Re: VPNs and FreeBSD
On Tue, 4 Jul 2000, Kris Kennaway wrote: On Sun, 2 Jul 2000, Nick Rogness wrote: On Sun, 2 Jul 2000, Stephen Hocking wrote: Has anyone done this yet? I've just acquired this shiny new cable modem and would like to have secure access to my place of work (even though they're only 10 minutes walk away!) I have done just that with nos-tun and Road Runner service. I That's a Virtual Public Network, then..better not log into your work machines via telnet over that link :-) No, I don't. SSH or die ;-) Yes, that is my definition a VPN tunnel. Encryption should be added after the tunnel's are built, IMHO, and are a added functionality of your existing VPN. That's just my opinion...however, Cisco implements it the same way. Nick Rogness - Speak softly and carry a Gigabit switch. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
lock in kernel
hi all inside kernel (in my syscall) i need to lock some data sturctures. how can i do it? -av To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
latest news concerned crypto stuff
hi, there! do the latest news concerned crypto stuff mean that we can now always have DES in base system? and what's about a possibility to select Crypt Format (DES/MD5/SHA/whatever) per user or per login class? /fjoe To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
NATD errors on 5.0
Hi ... I've started natd on my local machine to translate all packets to the ip of my public interface. If I am on my machine, and I start natd and add the divert rule, (this means I'm trying to connect from my local machine on which I am running the natd to any other machine) I can see the packet leaving my machine, ariving at the destination machine, but NO reply returned, if I ping .. everything seems ok Any ideas what is wrong ??? Reinier To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Default (x86) floating point precision
On Tue, 27 Jun 2000, Steve Kargl wrote: Daniel Eischen wrote: Oddly, this causes problems with GNAT (Ada is a high level language) because it wants/expects 64-bit extended precision. It seems as if GNAT for linux-i386 also uses 64-bit extended precision. The only other GNAT i386 platform that doesn't use 64-bit precision is NT. So is the above comment still valid? Does GNAT use the math library in /usr/lib? I've been testing our math library against UCBTEST, and there appear to be some pecularities. I need to dig deeper to understand all the info produced by UCBTEST. The point of this note is that turning on 64-bit extended precision in GNAT might be compromised by libm.a. Well, some things can easily depend on there being no double rounding to get the correct results. -- Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: UDF (DVD fs)
On Sun, 2 Jul 2000, Soren Schmidt wrote: It seems Julian Elischer wrote: I am working on UDF support. I have at present a program that reads a udf filesystem and am working (today) on making it into an "mtools" like program that allows access to the contents in a useful manner. I will eventually turn this into a (readonly) filesystem, and it is designed with that in mind (it uses a buffer cache etc, like the kernel. (in other words I'm prototyping). I will at some stage also try make a UDF creation module for mkisofs as well. Uhm, the real value of UDF is that it can be used as a "real" rw filesystem on CDRW/DVDRAM media, if this is not implemented the value of having UDF is very limited IMHO Another value of UDF is interoperability with the redmond virii which don't recognize 2.2 GB 9660 file systems. I have to duplicate 4.x GB of mpeg2 files onto 30+ copies of DVD-ram, and being able to do it as UDF instead of having to format UDF on an NT box and copying the files before duping a disk image would save me at least one headache:) --- David To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
i4b: PCBIT PCI card support
Hi there. I have been a Linux user for about 2 years now and I use it mainly at home on my desktop computer to do all the usual stuff Iike programming, office work, whatever comes handy. Until some time ago I had a regular modem dial-up connection to my ISP, which was recently upgraded to a ISDN 64k connection. Along with the ISP ISDN Pack I purchased came a PCBIT PCI TigerJet Tiger300 ISDN card which works perfectly under Linux with ippp and the HiSAX module (loaded with these settings: insmod hisax type=20 protocol=2 id="HiSax"). Just out of pure curiosity, I ordered FreeBSD-4.0 from freebsdmall a couple of weeks ago and it arrived earlier this week. After installing, reading the docs and lots of other stuff, I came to the sad conclusion that i4b does not support my ISDN card. I have tried to change some of the TELES card settings to see if they would pick up on my card (since they both rely on the SIEMENS chip) but to no avail. Does any one know if there is a "working" patch for i4b with support for my card? if not, can you point me to some basic procedure to try and write a driver for the card? Any and all help is appreciated :) thanks in advance. - ekstassy^/dev/null (c) Milton Moura @ [EMAIL PROTECTED] [EMAIL PROTECTED] IT Student Gifted Borderline Genius IQ of 135 Homepage: http://members.xoom.com/miltonmoura/ GITux Project: http://linus.uac.pt/~milton_m/ -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS d- s: a--- C++ UL+++ P+ L+++ E- W++ N+ o+ K- w--- O- M V- PS+ PE Y+ PGP- t 5 X R tv+ b+ DI- D++ G e h! r++ y+ --END GEEK CODE BLOCK-- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
SB Live! versus -stable.
I sent this to stable, to a deafening silence. I'm therefore forwarding
it to hackers as well.
Well, I had three panics from this today (the first was accidental when I
went to a webpage with music attached; the other two were me trying to get
a good dump). I got some info from the dump. The most relevant bits are
that the NMI was at IP 0x280f819a, which isn't in the kernel. I don't know
where this might be, a shared library maybe? (I was running the Linux
Netscape 4.73, if that might help.)
I've attached a disassembly around the faulting instruction, as well as
some other info gleaned from the dump. Cameron, et al, if you want any
other info, please let me know; I'll hang on to the dump as long as
necessary (when you have 36 gig, space isn't a real problem :-).
--
Frank Mayhar [EMAIL PROTECTED] http://www.exit.com/
Exit Consulting http://store.exit.com/
(kgdb) bt
#0 boot (howto=256) at ../../kern/kern_shutdown.c:302
#1 0xc01612f5 in panic (
fmt=0xc02a1660 "RAM parity error, likely hardware failure.")
at ../../kern/kern_shutdown.c:552
#2 0xc0267e8d in isa_nmi (cd=0) at ../../i386/isa/intr_machdep.c:187
#3 0xc025f42f in trap (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = 147577152, tf_esi = 135760192, tf_ebp = -1077937456,
tf_isp = -656769068, tf_ebx = 262144, tf_edx = 135729216,
tf_ecx = 254400, tf_eax = 11816960, tf_trapno = 19, tf_err = 0,
tf_eip = 672104858, tf_cs = 31, tf_eflags = 66054, tf_esp = -1077937560,
tf_ss = 47}) at ../../i386/i386/trap.c:379
#4 0x280f819a in ?? ()
#5 0x8051b67 in ?? ()
#6 0x8054d3a in ?? ()
#7 0x8054e09 in ?? ()
#8 0x804a2cf in ?? ()
#9 0x80495c5 in ?? ()
(kgdb) print /x frame
$1 = {tf_fs = 0x2f, tf_es = 0x2f, tf_ds = 0x2f, tf_edi = 0x8cbd940,
tf_esi = 0x8178940, tf_ebp = 0xbfbffad0, tf_isp = 0xd8da7fd4,
tf_ebx = 0x4, tf_edx = 0x8171040, tf_ecx = 0x3e1c0, tf_eax = 0xb45000,
tf_trapno = 0x13, tf_err = 0x0, tf_eip = 0x280f819a, tf_cs = 0x1f,
tf_eflags = 0x10206, tf_esp = 0xbfbffa68, tf_ss = 0x2f}
0x280f8148: andb $0x4e,%al
0x280f814a: je 0x280f818f
0x280f814d: pushl %ebx
0x280f814e: incl %esp
0x280f814f: cmpb (%eax),%ah
0x280f8151: boundl 0x6f(%ebx),%esp
0x280f8154: jo 0x280f81cf
0x280f8156: pushl %ebx
0x280f8158: subb $0x76,%al
0x280f815a: andb %dh,(%ecx)
0x280f815c: andb %dh,%cs:%ss:(%ecx)
0x280f8160: cmpl %edi,(%ecx)
0x280f8162: das
0x280f8164: xorl %esi,(%ecx)
0x280f8166: das
0x280f8167: xorl %esi,(%edx)
0x280f8169: andb %dh,(%eax)
0x280f816b: xorb %bh,(%edx)
0x280f816d: xorl $0x36303a30,%eax
0x280f8172: andb %ch,0x74(%edx)
0x280f8175: arpl %sp,(%eax)
0x280f8177: incl %ebp
0x280f8178: js 0x280f81ea
0x280f817a: andb %ah,(%eax,%eax,1)
0x280f817d: leal 0x0(%esi),%esi
0x280f8180: pushl %esi
0x280f8181: pushl %edi
0x280f8182: movl 0xc(%esp,1),%edi
0x280f8186: movl 0x10(%esp,1),%esi
0x280f818a: movl 0x14(%esp,1),%ecx
0x280f818e: movl %edi,%eax
0x280f8190: subl %esi,%eax
0x280f8192: cmpl %ecx,%eax
0x280f8194: jb 0x280f81ac
0x280f8196: cld
0x280f8197: shrl $0x2,%ecx
0x280f819a: repz movsl %ds:(%esi),%es:(%edi) -- Faulting instruction.
0x280f819c: movl 0x14(%esp,1),%ecx
0x280f81a0: andl $0x3,%ecx
0x280f81a3: repz movsb %ds:(%esi),%es:(%edi)
0x280f81a5: movl 0xc(%esp,1),%eax
0x280f81a9: popl %edi
0x280f81aa: popl %esi
0x280f81ab: ret
(kgdb) proc 373
(kgdb) bt
#0 mi_switch () at machine/globals.h:119
#1 0xc0163f91 in tsleep (ident=0xc030206c, priority=280,
wmesg=0xc02819e8 "select", timo=8640001) at ../../kern/kern_synch.c:467
#2 0xc016ed28 in select (p=0xd8dd5740, uap=0xd8e18edc)
at ../../kern/sys_generic.c:702
#3 0xc22393dc in ?? ()
#4 0xc22392bb in ?? ()
#5 0xc0260055 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = 146812732, tf_esi = -1077944272, tf_ebp = 1342250056,
tf_isp = -656306220, tf_ebx = 1342250064, tf_edx = 1342250600,
tf_ecx = 148557768, tf_eax = 82, tf_trapno = 12, tf_err = 2,
tf_eip = 143784734, tf_cs = 31, tf_eflags = 582, tf_esp = 1342250052,
tf_ss = 47}) at ../../i386/i386/trap.c:1126
#6 0xc024d7fc in Xint0x80_syscall ()
#7 0x891e5a4 in ?? ()
#8 0x891e7a8 in ?? ()
#9 0x891cd68 in ?? ()
#10 0x891cda7 in ?? ()
#11 0x891ce14 in ?? ()
(kgdb) frame 2
#2 0xc016ed28 in select (p=0xd8dd5740, uap=0xd8e18edc)
at ../../kern/sys_generic.c:702
702 error = tsleep((caddr_t)selwait, PSOCK | PCATCH, "select", timo);
(kgdb) print /x *p
$2 = {p_procq = {tqe_next = 0xd65e9780, tqe_prev = 0xd65e8dc0}, p_list = {
le_next = 0xd8dd55a0, le_prev = 0xd8dd5268}, p_cred = 0xc2020ee0,
p_fd = 0xc2294400, p_stats = 0xd8e17b78, p_limit = 0xc2297f00,
p_upages_obj = 0xd8e0f1e0, p_procsig = 0xc20d1740, p_flag = 0x4086,
p_stat
OT: thank you to all developers!
Last night I finally got around to building up my first "real" 4.0-RELEASE machine (kind "late" since 4.1 is creeping up on us I know ... but ). I installed 4.0 "fresh" from the CDs, copied my previous machine's /etc files over from a CD backup (with minor edits of course :), cvsup'ed 4-STABLE, rebuilt and installed world and a new kernel, and replaced my 3-STABLE firewall/gateway machine in a matter of hours. All went totally without a hitch in the world and absolutely screams with speed! A huge, giant, chocolate-covered thanks to all developers -Jr -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | John Reynolds WCCG, CCE, Higher Levels of Abstraction | | Intel Corporation MS: CH6-210 Phone: 480-554-9092 pgr: 602-868-6512 | | [EMAIL PROTECTED] http://www-aec.ch.intel.com/~jreynold/ | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Global variables defined several times.
In message [EMAIL PROTECTED] David Malone writes: : I can't find my second edition at the moment. This behavior is : commented on in the C FAQ as something the ANSI standard describes : as a common extension. (http://www.eskimo.com/~scs/C-faq/q1.7.html) : It also seems to suggest it is mostly a Unix thing. VMS's DEC CC does the same thing as our tool chain. At least on the VMS 4.4 system I used in college. It got lots of other things "different" than the unix compilers we were using (pcc derived things for sun3 and sun4), but this it did the same. C++ requires exactly one definition, but can have many declarations (eg only one int foo, but many extern int foo). Actually, conforming C++ compilers may require exactly one definition. This is listed in the appendix of one of the Stroustup books as being a departure from plain old C. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: NATD errors on 5.0
On Wed, 5 Jul 2000, Reinier Bezuidenhout wrote: Hi ... I've started natd on my local machine to translate all packets to the ip of my public interface. If I am on my machine, and I start natd and add the divert rule, (this means I'm trying to connect from my local machine on which I am running the natd to any other machine) I can see the packet leaving my machine, ariving at the destination machine, but NO reply returned, if I ping .. everything seems ok Any ideas what is wrong ??? This is a -questions question. Check your rules... try running open to start out with then restrict as needed. Doug White| FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
data corruption
-hackers,
This is the most fucked up thing I've ever experienced with FreeBSD:
[hawk-billf] /home/billf/helpdesk ls
./ ../ Makefilehdesk.c
[hawk-billf] /home/billf/helpdesk cd ..
[hawk-billf] /home/billf ls hdesk
ls: hdesk: No such file or directory
[hawk-billf] /home/billf cp -pRP helpdesk hdesk
[hawk-billf] /home/billf cd hdesk
[hawk-billf] /home/billf/hdesk ls
./ Makefilehdesk.c
../ hdesk* hdesk.o
Note that hdesk and hdesk.o suddenly came back from the dead.
It works in reverse, every now and then when running
$ echo "test" | ./hdesk
it will fail like so:
75203 ktrace CALL execve(0xbfbffb53,0xbfbffa48,0xbfbffa50)
75203 ktrace NAMI "./hdesk"
75203 ktrace RET execve -1 errno 2 No such file or directory
but if I run it again, it may work. the files are just appearing
and reappearing.
Another example:
[hawk-billf] /home/billf/helpdesk make clean
rm -f hdesk hdesk.o
[hawk-billf] /home/billf/helpdesk ls
./ Makefilehdesk.c ktrace.out
../ hdesk* hdesk.o
hdesk and hdesk.o have been removed, but they are still hanging around.
If I copy the directories around (or move) them, I experience the same
oddity. If I make a whole new directory structure and
$ cat hdesk.c /tmp/hdesk.c
$ cat Makefile /tmp/Makefile
$ mkdir notwhacked
$ cp /tmp/{hdesk.c,Makefile} notwhacked
the behavior goes away.
Someone tell me I'm wrong here...
--
Bill Fumerola - Network Architect / Computer Horizons Corp - CHIMES
e-mail: [EMAIL PROTECTED] / [EMAIL PROTECTED]
PS. No, it's not something stupid like file flags or something.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
Re: fsck
In message [EMAIL PROTECTED] "Alexey V. Vatchenko" writes: : /dev/ad0s2a: NO WRITE ACCESS : /dev/ad0s2a: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. : : what is it? / is likely mounted on /dev/ad0s2a, so you can't get write access to /dev/ad0s2a. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: latest news concerned crypto stuff
On Wed, 5 Jul 2000, Max Khon wrote: do the latest news concerned crypto stuff mean that we can now always have DES in base system? and what's about a possibility to select Crypt Format (DES/MD5/SHA/whatever) per user or per login class? No, that code is still not finished. I'm currently sidetracked working on KAME integration in current and trying to get it merged in time for 4.1 Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: stray interrupts in 4.0
At 02:23 PM 7/1/00 -0700, you wrote: On Sat, 1 Jul 2000, Dennis wrote: We're seeing lots of "stray" interrupts in 4.0 while running 3.4 on the same hardware reports nothing. The interrupt its complaining about is IRQ7 even though parallel port is disabled and no other device. It happens on more than 1 MB. This is in the archives and the FAQ at www.freebsd.org. This is normal. thanks for the "pointer", but searching the faq for "stray" returns zilch. To which "archives" are you referring? Why is it "normal" to send hundreds of messages to the console? The term "stray" implies abnormal. DB To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: /etc/security - /etc/periodic/security ?
Ben Smithurst [EMAIL PROTECTED] writes: Brian Somers wrote: Well, "periodic security" will work as long as /etc/periodic/security exists, so I guess you just mean the docs need updating? I'll get to that if someone is actually planning on committing this stuff. =20 Perhaps the best option is to do with the inline security option and=20 just run ``periodic security'' from cron ? I can commit the changes. I don't think there's really a problem with just running security from daily. I can add a note that this is normal practice in the manpage, and that security shouldn't be run separately unless you set daily_security_enable=3DNO or whatever the option is. why not even something like security_enable=[YES|NO] and security_periode=[daily|weekly|monthly] defaulting to daily? Cyrille. -- home:mailto:[EMAIL PROTECTED] Supprimer "no-spam." pour me repondre. work:mailto:[EMAIL PROTECTED] Remove "no-spam." to answer me back. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
cocaine snorting reported in Michigan, details at 11 (was Re: data corruption)
On Wed, Jul 05, 2000 at 04:08:24PM -0400, Bill Fumerola wrote: PS. No, it's not something stupid like file flags or something. No, it was something even stupider. Completely ignore this. -- Bill Fumerola - Network Architect / Computer Horizons Corp - CHIMES e-mail: [EMAIL PROTECTED] / [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: stray interrupts in 4.0
At 02:23 PM 7/1/00 -0700, you wrote: On Sat, 1 Jul 2000, Dennis wrote: We're seeing lots of "stray" interrupts in 4.0 while running 3.4 on the same hardware reports nothing. The interrupt its complaining about is IRQ7 even though parallel port is disabled and no other device. It happens on more than 1 MB. This is in the archives and the FAQ at www.freebsd.org. This is normal. thanks for the "pointer", but searching the faq for "stray" returns zilch. To which "archives" are you referring? The "stray irq7" message has been remarked on countless times. Having said that, our search tools are less than marvellous. 8( Why is it "normal" to send hundreds of messages to the console? The term "stray" implies abnormal. It's "normal" insofar as countless PC motherboards generate these spurious interrupts. However, we're anal enough to consider spurious interrupts "abnormal", and we kvetch about them. Generally this message indicates that you have hardware in the system that is not signalling interrupts correctly. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: /etc/security - /etc/periodic/security ?
I don't think there's really a problem with just running security from daily. I can add a note that this is normal practice in the manpage, and that security shouldn't be run separately unless you set daily_security_enable=3DNO or whatever the option is. why not even something like security_enable=[YES|NO] and security_periode=[daily|weekly|monthly] defaulting to daily? That's just what we need - a configuration option that lets the admin turn security off. 8) -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: cocaine snorting reported in Michigan, details at 11 (was Re: data corruption)
Bill Fumerola wrote: On Wed, Jul 05, 2000 at 04:08:24PM -0400, Bill Fumerola wrote: PS. No, it's not something stupid like file flags or something. No, it was something even stupider. Completely ignore this. Oh, come on now, tell us the details! :-) Cheers, -Peter -- Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: cocaine snorting reported in Michigan, details at 11 (was Re: data corruption)
On Wed, Jul 05, 2000 at 05:57:56PM -0700, Peter Wemm wrote: PS. No, it's not something stupid like file flags or something. No, it was something even stupider. Completely ignore this. Oh, come on now, tell us the details! :-) It involves this running in another window: [hawk-billf] $ while `true`; do make clean; sleep 5; make; sleep 5; done It was done as a joke before I left last weekend; I opened a bunch of eterms and looped some pings, traceroutes, compiles, etc and the joke was that as long as I did that it looked like I did as much work as other, uhm, less motivated, cow-orkers. I fully expect to be physically assulted by all who I encounter the next time I'm in California for this act of stupidity. -- Bill Fumerola - Network Architect / Computer Horizons Corp - CHIMES e-mail: [EMAIL PROTECTED] / [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: cocaine snorting reported in Michigan, details at 11 (was Re
On 06-Jul-00 Bill Fumerola wrote: On Wed, Jul 05, 2000 at 05:57:56PM -0700, Peter Wemm wrote: PS. No, it's not something stupid like file flags or something. No, it was something even stupider. Completely ignore this. Oh, come on now, tell us the details! :-) It involves this running in another window: [hawk-billf] $ while `true`; do make clean; sleep 5; make; sleep 5; done It was done as a joke before I left last weekend; I opened a bunch of eterms and looped some pings, traceroutes, compiles, etc and the joke was that as long as I did that it looked like I did as much work as other, uhm, less motivated, cow-orkers. I fully expect to be physically assulted by all who I encounter the next time I'm in California for this act of stupidity. /me pats the Big Knife and the Damn Thing -- John Baldwin [EMAIL PROTECTED] -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.cslab.vt.edu/~jobaldwi/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Make world in traditional make-mode
Is there an option in make world to work like a traditional make works? i.e. just recompile if the source has changed. Leif To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Make world in traditional make-mode
On Thu, Jul 06, 2000 at 03:46:52AM +0200, Leif Neland wrote: Is there an option in make world to work like a traditional make works? i.e. just recompile if the source has changed. -DNOCLEAN is as close as you're going to get, probably. -- Bill Fumerola - Network Architect / Computer Horizons Corp - CHIMES e-mail: [EMAIL PROTECTED] / [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
RE: BPF and Promiscuous Mode
Title: RE: BPF and Promiscuous Mode Here is how to bridge different interfaces together selectively: Controlling bridging Bridging is almost exclusively controlled by sysctl variables. net.link.ether.bridge_cfg: ed2:1,rl0:1, set of interfaces for which bridging is enabled, and cluster they belong to. net.link.ether.bridge: 0 enable bridging. net.link.ether.bridge_ipfw: 0 enable ipfw for bridging. Thanks to Luigi Rizzo for that information extracted from his site at: http://www.iet.unipi.it/~luigi/ip_dummynet/ This net.link.enther.bridge_cfg is not in the man page and I have read nothing about it anywhere else, is there some resource that has every sysctl variable listed with it's purpose? thx nick -Original Message- From: Nick Evans Sent: Tuesday, July 04, 2000 12:18 AM To: 'Dan Nelson' Cc: '[EMAIL PROTECTED]' Subject: RE: BPF and Promiscuous Mode Exactly, I just tried it and it didn't work :(. Yes you are right on, NFR is a sniffer/ids, but it is based on the OpenBSD kernel and therefore does not support multiple processors. I just tried bridging and it does in fact bridge all interfaces together, but it still does not appear to be mirroring all traffic from one interface to another. Apparently there are issues with IPFilter and FreeBSD... I am going to try OpenBSD and IPFilter tonight. The IPFilter people know that bridging works on OpenBSD, and you can bridge specific interfaces. -Original Message- From: Dan Nelson [mailto:[EMAIL PROTECTED]] Sent: Monday, July 03, 2000 10:34 PM To: Nick Evans Subject: Re: BPF and Promiscuous Mode Is there any reason you're not CC'ing the list? I added it back on my first reply on the assumption you simply forgot, but this email is missing it too. It's good to have exchanges like these in the mailing-list archives, so help other people that might have the same question later. In the last episode (Jul 03), Nick Evans said: actually it's like this router --- switch | | - mirrored port freebsdbox | | vlan'd switch | | | | | | nfr nfr nfr the nfr boxes do not have ip's so i just need the traffic duplicated (so routing is out of the question), but i wanted to use ipfilter to, get this, filter the traffic so not all the ida's see all the traffic. the simply cannot handle 600Mbits each... my plan is to put a gig interface, or two, into the BSD box and several dualport server adaptors and then segment that traffic down. bridging might work, but i do not know how to bind certain interfaces together in FreeBSD, OpenBSD, yes, but not Free... Aahh. An nfr is a sniffer. I assumed that you were load-balancing web servers or something, which was confising me a bit since you don't want to use mirroring for this. For your purposes, mirroring is perfect. I think enabling bridging, and then using ipfilter or ipfw to only allow (say) 1/3 of the Net addresses to each server (assuming you have 3 nfr's), would do what you want. I wonder if NFR will take advantage of multiple CPUs in a single box. That way you don't have to worry about any of this. In the last episode (Jul 03), Nick Evans said: actually a better question would have been, do you know if you can bridge multiple interfaces to one other interface lik 4 100mbit nics to one gigabit nic? I assume so. The bridge manpage mentions the inability to selectively bridge certain interfaces, so the default must be to bridge all ethernet interfaces. You can probably add some filtering rules to make sure you don't re-transmit packets out of your gigabit NICs. -- Dan Nelson [EMAIL PROTECTED]
