Re: bpf dhcp
* Justin Mitchell [EMAIL PROTECTED] [020827 11:34]: Hiya. I have to have bpf compiled into my kernel b/c our network uses dhcp. Is there any way to reduce the security consequences of having bpf compiled in while still maintaining dhcp connectivity? Is it a problem if the device is only accessible by root? -- Rasputin :: Jack of All Trades - Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
killing sendmail on boot
Right, what do I need to specify in rc.conf to stop sendmail completely? I have: sendmail_enable=NONE # Run the sendmail inbound daemon (YES/NO). #sendmail_outbound_enable=NO # Dequeue stuck mail (YES/NO). #sendmail_msp_queue_enable=NO # Dequeue stuck clientmqueue mail (YES/NO). #sendmail_submit_enable=NO# Start a localhost-only MTA for mail submission Do I need to uncomment anything else? This is a buttload of noise for a service I don't have installed (not that I want to resurrect *that* thread). -- Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: port forward only account?
* Dmitry Morozovsky [EMAIL PROTECTED] [020414 18:41]: On Fri, 12 Apr 2002, Rasputin wrote: R ssh port forward to localhost on his box from certain IPs, but R not to have a shell. R What's a suitable shell? It should be able to hold a session open, R but not do anything else. /bin/cat ? ;-) R First thought is something like: R fwder:*:1002:1002:SSH port forwarder:/home/fwder:/usr/games/worms nice idea ;-))) BTW, it *will* close the session after work eat himself ot wall ;-) No that's worm(6) - I meant worms(6). I've gone for that,since the squiggly lines help remind people they're using the box, and look perty. Hardcoded the delay to a sutiably large value (to lower CPU use), and installed it to /bin/wormsh :) Thanks for the tips. -- Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Status, USB/Olympus E-10
* Nick Hibma [EMAIL PROTECTED] [020415 08:48]: Running with a debug kernel should be no problem and not much slower than running with a production kernel. I thought the '-g' flag created two kernels, kernel and kernel.debug. I've always found I can run with kernel, then just pass kernel.debug to 'gdb -k' after a panic/reboot (see below). The only problem is that the machine no longer can be used in unattended mode as it drops into the debugger on panic. options DDB_UNATTENDED # reboot after panics is fine for me (so long as savecore is enabled and you have enough swap). Mr Lucas (he of blackhelicopter fame) did a good howto at: http://www.onlamp.com/lpt/a//bsd/2002/04/04/Big_Scary_Daemons.html (that's part 2 - part 1 is linked from there) (Not for Nicks benefit, I just thought it explained stuff well in case anyone else on the list in unsure how to do this). -- Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
port forward only account?
Bit of an odd one this - I have users I want to allow to ssh port forward to localhost on his box from certain IPs, but not to have a shell. What's a suitable shell? It should be able to hold a session open, but not do anything else. First thought is something like: fwder:*:1002:1002:SSH port forwarder:/home/fwder:/usr/games/worms -- Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: device changes
On Tue, 12 Mar 2002, Jeffrey J. Libman wrote: i upgraded my web server from fbsd 4.3 to 4.5 (stable): i think there were maybe some /dev changes? i'm seeing log entries like the following: Mar 12 00:03:18 binnacle /kernel: ad0: WRITE command timeout tag=0 serv=0 - resetting Mar 12 00:03:18 binnacle /kernel: ata0: resetting devices .. ata0-master: DMA limited to UDMA33, non-ATA66 compliant cable can i get an explanation? and maybe pointer to any action i should be taking? Well, the obvious question is : does the cable support ATA66? -- When I was a boy I was told that anybody could become President. Now I'm beginning to believe it. -- Clarence Darrow Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Recent STABLE build killed compiler?
* Callum M. Duncan [EMAIL PROTECTED] [020314 02:51]: It appears that a recent build of STABLE killed my ability to compile things. :-( Now when I attempt to compile _anything_ I get cc: Internal compiler error: program cc1 got fatal signal 11 everything in ports...) Do you have CPUTYPE set? I got this one when I used CPUTYPE=k6-2 Since then CPUTYPE=k6 has been fine. Backing out a broken world/compiler can be - interesting, but you can normally do it if you know someone who you can scp virgin binaries off (assuming you have a working scp). It should be possible to restore broken binaries from CD too. -- If you can survive death, you can probably survive anything. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: bizarre hanging at root mount
* rob [EMAIL PROTECTED] [020313 00:33]: I have a Sony Vaio FX290. I know that hanging at the root mount in not uncommon. What is bizarre is that my laptop was running -stable and a make world was done not too long ago. It never hung. Then I crashed my system (due to my own stupidity) and had to reinstall 4.5. The iso disks would all hang at the root mount. Then I took a freshly cvsup'd source from my other machine and installed it in the laptop after booting from a 4.1 iso. After makeworld it hung also at the root mount. I was very fortunate to find in the list archives the magic commands that I put into loader.conf: hw.pcic.intr_path=1 hw.pcic.irq=0 Now it boots OK, but I still can't figure out why I didn't need this before? Rob. This is a PCMCIA harddrive is it? Possibly that's the reason? -- I'm prepared for all emergencies but totally unprepared for everyday life. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: changes to wi ?
In message: 02dd01c1c647$06a52b30$0feba8c0@sphynx James Satterfield [EMAIL PROTECTED] writes: : FYI - An upgrade of the firmware does not appear to resolve this. What did you upgrade from? I believe it was at 7.52 before the 8.10 update. Also, this is an Orinoco 11MBit Gold card in a Linksys WDT11 PCI adapter. James. Is this really supposed to be firmware related? Although it doesn't break anything per se, it certainly makes a mess of dmesg and /var/log/messages. Did anything fucntional change in wi , or is this just extra debugging information? If so, any chance we could have a sysctl to turn the output off? NetBSD-CURRENT doesn't show the same behaviour, so I don't think it's directly related to compatibility changes Warner made... -- Law of the Perversity of Nature: You cannot successfully determine beforehand which side of the bread to butter. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: usb printer support broken?
* Kent Stewart [EMAIL PROTECTED] [020228 04:29]: Ceri wrote: On Wed, Feb 27, 2002 at 10:14:28PM -0600, Mike Meyer wrote: On a system cvsupped three days ago, trying to print to the USB system reliably generates a page fault panic on an otherwise reliable system. I know there was some problems with renaming USB structures in the week before that. Could this be related? Anyone else seeing such panics, or do I need to install a debugging version of the kernel and chase it down. I'm getting them too. I'd like to see the changes backed out for the time being. Have you tried his next patch set at http://www.josef-k.net/misc/ You store it in /usr/src and gunzip it and patch the_patch. I'm still getting the core dumps accessing uplt that I got a few weeks back. That's on latest STABLE, with or without Joes patches. With the patchset, the kernel hung while initialising the card. AFAICT, the lpt coredump problem is related to the STABLE changes only, so maybe a rollback would be feasible. I was having trouble with ulpt and STABLE before any of the recent commits, so I'm more than happy to test patches, whether or not they're in the tree. Not being more than an enthusiastic user, it's not my call, is it? -- Pure drivel tends to drive ordinary drivel off the TV screen. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: running securelevel 2 and X
* Randy Kunkee [EMAIL PROTECTED] [020228 01:17]: I just upgraded to 4.5-stable and it reset my securelevel to 2 and enabled. Of course, X would not come up, x86OpenConsole failed with this KDENABIO error. The documentation I found on this suggests two solutions, both of which advise using XDM. First, running XDM from /etc/ttys, did not work, producing the same error. The second one, running as a full daemon from /usr/local/etc/rc.d does work, as long as I add a short sleep to give XDM time to start before securelevel is changed by init after finishing the startup scripts. The downside of this is that if I ever abort XDM for some reason, I won't be able to restart it, nor will I be able to start X directly (and playing with XDM is enough fun in itself anyway). No, the idea behind running XDM is that if that opens /dev/io before the securelevel is raised, it will be allowed to keep it open. Since xdm only starts once, you don't have trouble getting into an X session once you log out like you would using startx. Perhaps I have a conflict of interest. I want to run X and be secure. Is running X such a big gaping security hole that I'm left with my current solution (to restart X, I must reboot!)? In a word, yes. X needed direct access to /dev/io last time I looked. Is there no reasonable change that could be made to the OS to grant access to let the X server do its thing (ie. allow running startx) without disarming the securelevel feature completely? There was a patch out about a year ago to use the 'aperture driver', which basically opens a hole for X to squirt through. Search the lists, not sure if it would apply to STABLE cleanly. -- Be braver -- you can't cross a chasm in two small jumps. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: USB Epson printers?
* Nick Sayer [EMAIL PROTECTED] [020213 16:05]: I have a Photo 870 that has worked since at least 4.2-RELEASE. It shows up under ulpt and works exactly as you might expect. Rasputin wrote: (If it's relevant, I'm trying to get cups to use it, and it doesn't offer USB as an available backend - no sign of ulpt0 in dmesg either - though maybe rebooting would op it up?) This should not be required. Are you running usbd? If not, then that's why devices don't show up unless you boot with them in. usbd_enable=YES in rc.conf. As I said, when I plug it on, although I can use a Logitech wireless USB mouse prefectly well. so usbd is a happy bunny - I'm going to try kldloading ugen, and reinserting - if that pops up, I'll start hacking in usbdevs source. Since uplt isn't well documented, I just wanted to check it works. Thanks. -- Anyone can hold the helm when the sea is calm. -- Publius Syrus Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
rasputin@submonkey.net: Re: HTTP_PROXY from /etc/make.conf?
Date: Thu, 7 Feb 2002 15:54:33 + From: Rasputin [EMAIL PROTECTED] To: Alan Clegg [EMAIL PROTECTED] Subject: Re: HTTP_PROXY from /etc/make.conf? Reply-To: Rasputin [EMAIL PROTECTED] * Alan Clegg [EMAIL PROTECTED] [020207 14:15]: Unless the network is lying to me again, Nora Etukudo said: I've a Squid-Proxy here and it works not, if I set 'ftp_proxy' too. With 'http_proxy' only, the 'fetch' works for both 'ftp://'- and 'http://'- urls. As a followup to this, does anyone think that it might be feasable for the ports and/or system make files to set HTTP_PROXY from /etc/make.conf? I have a number of systems on which this would allow me to 'fire-and-forget' when doing updates... ;-) If you set it in /etc/profile, fetch will use it. Either that or my cablemodem can do 2Mb/sec all of a sudden. Incidentally, squid is a http_proxy, not an ftp_proxy - fetch knows how to tunnel ftp over http (which squid supports by default), if its given a http_proxy URL. Mozilla/Netscape groks this too (which is why you set ftp proxy separately in its preferences). That's why it breaks if you try setting ftp_proxy. -- Know thyself. If you need help, call the C.I.A. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: autotuning kernel vars
* Daniel Lang [EMAIL PROTECTED] [020205 13:15]: I've just built a new kernel for a just upgraded box to 4.5-STABLE. I've included NMBCLUSTERS=0 and NBUF=0 to try the auto-sizing feature as documented in LINT LINT also says if they're unset it will autosize them. real memory = 1610596352 (1572848K bytes) Physical memory chunk(s): 0x1000 - 0x0009efff, 647168 bytes (158 pages) 0x003a1000 - 0x5fff3fff, 1606758400 bytes (392275 pages) kmem_suballoc: bad status return of 1. panic: kmem_suballoc Now, what I remember it may have to do with some of the tunings failing. I also have maxusers=512 (but this caused no problems until now). maxusers will autoscale too - and that works. Maybe there's some kind of conflict between the 3 tweakables that's making the kernal a sad panda? My advice would be to unset all 3 (set maxusers=0 if you insist), and report the bugs in LINT. -- Quigley's Law: Whoever has any authority over you, no matter how small, will atttempt to use it. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: what's vnlru?
* Matthew Dillon [EMAIL PROTECTED] [020116 01:10]: vnlru is responsible for flushing and freeing vnodes when you hit the kern.maxvnodes limit. The history of this is: 4.4 and earlier vnodes were only freed if they had no cached pages. This could lead to a vnode blowout on machines with large amounts of ram accessing lots of small files. (the kern.maxvnodes limit was essentially ignored) 4.4-stableI introduced code to flush/reuse vnodes on the fly, but this lead to possible locking deadlocks. 4.5-* Peter introduced a separate kernel thread to deal with vnode flushing issues, 'vnlru', in order to fix the possible locking deadlocks. The on-the-fly code was changed to only be called from the kernel thread. This kernel thread will generally not be very active, even on a heavily loaded system. You have to have a lot of ram and be accessing tens of thousands of tiny files to activate the thread. Thansk for the overview - it's not a performance issue, I just checked another fairly recent (4.5 pre) BSD box and didn't see it, so thought I'd better check it out. [ Is this the sort of thing that should go into UPDATING? ] Thanks to all ! -- Learned men are the cisterns of knowledge, not the fountainheads. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Moz on FreeBSD [was: linux-base 6.2 vs linux-base 7]
* Michael Gratton [EMAIL PROTECTED] [011126 01:05]: Jochem Kossen wrote: As for java...does THAT work with mozilla on FreeBSD? HOW? :) The FreeBSD Java team is working on that right now, over on the FreeBSD Java list. Latest news is that the native 1.3 JDK is compiling with the Plugin and Moz is loading it, but it is getting jammed somewhere in AWT-land. Joy. In the meantime, if you need a non-netscape java plugin, the linux mozilla milestones under the Linuxulator works pretty well. (shockwave and realplayer run well too) just install it, go to a page that uses Java, and let Mozilla install its own (Linux) JRE. -- Everybody wants to go to heaven, but nobody wants to die. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: langinfo.h doesn't exist on my system
* Claude Buisson [EMAIL PROTECTED] [011109 14:45]: On Fri, 9 Nov 2001, setantae wrote: On Fri, Nov 09, 2001 at 02:59:25PM +0100, Claude Buisson wrote: Which surely means that the www/mozilla port won't build on -stable, which means that lots of other people should be complaining about the same thing. What are you talking about ? I am now running Mozilla 0.9.5 (after 0.9.4) built from port on a -stable system. Never had such a problem. It's quite clear. Mozilla will not build without langinfo.h, and that file is not part of stable. I thought I'd explained it quite clearly. It's quite clear. /usr/ports/www/mozilla build without problem on a -stable system. I am using it !!! When did you build it, though? Remember stable is a moving target. -- By trying, we can easily learn to endure adversity -- another man's, I mean. -- Mark Twain Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: SSH Problem
* Kevin Oberman [EMAIL PROTECTED] [011003 08:50]: Date: Tue, 2 Oct 2001 22:54:22 -0400 From: parv [EMAIL PROTECTED] this was, on the fateful occasion around Oct 02 21:07 -0400, sent by Kevin Oberman It does not distribute 2.3 with either stable or current. It was included (with security patches) in 4.4-release. From 4.4-stable: ssh -V OpenSSH_2.9 FreeBSD localisations 20010713, SSH protocols 1.5/2.0, OpenSSL 0x0090601f really? i get... SSH Version OpenSSH_2.3.0 FreeBSD localisations 20010713, protocol versions 1.5/2.0. Compiled with SSL (0x0090601f). ...i cvusp'd sources on sep 21 2001 6.30.41 utc. when did you build your world? cvsuped on Sat. the 29th. I got a fresh /usr/src from cvsup.uk.freebsd.org yesterday afternoon: rasputin@shikima rasputin]$ls -l `which ssh` -r-xr-xr-x 2 root wheel 199064 Oct 2 16:25 /usr/bin/ssh rasputin@shikima rasputin]$uname -a snip FreeBSD 4.4-STABLE #0: Tue Oct 2 15:42:36 BST 2001 \ rasputin@s hikima.mine.nu:/usr/obj/devel/src/sys/SHIKIMA i386 rasputin@shikima rasputin]$ssh -V OpenSSH_2.9 FreeBSD localisations 20010713, SSH protocols 1.5/2.0, OpenSSL 0x0090601f Are the mirrors up to date? -- [Sir Stafford Cripps] has all the virtues I dislike and none of the vices I admire. -- Winston Churchill Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: portmapper flags?
* Jose Marques [EMAIL PROTECTED] [010829 18:33]: On Tue, 28 Aug 2001, Rasputin wrote: Am I missing something here? From the portmap man page: Note: that when specifying ip addresses with -h, portmap will automatically add 127.0.0.1 to the list so you don't have to. So I guess if you say -h 127.0.0.1 then it adds 127.0.0.1 to the list, therfore that address appears twice, hence the error? If so I think this is a bug as it prevents one from telling portmap to listen on lo0 interface only Do you know, I actually bit the bullet and read the portmapper code for this, and it looked like that down there too. Cheers - wow, this might be my first patch! (useful if one uses wordperfect for Linux from the ports - which needs portmap running otherwise it hangs on start-up). fam is another one - I was trying to get enlightenment 0.17 to run from CVS code (and I would have gotten away with too, if it wasn't for those pesky RPC processes) Note: portmap pays attention to the contents of the /etc/hosts.allow file so one could restrict access that way. Good plan. It's firewalled off anyway, but listening on remote sockets makes me twitchy. -- If God is dead, who will save the Queen? Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: question on BSD tweaks (daemonnews article)
* j mckitrick [EMAIL PROTECTED] [010801 14:17]: In the article in Daemonnews on tuning a BSD box for high performance, there were 2 miscellaneous tweaks mentioned. One was partition layout, and the other was turning on 'noatime' for most of the partitions. What partition layout strategies are suggested for servers? For workstations? I have noatime turned on for my root partition. What other partitions can use this setting for servers? And for workstations? Does it have any downside? I think 'man tuning' says that noatime can mess up applications that use the modification time in their logic. (I wouldn't put it on /var, but that's mainly superstition) -- Turnaucka's Law: The attention span of a computer is only as long as its electrical cord. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Benchmarks from SysAdmin mag
* Paul [EMAIL PROTECTED] [010712 23:23]: Once upon a time, Matt Dillon [EMAIL PROTECTED] scribed: In anycase, the results prove our point rather succinctly. Unfortunately, it proves our point to us daemonites mostly, and is probably still lost on the average sysadminmag reader... ah well :) Well, at least they know now if they badmouth BSD they're going to get mailbombed :) -- When more and more people are thrown out of work, unemployment results. -- Calvin Coolidge Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: ipfilter Module Breakage (Was: IPFirewall Module Breakage)
* Andrew Boothman [EMAIL PROTECTED] [010713 00:09]: Replying to my own message, the subject of this message should have course have been _ipfilter_ Module Breakage. === ipfilter Search the archives of this mailing list, about a month ago. ipf moved oin the base system and borke stable for a little while (few hours ). I thought it was only temporary and another cvsup would fix it, but if you have a fresh /usr/src that sounds unlikely...? -- Carmel, New York, has an ordinance forbidding men to wear coats and trousers that don't match. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: CPUTYPE on k6-en problems?
* Kris Kennaway [EMAIL PROTECTED] [010704 21:07]: On Wed, Jul 04, 2001 at 11:25:32AM +0100, Rasputin wrote: I built world over the weekend and since then I'm getting major problems in using my STABLE box. login, sh and bash are all dumping smelly core files all over the disk, and the box itself finally gets bored and reboots after 20 minutes of this kind of nonsense. Well, the obvious thing to do is try making world (not just replacing a few binaries; the problem might be elsewhere) without the CPUTYPE setting and see if it persists. Oh sure, the snag with that is the whole compiler setup is one of the things that's breaking :) Anyhoo, after a lng night I seem to be back up(touch wood), so I think I'll steer clear of funky compiler flags for a while. Thanks. -- These are the propulsion systems used by NASA for the moonshots, said Tom apologetically. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: RELENG_4 - RELENG_4_3
* Jason Stephenson [EMAIL PROTECTED] [010703 15:20]: Over the weekend, I went from RELENG_4 to RELENG_4_3, but I did by wiping my system partitions (/, /usr, /var) and reinstalling 4.3 from CD-ROM. Then, I cvsup'd to RELENG_4_3 and the latest ports. I finally reinstalled everything that I need from ports. I thought of doing it with a cvsup and decided that the easiest thing for me would just be the course I followed above. That sounds a bit drastic to me. If you're going ot tw*t the install anyway, why not try a cvsup? I havent had any trouble going back and forth from 4.0 - 4.3, so although I can't guarantee it'll work, chances are it will. From what I've seen in the past with using cvsup and cvs in similar situations, backing out broken changes from checked out sources, you should be able to do what you want with no problems. Make sure that you remember to run mergemaster after doing the make installworld. This will guarantee that you get the right devices and configuration files. You'll probably want to install the new versions of any files it asks you about and go back and edit them by hand, or replace them from back ups, with your local changes. Or use the merge option - that's what it's for :) -- VMS is like a nightmare about RSX-11M. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
filtering syslog by remote host?
Hi there - wondered if BSD's native syslog could filter events based on the orginating host? man syslog.conf seems to indicate it can, but I can't get it working. (Most online resources refer to syslog-ng, but I'm hoping to do it with the base system if possible) Does anyone have a working config they could post? Thanks a lot. -- I predict that today will be remembered until tomorrow! Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: random make crashes
* Steven Farmer [EMAIL PROTECTED] [010523 15:22]: Rasputin == Rasputin [EMAIL PROTECTED] writes: Rasputin Is this ropey RAM , or something else? (World built may Rasputin 1st) I have this problem with make when -march=pentiumpro is added to CFLAGS. You might try adding NO_CPU_CFLAGS=true to /etc/make.conf and rebuild make. This fixed the problem for me, at which point I also added NO_CPU_COPTFLAGS=true to make.conf and rebuilt everything. Nice thought, I tried it just after posting, didn't change a thing. I really do think it's make-related, rather than the compiler. even 'make fetch' and 'make clean' dump core, and they don't touch the compiler. I'm going to try running the compiler by hand, see if it still falls over. Reinstallnig make and ldconfig haven't fixed it, maybe rebuilding libc will? (I'll unset CPUTYPE first I think just to be safe) -- If the code and the comments disagree, then both are probably wrong. -- Norm Schryer Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: random make crashes
* Rasputin [EMAIL PROTECTED] [010523 15:51]: * Steven Farmer [EMAIL PROTECTED] [010523 15:22]: Rasputin == Rasputin [EMAIL PROTECTED] writes: Rasputin Is this ropey RAM , or something else? (World built may Rasputin 1st) I have this problem with make when -march=pentiumpro is added to CFLAGS. You might try adding NO_CPU_CFLAGS=true to /etc/make.conf and rebuild make. This fixed the problem for me, at which point I also added NO_CPU_COPTFLAGS=true to make.conf and rebuilt everything. Nice thought, I tried it just after posting, didn't change a thing. Don't want to tempt fate, but I think it's sorted. Although I'd unset CPUTYPE, the make binary was built with those settings. (k6) scp'ing /usr/bin/make from a friend's server seems to have fixed it (touch wood) In which case I owe you a pint Steven. What's your teleporter number, I'll fax it over? If that's the case, then it looks like CPUTYPE did break make, at least for some of us. Anyone know who manages CPUTYPE settings? -- If two wrongs don't make a right, try three. -- Laurence J. Peter Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Still having problems with the jdk12beta port
* Robert Hellwig [EMAIL PROTECTED] [010504 16:40]: Hi there, I don't think that I downloaded the wrong one. There are three src' to download... one tar ball and two zip's... 1. jdk1_2_2-src.tar.gz 2. jdk1_2_2-L-src-linux-09_Mar.zip 3. jdk1_2_2-src.zip And I use nr 1. . I think that the zip contains the Win src's or not??? blank Wierd. I only built jdk12 a fortnight ago, and it was fine. You're the second person to mention problems to me in the past few days. Maybe Sun changed the tarball? (It looks like you work for them; any way you can check?) -- He is now rising from affluence to poverty. -- Mark Twain Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: secure-supfile ?
* Vincent D Murphy [EMAIL PROTECTED] [010427 12:31]: Parsing supfile /usr/share/examples/cvsup/secure-supfile Cannot open /usr/share/examples/cvsup/secure-supfile: No such file or directory anybody have a clue what's going on here? am i using a dodgy Makefile? Does this file exist? It's a bit odd that it reads it twice. cvsup -g -L 2 /path/to/supfile will work. -- There is no reason for any individual to have a computer in their home. -- Ken Olson, President of DEC, World Future Society Convention, 1977 Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: What's happened with kernel option ATA_ENABLE_ATAPI_DMA?
* Ilya Martynov [EMAIL PROTECTED] [010425 13:49]: I'm trying to upgrade to 4.3-STABLE and I've found that my kernel doesn't want to build because its config has wrong option ATA_ENABLE_ATAPI_DMA. Have been this option removed in 4.3? I did not found anything related neither in /usr/src/UPDATING, in release notes or in mailist search results. it's been replaced. 'man 4 ata' gives details. P.S. I this option was removed then handbook should be updated. This option is still mentioned in it: http://www.freebsd.org/doc/en_US.ISO_8859-1/books/handbook/kernelconfig-config.html Either 'man send-pr' or see if there's an e-mail address to contact for handbook updates. -- Malek's Law: Any simple idea will be worded in the most complicated way. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
[rara.rasputin@virgin.net: Re: ipfw and quake games]
On 2001.04.22 00:56 Brent wrote: I have a 4.1 FBSD running NAT IPFW acting as a gateway machine for my internal network...i have the kernel to deny by default..all seems to be working good...ive opened up what ports i needalthough i cant seem to get quake ports to open ..the clients are using gamespy ..im not sure if it uses a particular port...but q2 q3 i think use udp 27910 and 27960 If your firewall does logging, you shouldn't have to guess what ports are used. Fire up Quake. tail -f your firewall logfile on the server. See what ports the outbound packets are addressed to, and set them up to keep state. -- When you are in it up to your ears, keep your mouth shut. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: Games on FreeBSD
* Kal Torak [EMAIL PROTECTED] [010412 06:02]: WINE has DirectX support now I think, its quite possible to play Half-Life under WINE on FreeBSD... /me prick up ears as though some just mentioned free beer You don't have a working ~/.wine/config for that, by any chance? -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Spontaneous reboot, no panic. Recovering from a crash.
* fury [EMAIL PROTECTED] [010405 06:28]: No it was NOT a hardware issue unlike many ppl stated, fact is, I have never figured it out. Then how do you know it wasn't hardware? I'm not saying you're wrong, fury, and I can see you're more than a bit pissed off, but in the vast majority of cases it *does* turn out to be hardware. I had similar problems to The Anarcat about a month ago, (spontaneous reboots under fairly high load - make -j4 buildworld etc) and couldn't get a fix here except for 'bad RAM/CPU/mobo' No kernel errors, CVSupped at least once a week, no difference. Decided to put up with it until I could upgrade the box, fitted a new CPU and 4X the RAM. It was only then that I noticed that my second SIMM was only half in the slot. Which meant that the minute BSD tried to use the last 8Mb of that SIMM, I'd get a reboot. I really don't know how to put this, but since we're in a code freeze and I'm running stable, if a few people witness this behavior, well... And that was my question too. All I can say to help is that 4-3-RC0 (built on April Fools Day) is running a treat now. FreeBSD shall.anarcat.yi.org 4.3-BETA FreeBSD 4.3-BETA #2: Wed Mar 14 18:50:48 EST 2001 root@:/usr/obj/usr/src/sys/SHALL i386 A few minutes ago, I was doing a few things at the same time on my machine. I was doing a make install clean in sysutils/[gcombust|gtoaster|xcdroast], copying /mnt/cdr to ~/cdr, and opening a ssh session to my shell account. Before I could get to a password prompt on the shell account, I didn't even had time to realize what's going on that my computer beeped and was back to the BIOS POST startup procedure. nods Shikima usually did it when I was on the wrong end of an SSH session. I had so much scrapped files that I interrupted the process at some point to restart it with "fsck -y". Things like UNREF DIR, LINK COUNT DIR, UNREF FILE, and all sort of evil warnings of the kind. That was a big worry too - didn't lose any data here though. Do you run softupdates? Might be worth enabling them until you get this fixed; I didn't really notice the overhead on a P133/32Mb. The "crash" has somehow been recorded in wtmp. last says: anarcat ttyp1:0 Mer 4 avr 23:45 - 23:47 (00:01) reboot ~ Mer 4 avr 23:43 anarcat ttyp4:1 Mer 4 avr 23:26 - crash (00:17) apocalypse. That's interesting. I never managed to find any log evidence that a crash had happened. Don't do as daddy does, boys and girls. Do backups. Often. You never know when the shit'll the fan. :) I(n my experience, it's the day before you make a monthly backup :^] -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Disklabel 101?
Is there a decent walkthrough anywhere on the Net for using disklabel, fdisk , etc - along with an explanation of what a,c etc all mean? man disklabel etc all assume you know what those letters mean. I know c is the whole partition, but that's it. I need to know because: PHYSICAL-EXTENDED---PHYSICAL ad0s1ad0s5ad0s6 ad0s3 -winXX---msdos-Slackware---BSD | 2Gb| 1.5Gb | 2Gb | / | swap | /usr | /var | ^ | I have an old Slackware partition that has FUBARed itself so throuoghly that it can't even be mounted. (Actually there were about 3 partitions in there, but they're lost now) It's in the second logical partition in an extended DOS partition on my second physical partition (dev/ad0s6 in FreeBSD) There's a Gb of data in ad0s5 (which is fine). BSD dumps ad0s6 altogether when it boots; and fdisk from a boot CD says something along the lines of: "Second slice extended past end of disk" or similar (box is offline today, so I can't check right now) This concerns me; if I try to fdisk/newfs ad0s2 (assuming I could see it), I risk losing ad0s3, which is the only bit of the disk I really want to keep. I assume/hope that if I blow away the extended partition entirely, I can just recreate it. But I don't really know what it's called? Is it ad0s2? And won't I need to let BSD know where / has moved to? What I'd really like is some advice from anyone who knows this stuff. But I'm surprised the Handbook doesn't go into a lot of detail on this, since dual-boot systems are fairly common amongst cheapskates like me. If I can free up that 2Gb, maybe I'll have space for the docproj port... :) -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: ipf idiot wants to roam
* Mike Harding [EMAIL PROTECTED] [010325 20:06]: You can specify interfaces by name in your rules - but you have to issue 'ipf -y' to sync up with interface address changes. I've done this with a dial-up line by putting 'ipf -y' in /etc/rc.network at the end of pass 1. This file should be updated in the distribution so that this happens automatically or ppp users may not see any packet filtering! Well I've been using ipf on a dialup for a year now, and don't have an ipf -y anywhere in my config files. Maybe it's because I use tun0 demand-dialling? Or is the manpage (man 1 ipf) correct? -y (SOLARIS 2 ONLY) Manually resync the in-kernel ^^^ interface list maintained by IP Filter with the current interface status list. Either the manpage or the ppp linkup fiels should be modified, I reckon. -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
IPF and IPv6
Afternoon people, just wondered if anyone was using ipf with 6-to-4 tunneling (a la freenet6.net)? I'm on a dialup (using gifconfig to build a tunnel through tun0), so there are no IPs mentioned in the ruleset, apart from the usual RFC1918 suspects. If I ping6 outbound to www.normos.org, the returned packets are blocked as though 'keep state' was doing nothing. Turning off ipf starts the traffic flowing instantly, so it's definitely the cause, as does: 'pass in on tun0 from any to any proto ipv6' but 'pass out on tun0 from any to any proto icmp keep state keep frags' doesn't help, and 'pass out on tun0 from any to any proto ipv6 keep state keep frags' gives an error, saying state only works for tcp/udp/icmp. But surely these *are* ICMP packets? So I reckon either: a) IPF can't tell that sessions going out of gif0 come back through tun0 (unlikely) or b) IPv6 support in FreeBSD isn't as full-on as I thought or c) I need a thwack with the cluestick. I don't particularly want to spam you all with my ruleset, but if anyone has got this working, please let me know how you did it. Cheers. -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Anyone else seeing this?
CVSupped 4-X-STABLE on Saturday, build world and kernel and rebooted, and the new kernel couldn't see the IDE drive at all. Error message? Um, it was the 'trying to fall back to PIO one' that was all the rage a couple of months ago. (Yeah, I know. This was around 2.30 am, so I was too knackered to grab dmesg output.) Anyway, the old kernel boots fine, so I'm still up and running, but I wondered if anyone else had seen a problem. I'll leave it for a week or so then try again, if no joy I'll send a PR. Incidentally, would anyone know an easy way of finding out what code has changed in the ata drivers since Christmas - other than mailing Soren of course :) -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Anyone else seeing this?
On Mon, Jan 15, 2001 at 05:34:12AM -0500, Mike Tancsa wrote: At 10:07 AM 1/15/2001 +, Rasputin wrote: Incidentally, would anyone know an easy way of finding out what code has changed in the ata drivers since Christmas - other than mailing Soren of course :) http://www.freebsd.org/cgi/cvsweb.cgi/ will show you what has been committed. ---Mike Thanks Mike, think I spotted the change in question (this is an Aladdin mobo, and /sys/dev/ata/ata-all.c says: "Revision 1.50.2.15, Thu Jan 4 09:08:56 2001 UTC (11 days, 2 hours ago) by sos Branch: RELENG_4 Changes since 1.50.2.14: +5 -2 lines MFC: Proberly back down DMA modes on the Acer Aladdin." ) I take it from RELENG_4 that this is the STABLE tree, yes? -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: httpd could not be started
On Mon, Nov 27, 2000 at 11:55:47PM -0500, Nader Turki wrote: Hi there, I just upgraded from FreeBSD 4.1.1-STABLE to FreeBSD 4.2-STABLE. I can't start apache anymore. something is wrong and i hope you guys can help me. [root@shadow]:/usr/home/dark# /usr/local/sbin/apachectl startssl Syntax error on line 54 of /usr/local/etc/apache/apache.conf: Cannot load /usr/local/libexec/apache/libssl.so into server: /usr/local/libexec/apache/libssl.so: Undefined symbol "sk_X509_NAME_value" Try recompiling mod_ssl - I know that's non-trivial if you run a live site under it. Looks like something changed that broke ssl? Which is quite odd - ssh still works OK for me (4.0-4.2) -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Netscape/Linux on FreeBSD an other horrors ...
On Wed, Sep 13, 2000 at 01:12:22PM -0700, Kris Kennaway wrote: On Wed, Sep 13, 2000 at 11:48:13AM +0100, Rasputin wrote: When Sun got tired of waiting for Netscape to release a 1.2 JVM, they released a plug-in to allow Netscape to call an external JVM to handle applets. Will Mozilla take this approach? Why are you asking FreeBSD developers about Mozilla code plans? :-) Kris Oops, wring thread, I wanted : "10 ways Netscape sucks" :) -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message