semaphores
Hi, I was installing perl 5.8 and it would fails. Lost the error message, sorry. However, running a google search on the error message gave only one result suggesting that my system was running out of semaphores. So, `ipcs` showed that postgresql was using them and so stopping this db allowed perl to be installed. Now I can run both perl5.8 and postgresql, but, how do I know whether my system is low on semaphores, and if so, how do I increase it ? Here are some outputes: uname -a: FreeBSD 4.8-STABLE ipcs : [EMAIL PROTECTED] [/home/pars/perl] $ ipcs Message Queues: T ID KEYMODE OWNERGROUP Shared Memory: T ID KEYMODE OWNERGROUP m 655365432001 --rw---pgsqlpgsql Semaphores: T ID KEYMODE OWNERGROUP s 1310725432001 --rw---pgsqlpgsql s 1310735432002 --rw---pgsqlpgsql s 1310745432003 --rw---pgsqlpgsql Thanks. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Increasing Semaphores
Over the past few days, I had some problems with too few connections availabe for postgresql. I resolved them for the short term, but when I tried setting the max_connections for postgresql as high as 64, I received a message indicating that I had to increase the semaphores available in the kernel before I could do that, which seems to require a recompile of the kernel. I haven't compiled the kernel before, so this is new to me. Before I go ahead and do that, after reading through the handbook, etc., I wanted to ask if there were any gotcha's I should be aware of. IOW, would increasing the number of semaphores available have any cascading effect in general, all other things being equal? I'm running FBSD 4.9. Thx ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Memory semaphores?
Hello, I just installed Apache/1.3.28, and now I got a lot of files like these in /var/run/: /var/run/httpd.mm.77920.sem They look like memory management semaphores of some kind (from mm?). Can I safely delete these files, prior to staring the httpd daemon? I hate them cluttering up my /var/run/ dir. - Mark ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: semaphores
> Hi, Hi! > I was installing perl 5.8 and it would fails. Lost the error message, sorry. > However, running a google search on the error message gave only one > result suggesting that my system was running out of semaphores. So, > `ipcs` showed that postgresql was using them and so stopping this db allowed > perl to be installed. > > Now I can run both perl5.8 and postgresql, but, how do I know whether my > system is low on semaphores, and if so, how do I increase it ? rebuild the kernel with options like these (take mine for exmaple) ### options SYSVSHM #SYSV-style shared memory options SHMMAXPGS=65535 ### for Oracle... options SHMALL=8192 options SHMMAX="(SHMMAXPGS*PAGE_SIZE+1)" options SHMMIN=2 options SHMMNI=512 ### for Oracle... options SHMSEG=512 ### for Oracle... ### options SYSVSEM #SYSV-style semaphore options SEMMAP=512 options SEMMNI=512 ### for Oracle... options SEMUME=512 options SEMMNS=1024 ### for Oracle... options SEMMNU=512 options SEMMSL=256 ### for Oracle... options SEMOPM=256 ### options SYSVMSG #SYSV-style messages. options MSGMNB=16384 options MSGMNI=256 options MSGSEG=8196 options MSGSSZ=16 options MSGTQL=256 read www.freebsd.org and LINT for more info -- Error Code=-1 Continue? Yes | No -- > Here are some outputes: > uname -a: FreeBSD 4.8-STABLE > ipcs : > [EMAIL PROTECTED] [/home/pars/perl] > $ ipcs > Message Queues: > T ID KEYMODE OWNERGROUP > > Shared Memory: > T ID KEYMODE OWNERGROUP > m 655365432001 --rw---pgsqlpgsql > > Semaphores: > T ID KEYMODE OWNERGROUP > s 1310725432001 --rw---pgsqlpgsql > s 1310735432002 --rw---pgsqlpgsql > s 1310745432003 --rw---pgsqlpgsql > > Thanks. > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
sysv semaphores
I'm trying to test a python extension (POSH) that uses semaphores. When testing I get a run time error that indicates it requires too many semaphores. Is it possible to adjust the allowed number of semaphores without rebuilding the kernel? What are the costs of having semaphores ie are they memory/cpu intensive? -- Robin Becker ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Memory semaphores?
Mark <[EMAIL PROTECTED]> writes: > I just installed Apache/1.3.28, and now I got a lot of files like these in > /var/run/: > > /var/run/httpd.mm.77920.sem > > They look like memory management semaphores of some kind (from mm?). Can I > safely delete these files, prior to staring the httpd daemon? I hate them > cluttering up my /var/run/ dir. I don't see anything like that, so I'm not sure why you are. However, they should definitely be safe to remove when httpd isn't running... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Memory semaphores?
There's a port called lsof (in sysutils I think), running that will tell you what process has what files open and you can see what has that file open if anything. -- Michael Conlen Lowell Gilbert wrote: Mark <[EMAIL PROTECTED]> writes: I just installed Apache/1.3.28, and now I got a lot of files like these in /var/run/: /var/run/httpd.mm.77920.sem They look like memory management semaphores of some kind (from mm?). Can I safely delete these files, prior to staring the httpd daemon? I hate them cluttering up my /var/run/ dir. I don't see anything like that, so I'm not sure why you are. However, they should definitely be safe to remove when httpd isn't running... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sysv semaphores
On Tue, Nov 14, 2006 at 03:22:33PM +, Robin Becker wrote: > I'm trying to test a python extension (POSH) that uses semaphores. When > testing I get a run time error that indicates it requires too many > semaphores. Is it possible to adjust the allowed number of semaphores > without rebuilding the kernel? > > What are the costs of having semaphores ie are they memory/cpu intensive? > -- > Robin Becker You'll want to use either sysctl(8) to change the settings dynamically, or use /etc/sysctl.conf to modify the settings permanently. I'm not sure if there's a benefit to rolling a new kernel versus using sysctl.conf, or if things even work that way anymore. # sysctl -a | grep seminfo kern.seminfo.semmni=10# number of semaphore identifiers kern.seminfo.semmns=60# number of semaphores in system kern.seminfo.semmnu=30# number of undo structures in system kern.seminfo.semmsl=60# max number of semaphores per id kern.seminfo.semopm=100 # max number of operations per semop call kern.seminfo.semume=10# max number of undo entries per process kern.seminfo.semusz=100 # size in bytes of undo structure kern.seminfo.semvmx=32767 # semaphore maximum value kern.seminfo.semaem=16384 # adjust on exit max value Those comments are from /usr/include/sys/sem.h -Damian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sysv semaphores
On Tue, Nov 14, 2006 at 04:46:52PM -0600, Damian Wiest wrote: > On Tue, Nov 14, 2006 at 03:22:33PM +, Robin Becker wrote: > > I'm trying to test a python extension (POSH) that uses semaphores. When > > testing I get a run time error that indicates it requires too many > > semaphores. Is it possible to adjust the allowed number of semaphores > > without rebuilding the kernel? > > > > What are the costs of having semaphores ie are they memory/cpu intensive? > > -- > > Robin Becker > > You'll want to use either sysctl(8) to change the settings dynamically, or > use /etc/sysctl.conf to modify the settings permanently. I'm not sure if > there's a benefit to rolling a new kernel versus using sysctl.conf, or if > things even work that way anymore. > > # sysctl -a | grep seminfo > > kern.seminfo.semmni=10# number of semaphore identifiers > kern.seminfo.semmns=60# number of semaphores in system > kern.seminfo.semmnu=30# number of undo structures in system > kern.seminfo.semmsl=60# max number of semaphores per id > kern.seminfo.semopm=100 # max number of operations per semop call > kern.seminfo.semume=10# max number of undo entries per process > kern.seminfo.semusz=100 # size in bytes of undo structure > kern.seminfo.semvmx=32767 # semaphore maximum value > kern.seminfo.semaem=16384 # adjust on exit max value > > Those comments are from /usr/include/sys/sem.h > > -Damian Sorry, I forgot to mention a few things. You should become familiar with ipcs(1) as it will allow you to query the current state of SysV IPC facilities. You'll probably find yourself manually deleting semaphores depending on how well that extension cleans up after itself during testing. IIRC, the kernel maintains some in-memory datastructures to keep track of semaphores. I believe increasing the maximum number of semaphores will take up a negligible amount of main memory. If you're interested, the "Design and Implementation of the 4.4 BSD Operating System" (ISBN # 0201549794) has great coverage of this stuff. -Damian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sysv semaphores
Damian Wiest wrote: . You'll want to use either sysctl(8) to change the settings dynamically, or use /etc/sysctl.conf to modify the settings permanently. I'm not sure if there's a benefit to rolling a new kernel versus using sysctl.conf, or if things even work that way anymore. # sysctl -a | grep seminfo kern.seminfo.semmni=10# number of semaphore identifiers kern.seminfo.semmns=60 # number of semaphores in system kern.seminfo.semmnu=30# number of undo structures in system kern.seminfo.semmsl=60# max number of semaphores per id kern.seminfo.semopm=100 # max number of operations per semop call kern.seminfo.semume=10# max number of undo entries per process kern.seminfo.semusz=100 # size in bytes of undo structure kern.seminfo.semvmx=32767 # semaphore maximum value kern.seminfo.semaem=16384 # adjust on exit max value Those comments are from /usr/include/sys/sem.h -Damian Sorry, I forgot to mention a few things. You should become familiar with ipcs(1) as it will allow you to query the current state of SysV IPC facilities. You'll probably find yourself manually deleting semaphores depending on how well that extension cleans up after itself during testing. IIRC, the kernel maintains some in-memory datastructures to keep track of semaphores. I believe increasing the maximum number of semaphores will take up a negligible amount of main memory. If you're interested, the "Design and Implementation of the 4.4 BSD Operating System" (ISBN # 0201549794) has great coverage of this stuff. thanks very much all very useful info. Someone else recommended looking at these options kern.ipc.semmap=180 kern.ipc.semmni=160 kern.ipc.semmns=210 kern.ipc.semmnu=180 kern.ipc.semmsl=210 kern.ipc.semopm=250 kern.ipc.semume=160 kern.ipc.semusz=92 kern.ipc.semvmx=32767 kern.ipc.semaem=16384 and on my 6.1 system I see these with sysctl -a | grep ipc, however, # sysctl -a | grep seminfo /usr/RL_HOME/users/robin: # I guess they've been renamed. -- Robin Becker ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sysv semaphores
On Tue, Nov 14, 2006 at 11:56:45PM +, Robin Becker wrote: [snip] > thanks very much all very useful info. Someone else recommended looking > at these options > > kern.ipc.semmap=180 > kern.ipc.semmni=160 > kern.ipc.semmns=210 > kern.ipc.semmnu=180 > kern.ipc.semmsl=210 > kern.ipc.semopm=250 > kern.ipc.semume=160 > > kern.ipc.semusz=92 > kern.ipc.semvmx=32767 > kern.ipc.semaem=16384 > > > and on my 6.1 system I see these with sysctl -a | grep ipc, however, > > # sysctl -a | grep seminfo > /usr/RL_HOME/users/robin: > # > > I guess they've been renamed. > -- > Robin Becker No, it's my fault; I checked things on the wrong system. OpenBSD uses seminfo, FreeBSD uses ipc. -Damian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sysv semaphores
Damian Wiest wrote: ... No, it's my fault; I checked things on the wrong system. OpenBSD uses seminfo, FreeBSD uses ipc. aa the joy of forking :) -- Robin Becker ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Firebird 2.5 and SysV Semaphores
Hi, I have a problem with Firebird 2.5, and posted the issue in their mailing list. They suggested that I have to recompile the kernel to allow more SysV semaphores. Do you recommend this? Here's a copy of my mail: > I recently installed Firebird 2.5 on a FreeBSD, it was running ok > until this moring when suddendly it stopped accepting connections. > > The server runs via inetd. > > Here is a copy of the last lines of firebird.log: > > --- > server.rame.local Tue May 17 16:15:33 2011 > ISC_event_wait: semop failed with errno =3D 22 > > > server.rame.local Tue May 17 16:15:33 2011 > create_semaphores failed: > operating system directive semget failed > No space left on device > > > server.rame.local Tue May 17 16:15:33 2011 > ISC_event_wait: semop failed with errno =3D 22 > > > server.rame.local Tue May 17 16:15:33 2011 > create_semaphores failed: > operating system directive semget failed > No space left on device Should rebuild kernel with more SysV semaphores. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
sshit runs out of semaphores
Hiya I recently started (trying) to use sshit to filter the many brute force sshd attacks. However, it has never worked on my box. FreeBSD 7.0 p1. This morning it would only give a message (without exiting) Could not create semaphore set: No space left on device at /usr/local/sbin/sshit line 322 Every time it gets stopped by CTRL-C it leaves the shared memory behind, allocated. I am going to reboot later and double the number of semaphores (in loader.conf). I am running hobbit which uses 8, leaving only 2 free. This may solve this issue, but I'd appreciate any ideas and experienced advice. A side issue is that sshit will only filter rapid fire attacks, but I am also seeing 'slow fire' attacks, where an IP is repeated every 2 or 3 hours, but there seem to be a network of attackers because the name sequence is kept up across many incoming IP's. Is there any script for countering these attacks? If not I'll write one I think. -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sshit runs out of semaphores
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 DA Forsyth wrote: > Hiya > > I recently started (trying) to use sshit to filter the many brute > force sshd attacks. > > However, it has never worked on my box. FreeBSD 7.0 p1. > > This morning it would only give a message (without exiting) >Could not create semaphore set: No space left on device > at /usr/local/sbin/sshit line 322 > Every time it gets stopped by CTRL-C it leaves the shared memory > behind, allocated. > > I am going to reboot later and double the number of semaphores (in > loader.conf). > I am running hobbit which uses 8, leaving only 2 free. This may > solve this issue, but I'd appreciate any ideas and experienced > advice. > > A side issue is that sshit will only filter rapid fire attacks, but I > am also seeing 'slow fire' attacks, where an IP is repeated every 2 > or 3 hours, but there seem to be a network of attackers because the > name sequence is kept up across many incoming IP's. Is there any > script for countering these attacks? > If not I'll write one I think. > > > -- >DA Fo rsythNetwork Supervisor > Principal Technical Officer -- Institute for Water Research > http://www.ru.ac.za/institutes/iwr/ Hi DA, I previously used sshit to defend against SSH brute-force attacks but never saw the semaphore problem that you reported. However, I recently switched to sshguard for other reasons, and it has worked well for defending against both high-speed and slow-speed attacks. You can get more information here: http://sshguard.sourceforge.net/ http://www.freshports.org/security/sshguard-ipfw/ Hope that helps, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJNTdC0sRouByUApARAt/uAKCkRzJ7f67aKhBxQNRrI9gI7eRu3QCeL+tA 2hG4DfmVSHFgOO+GvUiNniM= =oAa+ -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sshit runs out of semaphores
In response to "DA Forsyth" <[EMAIL PROTECTED]>: > Hiya > > I recently started (trying) to use sshit to filter the many brute > force sshd attacks. > > However, it has never worked on my box. FreeBSD 7.0 p1. > > This morning it would only give a message (without exiting) >Could not create semaphore set: No space left on device > at /usr/local/sbin/sshit line 322 > Every time it gets stopped by CTRL-C it leaves the shared memory > behind, allocated. Have a look at ipcs and ipcrm, which will save you the reboots. > A side issue is that sshit will only filter rapid fire attacks, but I > am also seeing 'slow fire' attacks, where an IP is repeated every 2 > or 3 hours, but there seem to be a network of attackers because the > name sequence is kept up across many incoming IP's. Is there any > script for countering these attacks? > If not I'll write one I think. My approach: http://www.potentialtech.com/cms/node/16 -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sshit runs out of semaphores
On Tuesday 02 December 2008 04:54:27 Bill Moran wrote: > In response to "DA Forsyth" <[EMAIL PROTECTED]>: > > Hiya > > > > I recently started (trying) to use sshit to filter the many brute > > force sshd attacks. > > > > However, it has never worked on my box. FreeBSD 7.0 p1. > > > > This morning it would only give a message (without exiting) > >Could not create semaphore set: No space left on device > > at /usr/local/sbin/sshit line 322 > > Every time it gets stopped by CTRL-C it leaves the shared memory > > behind, allocated. > > Have a look at ipcs and ipcrm, which will save you the reboots. > > > A side issue is that sshit will only filter rapid fire attacks, but I > > am also seeing 'slow fire' attacks, where an IP is repeated every 2 > > or 3 hours, but there seem to be a network of attackers because the > > name sequence is kept up across many incoming IP's. Is there any > > script for countering these attacks? > > If not I'll write one I think. > > My approach: > http://www.potentialtech.com/cms/node/16 I use denyhosts which adds the IP to a file called hosts_deny.ssh. It will keep the IP for however many days you set it for so a repeat even hours later will just get bounced. -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://people.freebsd.org/~beech X - NO Word docs in e-mail | Skype: akbeech / \ - http://www.FreeBSD.org/releases/7.0R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
