On Thu, Jun 20, 2002 at 11:58:10PM -0700, Terry Lambert wrote:
...
> > in fact there is an ipfw rule which does just this:
> >
> > ipfw add allow ip from any to any limit src-addr 5
> >
> > and here you go...
>
> Can this be done per port? THis is what both the FTP and the inetd
> modi
Peter J. Blok writes:
> I know this topic has been brought up numerous times. I have 4 IP4 internal
> networks (sf0 .. sf3)
>
> I have a cable modem connection ep0 and a DSL ep1 connection too. I'd like to
> route all traffic from sf0 and sf1 to the DSL connection and the others to
> the cabl
On Thu, Jun 20, 2002 at 07:33:54PM -0700, Frank Mayhar wrote:
> Kris Kennaway wrote:
> > Surely it's easier to just upgrade the apache port, instead of
> > recompiling your kernel and the entire OS.
>
> Not always. (I'm running an old version of Covalent Raven SSL and I'm
> loathe to upgrade. "
Joshua Lee wrote:
> > The way you would deal with this would be to tell Apache that it
> > was an HTTP 1.0 server, since chunking is an HTTP 1.1 feature.
> >
> > The only place this is an issue is if you need to reuse an HTTP
> > connection, and that only occurs in HTTP 1.1 when you are doing
> >
On Thu, Jun 20, 2002 at 01:21:30PM -0700, Julian Elischer wrote:
> I've been considereing this as a fun project. The difficult comes at the
> interface/IP boundary.. we'd need am ng_route node to multiplex
> the packets to the correct output nodes...
Would it be needed to duplicate the whole st
Lamont Granquist wrote:
> > > Cyrus imapd is a real pain in the ass to administer local user accounts
> > > with though.
> >
> > You mean that it doesn't integrate well with the UNIX credentials
> > system. THe issue here is that Cyrus needs to be able to hook
> > create/delete actions on account
On Fri, 21 Jun 2002, Kris Kennaway wrote:
>On Thu, Jun 20, 2002 at 07:33:54PM -0700, Frank Mayhar wrote:
>> Kris Kennaway wrote:
>> > Surely it's easier to just upgrade the apache port, instead of
>> > recompiling your kernel and the entire OS.
>>
>> Not always. (I'm running an old version of Co
On Fri, 21 Jun 2002, Kris Kennaway wrote:
> On Thu, Jun 20, 2002 at 07:33:54PM -0700, Frank Mayhar wrote:
> > Kris Kennaway wrote:
> > > Surely it's easier to just upgrade the apache port, instead of
> > > recompiling your kernel and the entire OS.
> >
> > Not always. (I'm running an old versio
On Fri, Jun 21, 2002 at 02:29:30AM -0400, Joshua Lee wrote:
> On Thu, 20 Jun 2002 19:59:20 -0700
> Terry Lambert <[EMAIL PROTECTED]> wrote:
>
> > Patrick Thomas wrote:
> > > Is it possible to patch/recompile FreeBSD 4.5 in such a way that your
> > > system is no longer vulnerable to the "chunking
I originally posted this to -stable, but as it seems to have stumped
everyone there I thought I'd give you guys a try instead. I'm fairly
certain it's not -STABLE specific anyway.
Since updating my sources on the 17th and upgrading to 4.6-STABLE, I've
encountered a problem with getting my machin
On Fri, 2002-06-21 at 05:25, Terry Lambert wrote:
> Giorgos Keramidas wrote:
> > I've been thinking for quite some time to add per-client-IP limiting
> > to ftpd, and I had almost decided upon something like the following,
> > where each child of ftpd has two numbers associated with it. The
> > c
Hi there.
I would like some clarification with regard to the union filesystem
and mount option.
First - what is the difference in principle between mounting with the
union option (mount -o union) and the union filesystem type
(mount_union)?
Second - is there a way to have more than two filesyste
Poul-Henning Kamp wrote:
>
> I have a bunch of 8" floppies I need to try to recover contents
> from, is there anybody out there who has a 8" drive they'd be willing
> to part with for $$ ?
>
> If it comes with the magic SA800-PC cable it would be just perfect.
>
> Poul-Henning
>
> --
> Poul-H
On 2002-06-20 20:25 +, Terry Lambert wrote:
> Giorgos Keramidas wrote:
> > I've been thinking for quite some time to add per-client-IP limiting
> > to ftpd, and I had almost decided upon something like the following,
> > where each child of ftpd has two numbers associated with it.
>
> Someone
On 2002-06-21 00:35 +, Luigi Rizzo wrote:
> On Thu, Jun 20, 2002 at 11:58:10PM -0700, Terry Lambert wrote:
> > > in fact there is an ipfw rule which does just this:
> > >
> > > ipfw add allow ip from any to any limit src-addr 5
> > >
> > > and here you go...
> >
> > Can this be done pe
On Fri, Jun 21, 2002 at 04:36:26PM +0300, Giorgos Keramidas wrote:
...
> > BTW in terms of implementation efficiency: this limit thing
> > uses the same hash table used by dynamic ipfw rules.
> > There is currently an (arbitrary) limit of a total of 1000
> > dynamic entries in the table, but no re
Hello,
> The main reason I was looking for a userland implementation of this was
> that adding limiting to an FTP server that has an active number of a few
> thousand connections might be a little resource intensive to the kernel
> of the machine. It's probably OK to stay a bit to much within a
Terry makes some very excellent points that I've tested and documented
in "Real Life". Two years ago I did a bunch of extensive testing between
three NFS servers (Sun, FreeBSD, NetApp) and one set of NFS clients
(FreeBSD). Anyone that knows NFS really well would have predicted our
test results
Kris Kennaway wrote:
> On Thu, Jun 20, 2002 at 07:33:54PM -0700, Frank Mayhar wrote:
> > Kris Kennaway wrote:
> > > Surely it's easier to just upgrade the apache port, instead of
> > > recompiling your kernel and the entire OS.
> > Not always. (I'm running an old version of Covalent Raven SSL and
Brandon D. Valentine wrote:
> However, I would ask Frank if there's a particular reason he needs to
> use Covalent Raven SSL. OpenSSL is free, works like gangbusters, and
> comes with FreeBSD. I have a feeling he'd be much happier with it if
> there's not some other reason he cannot move to it.
"Brandon D. Valentine" wrote:
>
> On Thu, 20 Jun 2002, Darren Pilgrim wrote:
>
> >Personally I'm all for courier-imap. IMAP and POP3, Maildirs, SSL, and
> >the ability to access both real and virtual mailboxes.
>
> See my other recent message about the security implications of running
> courie
On Thu, 20 Jun 2002, Terry Lambert wrote:
>
> Basically, that's my short list. There are actually a lot more
> things that could be done in the networking area; there are things
> to do in the routing area, and things to do with RED queueing, and
> things to do with resource tuning, etc., and,
On Fri, 21 Jun 2002, Mark Santcroos wrote:
> On Thu, Jun 20, 2002 at 01:21:30PM -0700, Julian Elischer wrote:
> > I've been considereing this as a fun project. The difficult comes at the
> > interface/IP boundary.. we'd need am ng_route node to multiplex
> > the packets to the correct output n
What none of you has mentioned is the thought I had in mind when I asked
this question, and that is, I have a r&d machine with 16 jails on it, each
running apache.
Therefore in a situation like this it would be _much_ easier to just tune
a sysctl or rebuild the kernel, vs. rebuilding 16 differen
On Fri, Jun 21, 2002 at 08:37:15AM +0200, Mark Santcroos wrote:
> On Thu, Jun 20, 2002 at 01:21:30PM -0700, Julian Elischer wrote:
> > I've been considereing this as a fun project. The difficult comes at the
> > interface/IP boundary.. we'd need am ng_route node to multiplex
> > the packets to th
Hello Conrad;
On Fri, 21 Jun 2002, Conrad Sabatier wrote:
> John,
>
> Please keep us informed as to your progress. I'm sure I'm not the only one
> who would be *very* happy to see your work come to fruition!
it will be very nice to have this work. i am pretty excited about it.
i've wanted to
On Fri, 21 Jun 2002 10:38:21 +0200
Bernd Walter <[EMAIL PROTECTED]> wrote:
> On Fri, Jun 21, 2002 at 02:29:30AM -0400, Joshua Lee wrote:
> > On Thu, 20 Jun 2002 19:59:20 -0700
> > Terry Lambert <[EMAIL PROTECTED]> wrote:
> > > The way you would deal with this would be to tell Apache that it
> > >
On Fri, 21 Jun 2002, Terry Lambert wrote:
> It has functionality that can not be implemented without adding to
> how UNIX does things. Basically, it needs to be able to hook the
> account constructor/destructor.
It's quite simple to integrate Cyrus IMAP with the local system.
Cyrus will by defa
On Thu, 20 Jun 2002, Kip Macy wrote:
[...snip...]
> Maxtor has moved from FreeBSD to the Windows SAK so the newer boxes
> are likely to have full BIOS support (they could not keep any of the
> CDS developers to maintain the FreeBSD code base).
Maybe they all went to work for Quantum. :-)
We hav
Wouter Van Hemel wrote:
> I agree with this... but I think that the reason many people like to do it
> by implementing the limitation in the daemon, is that they can send back
> some kind of reply, stating the reason of the refusal (which is a nice
> thing to do, since so many people are behind pr
I noticed that the SNAP Servers are far better in performance than the
MaxAttach. WinNT/2000 embedded was a nice idea, but its so bloated
I think they screwed it up a bit in its efficiency. BSDI v4.3 and FreeBSD
kernels are more up to the task (I have BSDI whick rocks in its own right).
The min
A test server of mine running a number of jails keeps locking up - but the
odd thing about the lockup is that the userland stops, but the kernel
keeps running
(sockets can be opened, but the servers never respond on them, the machine
still responds to pings, but logs show that all real activity
Julian Elischer wrote:
> On Thu, 20 Jun 2002, Terry Lambert wrote:
> > Basically, that's my short list. There are actually a lot more
> > things that could be done in the networking area; there are things
> > to do in the routing area, and things to do with RED queueing, and
> > things to do with
On Fri, Jun 21, 2002 at 11:04:36AM -0700, Brooks Davis wrote:
> For my purposes, it would need to be seperate so you could copy the
> module and hack in a new TCP without changing the existing one.
I understand, but you won't need to do that for the IP layer in your case.
Other people might have
Joshua Lee wrote:
> > > Mozilla has an option to enable http pipelining as a performance option.
> > > I regularly used this, maybe I shouldn't?
> >
> > It should fallback.
>
> Considering that there's a warning concerning it's use "with some servers"
> maybe it doesn't... Luckily it's not on by
Chris Dillon wrote:
> On Fri, 21 Jun 2002, Terry Lambert wrote:
> > It has functionality that can not be implemented without adding to
> > how UNIX does things. Basically, it needs to be able to hook the
> > account constructor/destructor.
>
> It's quite simple to integrate Cyrus IMAP with the l
Chris Dillon wrote:
> We have some Quantum SNAP Servers which are exactly the same thing as
> the older MaxAttach boxes except with bigger IDE drives, and they're
> still running the custom version of FreeBSD on them. They actually
> perform better than our much heftier Windows NT 4 servers. The
On Fri, 21 Jun 2002, Terry Lambert wrote:
>THat's not the issue. The issue is that some servers claim to be
>1.1 servers, but do not implement pipelining. Older Apache servers
>fall into this category.
I have been using pipelining in Mozilla for many months now without
encountering a single, s
On 2002-06-21 15:12 +, Terry Lambert wrote:
> Someone made the comment about people sitting behind a NAT, so that
> the number of connections from a given IP is actually legitimate
> traffic. This rate limitation is targetted at an attacker.
Actually I was thinking more of ReGet and Godzilla
Giorgos Keramidas wrote:
> On 2002-06-21 15:12 +, Terry Lambert wrote:
> > Someone made the comment about people sitting behind a NAT, so that
> > the number of connections from a given IP is actually legitimate
> > traffic. This rate limitation is targetted at an attacker.
>
> Actually I wa
Terry Lambert wrote:
> Chris Dillon wrote:
> > It's quite simple to integrate Cyrus IMAP with the local system.
> > Cyrus will by default use the system password database for its
> > authentication,
>
> While I appreciate the positive support of Cyrus, I guess I need
> to point out that this appr
On Sat, Jun 22, 2002 at 01:03:34AM +0200, Mark Santcroos wrote:
> On Fri, Jun 21, 2002 at 11:04:36AM -0700, Brooks Davis wrote:
> > For my purposes, it would need to be seperate so you could copy the
> > module and hack in a new TCP without changing the existing one.
>
> I understand, but you won
Hi,
This might be a lame query...but ...
I am trying to create a file from kernel space given
the vnode of the parent directory using VOP_CREATE.
The code is as below.
int make_file(struct vnode *dvp, struct vnode **vpp, struct proc *p, char
*name)
{
struct componentname cnp;
struc
On Fri, 21 Jun 2002, Terry Lambert wrote:
> Chris Dillon wrote:
> > On Fri, 21 Jun 2002, Terry Lambert wrote:
> > > It has functionality that can not be implemented without adding to
> > > how UNIX does things. Basically, it needs to be able to hook the
> > > account constructor/destructor.
> >
On Fri, 21 Jun 2002, Terry Lambert wrote:
> Uh... the version of FreeBSD on the Quantum boxes is probably the
> same version of FreeBSD that was on the InterJets... *cough*.
2.2.something? :-)
Whatever version it is, I'm impressed with how well it works. The
only problem I have with the Quantu
Yes I've had the same problem. One system runs just fine with it's jails,
and another crashes habitually. It has to do with a certain jail (and
services). Our system are set up to be able to move jails between them
(great for backups and near perfect uptime), and a certain set of jails
always hang
46 matches
Mail list logo
