Re: routing to a directly attached subnet without an address in this subnet
On Sun, Apr 24, 2011 at 08:50:53PM -0400, David Scheidt wrote: On Apr 24, 2011, at 4:29 PM, Lionel Fourquaux wrote: em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd Network 2001:db8::/64 is directly attached to em0, and network 2001:db8:0:1::/64 is directly attached to em1. The default route points to em0. I would like to route packets addressed to 2001:db8:0:1::/64 to interface em1, without allocating an address in 2001:db8:0:1::/64 for em1. (Or to understand why this would be impossible). Why do you want to do this? Because I think it would look better that way. How do you expect the hosts on the attached networks to get packets to you? They are already using fe80::1234:56ff:fe78:9abd as default gateway, so this is not a problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: routing to a directly attached subnet without an address in this subnet
On Sun, Apr 24, 2011 at 06:43:11PM -0500, Robert Bonomi wrote: Sorry, it _is_ impossible. :( simply put, to communicate _on_ a network, you have to be *ON* that network, i.e., 'have an address in that network's address-space'. I don't quite see why this would be required, as long as packets are routed as they should. It is perfectly legitimate for two (or more) separate networks to share the same physical media. Yes. *ONLY* the address of the device distinguishes which network the trafic goes to/from. But this is the destination address on packets. The point here is, why would the router need an address that is never used as source or destination? I can't see any strong reason for requiring that em1 have an address for every directly attached subnet packets are routed to. Think about how 'reply' packets have to be routed by other machines on that subnet. Packets from other machines are routed to fe80::1234:56ff:fe78:9abd (link local address of the router), so this part is fine. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
problem updating ports (latex-cjk)
Hello, I ran into a problem when updating ports on 8.1-RELEASE (i386). ~/print/latex-cjk doesn't want to build. === Patching for latex-cjk-4.8.2_4 === Applying FreeBSD patches for latex-cjk-4.8.2_4 Ignoring previously applied (or reversed) patch. 1 out of 1 hunks ignored--saving rejects to texinput/Bg5/c00bsmi.fd.rej = Patch patch-texinput-Bg5-c00bsmi.fd failed to apply cleanly. = Patch(es) patch-Makefile applied cleanly. *** Error code 1 Stop in /usr/ports/print/latex-cjk. *** Error code 1 Stop in /usr/ports/print/latex-cjk. What can I do to fix this? Best regards, Fred Boatwright ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Sun, 24 Apr 2011 19:53:41 +0200 C. P. Ghost cpgh...@cordula.ws wrote: On Sun, Apr 24, 2011 at 7:10 PM, Modulok modu...@gmail.com wrote: I don't know if this is a problem on FreeBSD... Process A requests memory. Process A Stores a plaintext password in memory or other sensitive data. Process A terminates and the memory is reclaimed by kernel. Process B requests a *huge* chunk of memory. Process B crawls the uninitialized memory, looking for ProcessA's previously stored password. Does anyone know if this is even possible on FreeBSD? Please correct me if I'm wrong (I didn't check the sources), but... short answer: it shouldn't happen, because pages allocated to a new process are zero-filled by the kernel (lazily via zero-fill page faults when process B crawls the memory the first time). I don't believe the heap is allocated zeroed pages. The kernel does allocate such pages to the BSS segment, but that's because it holds zeroed data such as C static variables. AFAIK it's the responsibly of the programmer to avoid data leaking. Passwords are commonly overwritten as soon as they no longer needed. I think geli keeps persistent key information in kernel wired-memory. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: zfs partition for /etc?
On 23 April 2011 23:48, Adam Vande More amvandem...@gmail.com wrote: On Sat, Apr 23, 2011 at 3:36 PM, krad kra...@gmail.com wrote: not sure about that as the auto mounts are done when /etc/rc.d/zfs runs so there might be a dependency Hum yeah you are right. I don't think it would be possible then as all the old etc/root fs restrictions still apply. On the other hand, if you must have this what's the drawback to simply snapshotting your root fs? Of course this is much more ideal if you use a ZFS structure like MFSBSD's default rather the ZFS file system layout presented in the wiki. -- Adam Vande More you could experiment with the init_* varibles in loader.conf. You might be able to trigger the automount before init runs then, to get around the issue. A bit messy though ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem updating ports (latex-cjk)
Hello Fred, Fred f...@blakemfg.com writes: I ran into a problem when updating ports on 8.1-RELEASE (i386). ~/print/latex-cjk doesn't want to build. === Patching for latex-cjk-4.8.2_4 === Applying FreeBSD patches for latex-cjk-4.8.2_4 Ignoring previously applied (or reversed) patch. 1 out of 1 hunks ignored--saving rejects to texinput/Bg5/c00bsmi.fd.rej = Patch patch-texinput-Bg5-c00bsmi.fd failed to apply cleanly. Are you sure the work area is clean? Run `make clean', then `make patch' again. -- Frédéric Perrin -- http://tar-jx.bz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: I don't believe the heap is allocated zeroed pages. The kernel does allocate such pages to the BSS segment, but that's because it holds zeroed data such as C static variables. According to McKusick and Neville-Neil's book on FreeBSD, sbrk extends the uninitialized data segment with zero-filled pages. Since malloc() is an interface to sbrk, it does the same thing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: I don't believe the heap is allocated zeroed pages. The kernel does allocate such pages to the BSS segment, but that's because it holds zeroed data such as C static variables. According to McKusick and Neville-Neil's book on FreeBSD, sbrk extends the uninitialized data segment with zero-filled pages. Since malloc() is an interface to sbrk, it does the same thing. True, except that malloc(3) now uses both sbrk(2) and mmap(2) allocators, depending on the user-settable flags in /etc/malloc.conf, MALLOC_OPTIONS and the global variable _malloc_options. So you have to look into mmap(2) too. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote: On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: I don't believe the heap is allocated zeroed pages. The kernel does allocate such pages to the BSS segment, but that's because it holds zeroed data such as C static variables. According to McKusick and Neville-Neil's book on FreeBSD, sbrk extends the uninitialized data segment with zero-filled pages. Since malloc() is an interface to sbrk, it does the same thing. True, except that malloc(3) now uses both sbrk(2) and mmap(2) allocators, depending on the user-settable flags in /etc/malloc.conf, MALLOC_OPTIONS and the global variable _malloc_options. So you have to look into mmap(2) too. Good point. From the man page: Any such extension beyond the end of the mapped object will be zero-filled. and A successful mmap deletes any previous mapping in the allocated address range. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS performance strangeness
On 24 April 2011 17:21, Sergio de Almeida Lenzi lenzi.ser...@gmail.comwrote: Em Ter, 2011-04-12 às 13:33 +0200, Lars Wilke escreveu: Hi, There are quite a few threads about ZFS and performance difficulties, but i did not find anything that really helped :) Therefor any advice would be highly appreciated. I started to use ZFS with 8.1R, only tuning i did was setting vm.kmem_size_scale=1 vfs.zfs.arc_max=4M For me I solved the ZFS performace in FreeBSD and postgres databases (about 100GB size) by tunning vm.kmem_size to atout 3/4 of the ram size... in your case, vm.kmem_size=(48 *3/4)=36G, it puts almost all the database in memory and it is now lightning fast... I use to disable prefetch in zfs.. too Hope this can help, Sergio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org wouldnt it be better to allow the db to use the memory rather than zfs, as this would involve far less context switches? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Safe to use GPT within gmirror?
Hi, can I safely use GPTs within a GEOM_MIRROR? I created a new mirror and then used gpart to create additinal partitions. dmesg gives: the secondary GPT header is not in the last LBA As far as I read by now it seems safe to ignore that message but I want to get sure. Or are mirrored GPTs only safe when using ZFS? Thanks, Helmut ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: routing to a directly attached subnet without an address in this subnet
On Mon, Apr 25, 2011 at 10:17:40PM +1000, Daniel Marsh wrote: What you need to verify is the default routes on the client hosts. It's very likely your packets and your initial route add commands on your dual host machine are correct, yet the return route on the other clients are incorrect. I have checked that. Actually, I can ping the router from the clients. What does not work is initiating a packet exchange from the router's side. Short reminder: em0 has addresses fe80::1234:56ff:fe78:9abc and 2001:db8::1 em1 has address fe80::1234:56ff:fe78:9abd default route is to em0 2001:db8:0:1::/64 is router to em1 (route add -inet6 2001:db8:0:1::/64 -iface em1) clients connected to em1 have addresses in 2001:db8:0:1::/64 and default route to fe80::1234:56ff:fe78:9abd If I reboot the router, then try to ping a client in 2001:db8:0:1::/64, directly connected to em1, ping6 fails with sendmsg: Operation not permitted. tcpdump does not show anything being sent to this client. The client's MAC does not show up in ndp -a. If I ping the router from the client, I get answers. The client's MAC show up in the NDP table, and I can ping the client from the router as long as it is still listed in the NDP table. If I clear the table with ndp -c, I can't ping from the router any more. If I reboot and add a static entry for the client in the NDP table, I can ping this client. All this seems to point to NDP as the root of the problem: it looks like it is not aware of the addition of 2001:db8:0:1::/64 to the routing table. I do not see any way to give the missing information to NDP other than adding an address to em1. (Adding static entries for all the clients would not be manageable in the long run). Google seems to turn up some mentions of cloning routes that look like a way to solve this (I'm not quite sure), but this was apparently removed in a recent reimplementation of ARP+NDP (arp-v2). Maybe some functionality was lost in the process, but I don't know about this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Mon, 25 Apr 2011 13:54:20 -0400 Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote: On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: I don't believe the heap is allocated zeroed pages. The kernel does allocate such pages to the BSS segment, but that's because it holds zeroed data such as C static variables. According to McKusick and Neville-Neil's book on FreeBSD, sbrk extends the uninitialized data segment with zero-filled pages. Since malloc() is an interface to sbrk, it does the same thing. True, except that malloc(3) now uses both sbrk(2) and mmap(2) allocators, depending on the user-settable flags in /etc/malloc.conf, MALLOC_OPTIONS and the global variable _malloc_options. So you have to look into mmap(2) too. Good point. From the man page: Any such extension beyond the end of the mapped object will be zero-filled. and A successful mmap deletes any previous mapping in the allocated address range. The above quote refers to zeroing the fraction of a page that's left over when len isn't a multiple of the page size. However, there's a comment in malloc.c about mmap'ed regions being zeroed, so I guess they are, but it doesn't seem to be mentioned at all in mmap(2). The reason I thought that heap memory isn't zeroed is from the discussion of pre-zeroed pages in this article: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/prefault-optimizations.html It reads as if the BSS region is the only significant user of zeroed pages. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ZFS and zfsloader
Hi there, I've recently migrated my old laptop to a new one (both running R8.2 + ZFS). Used zfs send/recv and corrected mountpoints. On the old laptop I had my / sitting in zpool, on the new one I've created a separate zpool/root for /. Everything is working OK except one strangeness - the boot loader still reads the kernel out of zpool/boot instead of zpool/root/boot. I've reinstalled the boot code and the loader but this did not help. Anyone has an idea how to fix this? Many thanks, Peter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
easy Firewall setup
Dear kind folks, Is there an easy firewall setup available somewhere(like the one referenced below but for FreeBSD)? i.e, like I saw reading in Distrowatch an easy way(using a page on the net: http://connie.slackware.com/~alien/efg/) I have read that there is pf and there is an implementation by OpenBSD and both are available on FreeBSD via ports system/packages. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html I don't know which one to use, is there a page, howto (build a firewall or convert an existing one) to use here? All I want is to be allowed to visit websites but don't allow anyone out there to come in somehow a template that I can use and try out to see if I can get it working. Of course the network name might be different, but I can try to figure things out. ne0, fe0, ra0, ..., etc After figuring this out, my next big job/task is to use FreeBSD to make up a new router/dhcp server to give/assign ip numbers to machines from one and give to many. This has been something hard that I have failed at several times. Maybe with FreeBSD I can be successfull? Thanks, Antonio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: easy Firewall setup
--As of April 25, 2011 7:43:33 PM -0500, Antonio Olivares is alleged to have said: I don't know which one to use, is there a page, howto (build a firewall or convert an existing one) to use here? All I want is to be allowed to visit websites but don't allow anyone out there to come in somehow a template that I can use and try out to see if I can get it working. Of course the network name might be different, but I can try to figure things out. If all you want is a firewall, I'd go with this: http://www.pfsense.org/ Based on FreeBSD, but they've set it up nice and put an easy-to-use interface on top of it. Of course if you wanted you could always just install the base system, turn on routing, and configure pf/iptables. There's not really a whole lot to either one, really... But if you don't feel like learning their syntax right now, or doing everything via a text editor, I'd really go with pfsense. (Even if you *do* know their syntax, in most cases I'd go with pfsense...) After figuring this out, my next big job/task is to use FreeBSD to make up a new router/dhcp server to give/assign ip numbers to machines from one and give to many. This has been something hard that I have failed at several times. Maybe with FreeBSD I can be successfull? pfsense has a DHCP server, no problem there. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: easy Firewall setup
On Mon, Apr 25, 2011 at 9:06 PM, Daniel Staal dst...@usa.net wrote: --As of April 25, 2011 7:43:33 PM -0500, Antonio Olivares is alleged to have said: I don't know which one to use, is there a page, howto (build a firewall or convert an existing one) to use here? All I want is to be allowed to visit websites but don't allow anyone out there to come in somehow a template that I can use and try out to see if I can get it working. Of course the network name might be different, but I can try to figure things out. If all you want is a firewall, I'd go with this: http://www.pfsense.org/ Based on FreeBSD, but they've set it up nice and put an easy-to-use interface on top of it. Of course if you wanted you could always just install the base system, turn on routing, and configure pf/iptables. There's not really a whole lot to either one, really... But if you don't feel like learning their syntax right now, or doing everything via a text editor, I'd really go with pfsense. (Even if you *do* know their syntax, in most cases I'd go with pfsense...) After figuring this out, my next big job/task is to use FreeBSD to make up a new router/dhcp server to give/assign ip numbers to machines from one and give to many. This has been something hard that I have failed at several times. Maybe with FreeBSD I can be successfull? pfsense has a DHCP server, no problem there. Daniel T. Staal --- Thanks for sharing this. I have a base FreeBSD 8.2 system on one machine and I would like to setup a firewall that allows me to visit websites and not allow incoming traffic. Something easy to set up and start like /etc/local/rc.d/rc.pf start or similar. A nice example which I can change somethings like name of network device, i.e, nv0, or similar device. I will try further reading and try to set something up as I am afraid to screw things up. Regards, Antonio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
OpenVPN routing
I've got an OpenVPN connection working to my remote server, but I want to route the traffic to the local LAN. I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. Server.conf: local 192.168.46.2 port 1194 proto udp dev tap ca keys/cacert.pem cert keys/server.crt key keys/server.key # This file should be kept secret dh keys/dh1024.pem # Don't put this in the keys directory unless user nobody can read it crl-verify keys/crl.pem #Make sure this is your tunnel address pool server 192.168.47.0 255.255.255.0 ifconfig-pool-persist ipp.txt #This is the route to push to the client, add more if necessary #push route 192.168.46.254 255.255.255.0 push route 192.168.47.0 255.255.255.0 push dhcp-option DNS 192.168.45.10 keepalive 10 120 cipher BF-CBC #Blowfish encryption comp-lzo #fragment user nobody group nobody persist-key persist-tun status openvpn-status.log verb 6 mute 5 client.conf: #Begin client.conf client dev tap proto udp remote sub.domain.ltd 1194 nobind user nobody group nobody persist-key persist-tun #crl-verify #remote-cert-tls server ca keys/cacert.pem cert keys/ryanc.crt key keys/ryanc.key cipher BF-CBC comp-lzo verb 3 mute 20 Any ideas? As I said, I can talk to the remote server, but not the local LAN. To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - which we have another VPN connecting the two networks (not running on a VPN I can do much with). Thanks, Ryan___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OpenVPN routing
Also: [root@nbserver1 /usr/home/ryanc]# ifconfig em0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=98VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM ether 00:14:22:15:dc:65 inet 192.168.46.2 netmask 0xff00 broadcast 192.168.46.255 media: Ethernet autoselect (1000baseT full-duplex) status: active tap0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8LINKSTATE ether 00:bd:7e:86:1d:00 inet 192.168.47.1 netmask 0xff00 broadcast 192.168.47.255 Opened by PID 10341 bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 46:e1:75:c6:a3:a7 inet 192.168.47.254 netmask 0xff00 broadcast 192.168.47.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: tap0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 5 priority 128 path cost 200 member: em0 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 1 priority 128 path cost 2 On Apr 25, 2011, at 9:36 PM, Ryan Coleman wrote: I've got an OpenVPN connection working to my remote server, but I want to route the traffic to the local LAN. I have a bridge set up, pingable... but can't ping the em1 (192.168.46.2) from the remote machine. Server.conf: local 192.168.46.2 port 1194 proto udp dev tap ca keys/cacert.pem cert keys/server.crt key keys/server.key # This file should be kept secret dh keys/dh1024.pem # Don't put this in the keys directory unless user nobody can read it crl-verify keys/crl.pem #Make sure this is your tunnel address pool server 192.168.47.0 255.255.255.0 ifconfig-pool-persist ipp.txt #This is the route to push to the client, add more if necessary #push route 192.168.46.254 255.255.255.0 push route 192.168.47.0 255.255.255.0 push dhcp-option DNS 192.168.45.10 keepalive 10 120 cipher BF-CBC #Blowfish encryption comp-lzo #fragment user nobody group nobody persist-key persist-tun status openvpn-status.log verb 6 mute 5 client.conf: #Begin client.conf client dev tap proto udp remote sub.domain.ltd 1194 nobind user nobody group nobody persist-key persist-tun #crl-verify #remote-cert-tls server ca keys/cacert.pem cert keys/ryanc.crt key keys/ryanc.key cipher BF-CBC comp-lzo verb 3 mute 20 Any ideas? As I said, I can talk to the remote server, but not the local LAN. To throw a new curveball in the mix, I'd like to talk to 192.168.45.0/24 - which we have another VPN connecting the two networks (not running on a VPN I can do much with). Thanks, Ryan___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Password theft from memory?
On Mon, Apr 25, 2011 at 11:29:08PM +0100, RW wrote: On Mon, 25 Apr 2011 13:54:20 -0400 Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote: On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall rjh...@gmail.com wrote: On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: I don't believe the heap is allocated zeroed pages. The kernel does allocate such pages to the BSS segment, but that's because it holds zeroed data such as C static variables. According to McKusick and Neville-Neil's book on FreeBSD, sbrk extends the uninitialized data segment with zero-filled pages. Since malloc() is an interface to sbrk, it does the same thing. True, except that malloc(3) now uses both sbrk(2) and mmap(2) allocators, depending on the user-settable flags in /etc/malloc.conf, MALLOC_OPTIONS and the global variable _malloc_options. So you have to look into mmap(2) too. Good point. From the man page: Any such extension beyond the end of the mapped object will be zero-filled. and A successful mmap deletes any previous mapping in the allocated address range. The above quote refers to zeroing the fraction of a page that's left over when len isn't a multiple of the page size. The above quote states that the memory not occupied by the remapped object is zero filled. Which is to say that memory allocated by mmap() is either filled with new data or filled with zeros. However, there's a comment in malloc.c about mmap'ed regions being zeroed, so I guess they are, but it doesn't seem to be mentioned at all in mmap(2). It is mentioned, in the first sentence I quoted. The reason I thought that heap memory isn't zeroed is from the discussion of pre-zeroed pages in this article: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/prefault-optimizations.html It reads as if the BSS region is the only significant user of zeroed pages. It appears to me to say that any virtual pages allocated to a process are pre-zeroed, which would include the BSS segment. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problem updating ports (latex-cjk)
Hi Fred, The make clean went ok. The make patch: === Vulnerability check disabled, database not found === License check disabled, port has not defined LICENSE === Found saved configuration for latex-cjk-4.8.2_4 === Extracting for latex-cjk-4.8.2_4 = SHA256 Checksum OK for cjk-4.8.2.tar.gz. === Patching for latex-cjk-4.8.2_4 === Applying FreeBSD patches for latex-cjk-4.8.2_4 # be compatible with Debian find: /usr/ports/print/latex-cjk/work/ccmap: No such file or directory *** Error code 1 Stop in /usr/ports/print/latex-cjk. *** Error code 1 Stop in /usr/ports/print/latex-cjk. In ~/latex-cjk/work is directory cjk-4.8.2 and file .extract_done.latex-cjk._user_local There is no ccmap directory in cjk-4.8.2 but the files look they are ready to be compiled. There is a Makefile. I just tried moving to that directory and running make install and clean. This was not successful either and I forgot to run script to capture the output. I ran make clean so I could start over and this failed with the following: ragnok# make clean make -C utils clean make -C Bg5conv clean bg5conv bg5conv:No such file or directory *** Error code 1 I think I may have a mess now and have no more time to work on it tonight. I will try again tomorrow. Best regards, Fred On 04/25/11 07:29, Frédéric Perrin wrote: Hello Fred, Fredf...@blakemfg.com writes: I ran into a problem when updating ports on 8.1-RELEASE (i386). ~/print/latex-cjk doesn't want to build. === Patching for latex-cjk-4.8.2_4 === Applying FreeBSD patches for latex-cjk-4.8.2_4 Ignoring previously applied (or reversed) patch. 1 out of 1 hunks ignored--saving rejects to texinput/Bg5/c00bsmi.fd.rej = Patch patch-texinput-Bg5-c00bsmi.fd failed to apply cleanly. Are you sure the work area is clean? Run `make clean', then `make patch' again. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
disk problem: suggestion on how to handle...
Good morning, I have a small server with an SSD drive in it that is having some problems. Notably, dmesg has been repeatedly reporting the following error message: g_vfs_done():ad0s1a[READ(offset=-574217714356717568, length=16384)]error = 5 I realize that the best course of action is to replace the disk and restore from a backup, but this isn't really an option immediately. So, is there a way to mark the inode bad and then launch an fsck ? How can I turn offset=-574217714356717568 into a usable piece of information? Any suggestion welcome. Denis, fortin@acm.org___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org