Re: PATCH: Pentium-M deeper sleep support in idle loop
On Fri, Oct 17, 2003 at 02:20:25AM +0200, Marko Zec wrote: The patch also introduces a new sysctl machdep.speedstep, which can be used to directly controll the CPU clock frequency / operating voltage. If your BIOS In case of P-M (Banias), speedstep does work differently, and this will not work. Be sure to disable speedstep stuff in such case (or implement it). SpeedStep also work if ICH-2M, and it is easy to add it in your patch (but probably not the deeper sleep stuff though, especially if you have an older PIII, but sleep should be ok). -- Ducrot Bruno -- Which is worse: ignorance or apathy? -- Don't know. Don't care. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: On-line judgment kernel module
On Thu, 16 Oct 2003 18:28:15 -0400 David Gilbert [EMAIL PROTECTED] wrote: As you conjecture, a syscall-less or syscall-restricted environment *should* be safe ... if your syscall changes are bulletproof *_and_* the rest of the runtime environment is bulletproof. Good system call policies are a WONDERFUL feature at a system administrator's hands. There is no such thing as a syscall-less environment but only a restricted (either at the same layer as the system calls or above in terms of code path). Isn't a syscall required to finish off exit()? Yes, consult kern_exit.c How is this related to the discussion though? The fact is, most people would not even want to TOUCH sys_exit and friends since there are no real security advantages there. In otherwords, an exit system call remains completely the same. -- +---+ | Samy Al Bahra | [EMAIL PROTECTED] | |---| | B3A7 F5BE B2AE 67B1 AC4B | | 0983 956D 1F4A AA54 47CB | |---| | http://www.kerneled.com | +---+ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PATCH: Pentium-M deeper sleep support in idle loop
On Friday 17 October 2003 11:23, Ducrot Bruno wrote: In case of P-M (Banias), speedstep does work differently, and this will not work. Be sure to disable speedstep stuff in such case (or implement it). True, the new Centrino CPUs are equipped with a slightly different speedstep control model, but have in mind that the speedstep support was only of marginal importance in my patch, as clearly stated in the original post. The main purpose of the patch is enabling deeper sleep mode in the idle loop, which is a completely independent feature from the speedstep. Furthermore, it should work across all -M pentium models in combination with ICH3 and ICH4 chipsets. I'd be more than glad to hear some feedback on if and how that works for people out there... SpeedStep also work if ICH-2M, and it is easy to add it in your patch (but probably not the deeper sleep stuff though, especially if you have an older PIII, but sleep should be ok). If it's easy, then by all means go for it. Unfortunately I don't have any ICH2 based systems available for testing, so I'm 100% sure I won't be implementing it myself. Cheers, Marko ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: boot0 screen output with dual-boot of FreeBSD / WinXP
On Fri, Oct 17, 2003 at 01:25:04PM +0930, Daniel O'Connor wrote: Basically, no. There is no room left in boot0 :( I think you could do it by squeezing down some text strings, and removing other [less common] entries though. That's what I had to do when I special-cased it for serial console support. If there's sufficient demand we could resurrect the 1024-byte boot0, but call it something else. BMS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: On-line judgment kernel module
Samy == Samy Al Bahra [EMAIL PROTECTED] writes: Samy On Thu, 16 Oct 2003 18:28:15 -0400 David Gilbert Samy [EMAIL PROTECTED] wrote: As you conjecture, a syscall-less or syscall-restricted environment *should* be safe ... if your syscall changes are bulletproof *_and_* the rest of the runtime environment is bulletproof. Samy Good system call policies are a WONDERFUL feature at a system Samy administrator's hands. There is no such thing as a syscall-less Samy environment but only a restricted (either at the same layer as Samy the system calls or above in terms of code path). Still... it would seem to me to be safer to use a complete emulation environment than risk getting everything else right. Isn't a syscall required to finish off exit()? Samy Yes, consult kern_exit.c How is this related to the discussion Samy though? The fact is, most people would not even want to TOUCH Samy sys_exit and friends since there are no real security advantages Samy there. In otherwords, an exit system call remains completely the Samy same. Ah, well ... I was understanding that origional email wanted a syscall-less environment and was just further arguing the point. Dave. -- |David Gilbert, Independent Contractor. | Two things can only be | |Mail: [EMAIL PROTECTED]| equal if and only if they | |http://daveg.ca | are precisely opposite. | =GLO ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Darwin/OSX Bluetooth code
On Thu, Oct 16, 2003 at 09:00:02PM -0700, Maksim Yevmenkin wrote: [snip] I'm currently thinking about un-Netgraph'ing FreeBSD code to make it portable to other BSD style systems. I'm trying to look at other implementations and learn as much as i can. In particular i'm trying to figure out how to minimize OS dependent code and what is the right abstractions levels. When I saw your BlueTooth entry in the recent status report, I thought I'd comment on that, but then got distracted :) You've done some great work on BlueTooth. IMHO, it would be a mistake to try to un-NetGraph it; there have been lots of rumours about people porting the NetGraph framework to other OS's, and if BlueTooth support will provide yet one more reason for the need to do this, so be it :) NetGraph is a wonderful framework for writing drivers, and not limited to network drivers, either - as you have no doubt discovered so far - there should be no need to give up its advantages if it's possible to retain them and even gain much in portability for the writing of future drivers (should NetGraph run on more OS's). G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. pgp0.pgp Description: PGP signature
Re: Darwin/OSX Bluetooth code
Peter, I'm currently thinking about un-Netgraph'ing FreeBSD code to make it portable to other BSD style systems. I'm trying to look at other implementations and learn as much as i can. In particular i'm trying to figure out how to minimize OS dependent code and what is the right abstractions levels. When I saw your BlueTooth entry in the recent status report, I thought I'd comment on that, but then got distracted :) You've done some great work on BlueTooth. IMHO, it would be a mistake Thank you. to try to un-NetGraph it; there have been lots of rumours about people porting the NetGraph framework to other OS's, and if BlueTooth support will provide yet one more reason for the need to do this, so be it :) I'm not so sure about these rumors. To me it looks like NetBSD and OpenBSD folks are reluctant to adopt/port Netgraph. Also, when i started this project, few people have pointed out that it would much better if other BSDs could share the code. NetGraph is a wonderful framework for writing drivers, and not limited to network drivers, either - as you have no doubt discovered so far - there should be no need to give up its advantages if it's possible to retain them and even gain much in portability for the writing of future drivers (should NetGraph run on more OS's). I could not agree more. Netgraph is extremely flexible and when it comes to a rapid prototype development it is a number one choice. However, the fact is Netgraph is FreeBSD only framework (at least for now). So i think all BSDs would benefit from the common code (and as an extra bonus FreeBSD could have Netgraph support :) thanks, max __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd source code
At 7:08 PM -0400 10/16/03, Adil Katchi wrote: I'm looking for the sshd source code for freebsd 4.7. Any idea where I can find it in the CVS tree? if you have the source tree on your machine (and if it has been there for a week or so), then use the 'locate' command: locate openssh You'll get a list of files... -- Garance Alistair Drosehn= [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Instituteor [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
sshd, PAM and template_user
While I realize that freeBSD has PAM`ified SSH, I was wondering if anyone was planning to extend this in the manner that telnet/rlogin have been. From /etc/pam.d/login: auth sufficient pam_tacplus.so try_first_pass template_user=staffer Basically this`ll grab the staffer account and use it as the basis for other arbitrary users who have been authenticated by TACACS. Very handy at an ISP where you may wish to allow or disallow access to many servers to a large number of individuals who tend to come and go. The people who don`t _really_ need to access the machines on a daily basis just get a TACACS login and they get to live with the template user`s dotfiles etc. Unfortunately, sshd does some explicit checks with getpwnam() that cause ssh connectins to fail if the user is not in /etc/passwd. Any ssh hackers looking at this, by any chance? Thanks, Adil ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Benchmarking kqueue() performance?
Hi, I sent a private e-mail to Jonathan Lemon about this, but thought I would ask the larger FreeBSD community about this as well. Does anyone have any sample code which can be used to benchmark the performance of kqueue() vs. select()? I am interested in setting up a test which handles a large number of events. I am interested in seeing the scalability of kqueue() as the number of events increases. I am also interested in looking at kqueue() performance in multithreaded environmentsmaybe with the new KSE implementation in CURRENT. Thanks. -- Craig Rodrigues http://crodrigues.org [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: crypt
On Thu, 16 Oct 2003, Peter Pentchev wrote: Date: Thu, 16 Oct 2003 14:45:48 +0300 From: Peter Pentchev [EMAIL PROTECTED] To: omestre [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: crypt On Thu, Oct 16, 2003 at 11:37:37AM +, omestre wrote: Hello, i need authenticate users in a FreeBSD environment and linux environment. My passwords are stored with FreeBSD crypt format. We wrote a pam module to authenticate the users, but if the module runs in FreeBSD and obvious (crypt bsd)... works. In linux does not. Have a simple way to write a simple crypt function to my linux module, that behaves like the FreeBSD libc crypt function? Then i will bypass the two libc crypt *imcompatibilities*... Sorry by the english. Linux has a crypt(3) function, too, and it usually works. You'll need to tell us a bit more than 'in linux does not' - what exactly does not work? My first guess would be that you cannot compile or load your module, because either the linker or the loader tells you that the 'crypt' symbol is undefined. In that case, try giving the -lcrypt option to the linker, to tell it to use the libcrypt library - some Linux distributions keep their crypt(3) in a separate library. G'luck, Peter -- Peter Pentchev[EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 .siht ekil ti gnidaer eb d'uoy ,werbeH ni erew ecnetnes siht fI Thanks, it is working fine. The linux crypt function is working like FreeBSD... modular and traditional types. :) I've make a mistake. [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Benchmarking kqueue() performance?
I sent a private e-mail to Jonathan Lemon about this, but thought I would ask the larger FreeBSD community about this as well. Does anyone have any sample code which can be used to benchmark the performance of kqueue() vs. select()? I am interested in setting up a test which handles a large number of events. I am interested in seeing the scalability of kqueue() as the number of events increases. I am also interested in looking at kqueue() performance in multithreaded environmentsmaybe with the new KSE implementation in CURRENT. Have you looked at libevent? http://www.monkey.org/~provos/libevent/ There are some spiffy benchmarks there (and pretty graphs). And a bit dated, but this page also has some good #'s for you: http://www.kegel.com/dkftpbench/Poller_bench.html -sc -- Sean Chittenden ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
building sshd
I'm trying to build sshd from src/crypto/openssh and I'm having problems. I've only modified auth2.c. I've followed the FREEBSD-upgrade instructions. So, this is what I've done: 1. autoconf // to generate the configure file 2. autoheader // got a bunch of warnings but no errors 3. ./configure --with-pam --with-s-key// PAM was configured, but S/Key wasn't.. dunno why yet 4. make sshd // below are the errors I got after a bunch of warnings sshd.o: In function `sshd_exchange_identification': /d2/akatchi/src/crypto/openssh/sshd.c:376: undefined reference to `ssh_version_g et' sshd.o: In function `usage': /d2/akatchi/src/crypto/openssh/sshd.c:768: undefined reference to `ssh_version_g et' sshd.o: In function `main': /d2/akatchi/src/crypto/openssh/sshd.c:1582: undefined reference to `ssh_version_ get' auth1.o: In function `do_authloop': /d2/akatchi/src/crypto/openssh/auth1.c:121: undefined reference to `abandon_chal lenge_response' auth2-chall.o: In function `privsep_challenge_enable': /d2/akatchi/src/crypto/openssh/auth2-chall.c(.text+0x765): undefined reference t o `mm_pam_device' auth2-chall.o: In function `kbdint_alloc': /d2/akatchi/src/crypto/openssh/auth2-chall.c:78: undefined reference to `pam_dev ice' servconf.o: In function `process_server_config_line': /d2/akatchi/src/crypto/openssh/servconf.c:921: undefined reference to `ssh_versi on_set_addendum' monitor.o: In function `mm_answer_pam_init_ctx': /d2/akatchi/src/crypto/openssh/monitor.c(.text+0xb01): undefined reference to `p am_device' monitor.o: In function `mm_answer_pam_query': /d2/akatchi/src/crypto/openssh/monitor.c(.text+0xbb9): undefined reference to `p am_device' monitor.o: In function `mm_answer_pam_respond': /d2/akatchi/src/crypto/openssh/monitor.c(.text+0xd25): undefined reference to `p am_device' /d2/akatchi/src/crypto/openssh/monitor.c(.text+0xd66): undefined reference to `p am_device' monitor.o: In function `mm_answer_pam_free_ctx': /d2/akatchi/src/crypto/openssh/monitor.c(.text+0xdf2): undefined reference to `p am_device' *** Error code 1 Below is the diffed auth2.c in case anyone wants to try compiling this for themselves. $ diff auth2.c auth2_old.c 173c173 PRIVSEP(start_pam(user)); --- PRIVSEP(start_pam(NOUSER)); Any ideas?? Thanks, Adil ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: building sshd
On Fri, Oct 17, 2003 at 05:51:54PM -0400, Adil Katchi wrote: I'm trying to build sshd from src/crypto/openssh and I'm having problems. I've only modified auth2.c. I've followed the FREEBSD-upgrade instructions. Those aren't the instructions to build the code, they're instructions to the developers on how to import a new version. sshd is built as part of 'make buildworld'. Read the documentation in the handbook on how to safely rebuild your source tree. Kris pgp0.pgp Description: PGP signature
primary slave HDD hangs
Hello. I've sent this email in stable@ but got no answer. Can you give me some advice on this situation? I had have a Maxtor 6Y120L0 HDD (120Gb, 2Mb cache) as primary master. Now I bought Maxtor 6Y160P0 (160Gb, 8Mb cache) and installed it as slave. 4.8-RELEASE hangs on booting with diagnostic: ad1: READ command timeout tag=0 serv=0 - resetting ata0: resetting device On both -CURRENT and WindowsXP system is all right. HDD looks working. Can I do something with it? I'm ready to disable second disk on 4.8 but I'v got no idea how to do it without kernel hacking. (I can disable slave checking, but I'll lost my secondary slave CD-Writer then). -- Sem. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Benchmarking kqueue() performance?
Craig Rodrigues wrote: Hi, I sent a private e-mail to Jonathan Lemon about this, but thought I would ask the larger FreeBSD community about this as well. Does anyone have any sample code which can be used to benchmark the performance of kqueue() vs. select()? I am interested in setting up a test which handles a large number of events. I am interested in seeing the scalability of kqueue() as the number of events increases. One of the most comprehensive sites about that problem is: http://www.kegel.com/c10k.html -- Lev Walkin [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Darwin/OSX Bluetooth code
Peter Pentchev wrote: You've done some great work on BlueTooth. IMHO, it would be a mistake to try to un-NetGraph it; there have been lots of rumours about people porting the NetGraph framework to other OS's, and if BlueTooth support will provide yet one more reason for the need to do this, so be it :) I doubt it I came across NetGraph by trying to get my USB-USB link going under FreeBSD. It is extremely cumbersome to be used and seems to be *too low level* as interface design. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sshd source code
Garance A Drosihn wrote: At 7:08 PM -0400 10/16/03, Adil Katchi wrote: I'm looking for the sshd source code for freebsd 4.7. Any idea where I can find it in the CVS tree? if you have the source tree on your machine (and if it has been there for a week or so), then use the 'locate' command: locate openssh You'll get a list of files... Assuming, of course, that they don't ever turn their machine off. If they do, then 'locate' is just a waste of disk space. Sorry, you tickled one of my long-standing gripes about 'periodic'. Tim Kientzle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: building sshd
Adil Katchi wrote: I'm trying to build sshd from src/crypto/openssh and I'm having problems. I've only modified auth2.c. I've followed the FREEBSD-upgrade instructions. I think what you want is more like: cd /usr/src/secure/usr.sbin/sshd make make install (You might need to do a full buildworld first.) Don't be confused by any extra Makefiles you might see floating around: * the openssh source code is in /usr/src/crypto/openssh * the build harness for sshd is in /usr/src/secure/usr.sbin/sshd The separation helps to address problems with updating OpenSSH (which is, after all, being maintained by someone else) and makes it easier to satisfy various cryptography laws. Tim Kientzle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: primary slave HDD hangs
On Sat, 18 Oct 2003, Sergey Matveychuk wrote: I had have a Maxtor 6Y120L0 HDD (120Gb, 2Mb cache) as primary master. Now I bought Maxtor 6Y160P0 (160Gb, 8Mb cache) and installed it as slave. 4.8-RELEASE hangs on booting with diagnostic: ad1: READ command timeout tag=0 serv=0 - resetting ata0: resetting device I see (almost) the same symtom with a 80 Gbyte Seagate drive strapped as an IDE master. This is on an ASUS P4S800 motherboard. The system hangs immediatley after boot with: ad0: READ command timeout tag=0 serv=0 - resetting ata0: resetting device The system was installed and cvsuped on october 14th on an AOPEN motherboard. No problems at all. 4.9-RC FreeBSD 4.9-RC #0: Tue Oct 14 03:25:14 CEST 2003 /Chris ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Benchmarking kqueue() performance?
Lev Walkin wrote: One of the most comprehensive sites about that problem is: http://www.kegel.com/c10k.html That's about scaling to a large number of connections, not about kqueue() vs. select performance. The biggest problem with a large number of connections, at least as far as FreeBSD is concerned, is the TCP timer implementation using a callout wheel, since any expiring timer has to traverse every bucket in the chain, instead of stopping at the first one that's un expired (see the BSD 4.2/4.3 timers for an example of the right way to do it). FWIW: I've had a FreeBSD box with a static page server on it up to 1.6M simultaneous connections with very little work, so 10K is pretty trivial in comparison. For doing real work, and giving 1G to a server process and 512M to caching, this number drops to ~250K connections, but that's still 25 time what he claims is some insurmountable barrier. BTW, the company for which I did this work is still shipping real product that handles those loads on a FreeBSD box, FWIW. -- Terry ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]