffice as much as possible because it is such a resource pig. > I haven't tried the others. I need something that will interface > with UNIX text files, and I suspect that MagicPoint's the only choice > there. Slideshow seems like an impressive application to me from looking at the web site http://www.alobbs.com/slideshow. It has an option to create "ASCII Slides", so I don't know if that means it can read from a text file or not. I might try it out just to see, but I am trying to cut back on what I am installing these days. The ports system almost makes it *too* easy to install things and I've gone a little crazy with it lately. -- Todd Stephens "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Plato ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sun, Oct 05, 2003 at 02:24:33AM +0200, Gabriel Striewe wrote: > Hello! > > Can anybody recommend a low-scale presentation programm in OpenOfficeImpress or > PowerPoint style, but which does not use as much resources. > > Thanks for any hints What about OperaShow? http://www.opera.com/support/tutorials/operashow/ m&f -- What do you care what other people think? pgp0.pgp Description: PGP signature
Re: low-scale presenter for FreeBSD?
Hi, give the Latex Prosper Package a try (you have to fetch it separately). With it you can create pdf files. These you can present using "xpdf -fullscreen " (I think xpdf doesn't need too much ressources ;-)) Peschmä Am Sun, 05 Oct 2003 02:24:33 +0200 schrieb Gabriel Striewe: > Hello! > > Can anybody recommend a low-scale presentation programm in > OpenOfficeImpress or PowerPoint style, but which does not use as much > resources. > > Thanks for any hints > > Gabriel > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions To > unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sunday, 5 October 2003 at 1:23:50 +0100, Rus Foster wrote: > On Sun, 5 Oct 2003, Gabriel Striewe wrote: > >> Hello! >> >> Can anybody recommend a low-scale presentation programm in >> OpenOfficeImpress or PowerPoint style, but which does not use as much >> resources. > > How about saving it as HTML then using netscape? On Saturday, 4 October 2003 at 21:34:43 -0400, Todd Stephens wrote: > On Saturday 04 October 2003 08:23 pm, Rus Foster wrote: > >> How about saving it as HTML then using netscape? > > I think he wanted something that /wasn't/ a resource hog :-) > > Seriously, if you have KDE installed (which you probably don't if you > are worried about system resources) there is KPresenter. The HTML > suggestion is a very valid one though, and there is a port for > converting PowerPoint to html in /usr/ports/textproc/xlhtml but I've > never tried it. > > There are a few in the 'misc' ports. Look for MagicPoint or Pointless. > I think Pointless uses OpenGL, so you might not want that one either. > There is another in /usr/ports/multimedia/slideshow that is supposedly > very powerful. I have only glanced at it. I'd be very interested to hear from people who are picky, who have actually used any of these packages, and who can tell me how to use them well. (Amongst other things, this is a roundabout way of saying that I don't know anything good myself). My issues are: - OpenOffice: a real pig to work with. I also have font problems which I'm sure I could fix if I found it worth the trouble, but after preparing a presentation with other people who didn't have the font problems, I don't think it's worth it. OpenOffice is really a Microsoft clone, and it doesn't fit well into UNIX. - MagicPoint: something to make the GUI approach look good. Fonts are rough, features were pretty minimal when I tried it, and the syntax blows my mind. I haven't tried the others. I need something that will interface with UNIX text files, and I suspect that MagicPoint's the only choice there. Personally, I use groff and ghostscript to create the slides in PDF form (ghostview has a helper application called ps2pdf to create the PDF), and then I use acroread to display them. It works OK, but acroread is very slow, and I'd be happy to find something better. Greg -- See complete headers for address and phone numbers. pgp0.pgp Description: PGP signature
Re: low-scale presenter for FreeBSD?
On Saturday 04 October 2003 08:23 pm, Rus Foster wrote: > How about saving it as HTML then using netscape? I think he wanted something that /wasn't/ a resource hog :-) Seriously, if you have KDE installed (which you probably don't if you are worried about system resources) there is KPresenter. The HTML suggestion is a very valid one though, and there is a port for converting PowerPoint to html in /usr/ports/textproc/xlhtml but I've never tried it. There are a few in the 'misc' ports. Look for MagicPoint or Pointless. I think Pointless uses OpenGL, so you might not want that one either. There is another in /usr/ports/multimedia/slideshow that is supposedly very powerful. I have only glanced at it. -- Todd Stephens "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Plato ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: low-scale presenter for FreeBSD?
On Sun, 5 Oct 2003, Gabriel Striewe wrote: > Hello! > > Can anybody recommend a low-scale presentation programm in > OpenOfficeImpress or PowerPoint style, but which does not use as much > resources. How about saving it as HTML then using netscape? Rus -- w: http://www.jvps.com | Virtual Dedicated Servers from $15/mo e: [EMAIL PROTECTED]| Dontations made to Debian, FreeBSD t: +44 7919 373537 | and Slackware t: 1-888-327-6330 | email: [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
low-scale presenter for FreeBSD?
Hello! Can anybody recommend a low-scale presentation programm in OpenOfficeImpress or PowerPoint style, but which does not use as much resources. Thanks for any hints Gabriel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: C scale using /dev/speaker
In a message dated 2/19/03 9:51:46 PM Central Standard Time, [EMAIL PROTECTED] writes: > Yes. It's been a LONG day. > > > > > > did you mean > > echo "o3cdefgabo4c" > /dev/speaker > > ? > > > > On Wednesday 19 February 2003 10:14 pm, Matthew Emmerton wrote: > > > > Hi, > > > > what is proper syntax for coaxing C major scale out of /dev/speaker? > > > > > > TIA. > > > > > > > Dave > > > > > > To play C major scale, starting at middle C, do this: > > > > > > cat "o3cdefgabo4c" > /dev/speaker > > > > > > man spkr(4) for more details. > > > Thanks guys! : o) dave To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: C scale using /dev/speaker
Yes. It's been a LONG day. > > did you mean > echo "o3cdefgabo4c" > /dev/speaker > ? > > On Wednesday 19 February 2003 10:14 pm, Matthew Emmerton wrote: > > > Hi, > > > what is proper syntax for coaxing C major scale out of /dev/speaker? > > > > TIA. > > > > > Dave > > > > To play C major scale, starting at middle C, do this: > > > > cat "o3cdefgabo4c" > /dev/speaker > > > > man spkr(4) for more details. > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: C scale using /dev/speaker
> Hi, > what is proper syntax for coaxing C major scale out of /dev/speaker? TIA. > Dave To play C major scale, starting at middle C, do this: cat "o3cdefgabo4c" > /dev/speaker man spkr(4) for more details. -- Matt Emmerton To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
C scale using /dev/speaker
Hi, what is proper syntax for coaxing C major scale out of /dev/speaker? TIA. Dave p.s. piano and spkrtest work great To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Best way to scale SMTP auth?
Steven, I suggest you Postfix + SMTP AUTH You will find the howto´s in Postfix homepage at http://www.postfix.org Ronan > Hi. Got a slight problem. I'd like to do an SMTP system that > allows up to 100 users a second to authenticate to the system using the > simplest means possible. I'd like to use the Pop before SMTP method over > authentication before SMTP. However from my understanding, it doesn't > scale very well. So I'm trying to find a way to make this be able to > handle as much traffic as possible without overloading the existing > system. Thanks. > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Best way to scale SMTP auth?
Hi. Got a slight problem. I'd like to do an SMTP system that allows up to 100 users a second to authenticate to the system using the simplest means possible. I'd like to use the Pop before SMTP method over authentication before SMTP. However from my understanding, it doesn't scale very well. So I'm trying to find a way to make this be able to handle as much traffic as possible without overloading the existing system. Thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
TTT scale
I managed to get the ttt running on my box. Thanks to any advice from you all. Somehow i feel that the scale is not convenience because it's in Mbps. Hot to scale it to Kbps ? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
