tcpdump behavior with netgraph
I am trying to troubleshoot my netgraph setup. I have a custom node connected to ng_ether's orphan and upper hooks. This node inserts a special ethernet tag into certain UDP broadcast packets going out and strip it coming back in. With tcpdump I see two entries for each packet sent, one without the special ethernet tag and one with it. 1. Is it correct that tcpdump sees the packet twice, and why? According to the following diagram it does not make sense that tcpdump should see it twice: http://people.freebsd.org/~julian/layer2-current.pdf If the system has been running a while some of the UDP broadcast packets are not sent and I only see (with tcpdump) the packet without the special ethernet tag. 2. Is this an indication that the packet gets lost in the netgraph chain? Last question: 3. How can I better/debug troubleshoot what is going on in whole netgraphsubsystem, not just mode netgraph node that I inserted in the chain. Thanks PS. Questions numbered for your convenience :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: adding new cipher support to kernel
Soory the previous email had the wrong destinaton. A patch has been submitted to one of the commiters. It is in the process of being commited/approved/looked at (I not sure what to call it.) Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Established method to enable suid scripts?
Here is some information on what perl does: http://www.washington.edu/perl5man/pod/perlsec.html Also there is an option (not chosen by default) in the perl port to enable setuid. Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: redirecting command output depending on exit status
I have a cron task set up using lockf. I'd like to redirect one exit status to /dev/null : I think that the exit status of a command will be after any output of the command to stderr or stdout. So first it will say This is wrong and then it will exit giving you the exit code. The only thing I can think of is to write a wrapper script which in effect parses out the error message for example: command | grep -v offending message logfile Regards Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
X.21 PCI Express Cards for FreeBSD 7 or later
Does anybody know of a X.21 (PCI Express From factor) card that works under FBSD7 or later. It is quite hard to figure out from the hardware/release notes. Thanx Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPsec's use of processors
On Sat, Nov 15, 2008 at 3:15 PM, Patrick Lamaizière [EMAIL PROTECTED]wrote: Le Fri, 14 Nov 2008 13:37:58 +0200, Riaan Kruger [EMAIL PROTECTED] a écrit : I would like to know how IPsec makes use of a multi processor machine? I have gateway (FreeBSD 7.0) with four SAs configured. When testing throughput through the configured SAs, I see (with systat) that only one cpu works really hard (+-10% idle min), two others work a bit (+-70% idle min) and the fourth CPU does pretty much nothing. Is this normal, shouldn't at least the two cpus work hard because of the high throughput? I guess that's because the cryptographic requests are dispatched and done by two kernel threads. The thread 'crypto' dispatches and processes the requests, the thread 'crypto-returns' returns the results. You can see these kernel threads with top S H Regards. Thanx for your reply. So there is one thread to dispatch the crypto operations to the crypto providers and another to get the return. Also if i am using software crypto providers, as supplied per default on FreeBSD, there will be effectively one thread that does the actual symmetric crypto operations. I think this is so because the actual crypto operations in cryptosoft are synchronous and will complete and then return. With hardware crypto providers the crypto thread will pass the operation to the device and return letting the driver of the device call back when it is done. If my above assesment is correct then using the software crypto providers will result in only 1 CPU effectively being used for symmetric encryption. Regards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPsec's use of processors
I would like to know how IPsec makes use of a multi processor machine? I have gateway (FreeBSD 7.0) with four SAs configured. When testing throughput through the configured SAs, I see (with systat) that only one cpu works really hard (+-10% idle min), two others work a bit (+-70% idle min) and the fourth CPU does pretty much nothing. Is this normal, shouldn't at least the two cpus work hard because of the high throughput? I hope i am on the right list. Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Driver debugging help
On Fri, Sep 12, 2008 at 1:23 PM, Patrick Lamaizière [EMAIL PROTECTED]wrote: Le Thu, 11 Sep 2008 11:59:05 +0200, Riaan Kruger [EMAIL PROTECTED] a écrit : I am looking for hints to debug a driver I am working on. I get a page fault when running the driver intensively. The stack trace from the kernel dump only goes up to a free command which I suspect is being called from my driver. No matter what I do I cannot get a more complete stack trace. kgdb says something about the stack being corrupt when I do a backtrace/stack trace. Is there anything else I could use to help me pinpoint where I am going wrong? I have tried memguard but it has given me no information. Maybe I am using it incorrectly. Did you try redzone(9)? If the stack is corrupted it could be a buffer overflow. You can ask on freebsd-hackers or freebsd-drivers mailing lists. And may be show us the code? Regards. Thanx for the reply I realize, reading your question and my response, that I was pretty vague. Sorry for that. I will try redzone next and then get back with more specific questions. PS. I am always uncertain when to ask freebsd-questions or freebsd-drivers/freebsd-hackers. regards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Driver debugging help
I am looking for hints to debug a driver I am working on. I get a page fault when running the driver intensively. The stack trace from the kernel dump only goes up to a free command which I suspect is being called from my driver. No matter what I do I cannot get a more complete stack trace. kgdb says something about the stack being corrupt when I do a backtrace/stack trace. Is there anything else I could use to help me pinpoint where I am going wrong? I have tried memguard but it has given me no information. Maybe I am using it incorrectly. Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rotatelogs is rotating too quickly...
On Wed, Aug 20, 2008 at 2:58 PM, John Almberg [EMAIL PROTECTED] wrote: I'm a newbie admin and I've just figure out something that will be obvious to most on this list... that apache log files can get big, fast. I did a df for another reason the other day and was surprised to see my /var partition at 85% full. Anyway, I did some googling and decided to use rotatelogs to do just that. Now... I've updated all my apache config files to use rotate logs, like this: ErrorLog |/usr/local/sbin/rotatelogs /var/log/www/nes.com-error.log.%Y-%m-%d-%H_%M_%S 86400 CustomLog |/usr/local/sbin/rotatelogs /var/log/www/nes.com-access.log.%Y-%m-%d-%H_%M_%S 5M combined Unless I am blind and not seeing something, this is right out of the man page. The problem is that the access logs are rolling over very quickly... no where near the 5 Meg I expected. It's not quite every access, but almost. -rw-r--r-- 1 root wheel 5147 Aug 20 08:19 nes.com-access.log.2008-08-20-12_19_25 -rw-r--r-- 1 root wheel204 Aug 20 08:21 nes.com-access.log.2008-08-20-12_20_58 -rw-r--r-- 1 root wheel195 Aug 20 08:24 nes.com-access.log.2008-08-20-12_24_24 -rw-r--r-- 1 root wheel204 Aug 20 08:26 nes.com-access.log.2008-08-20-12_26_15 -rw-r--r-- 1 root wheel181 Aug 20 08:29 nes.com-access.log.2008-08-20-12_28_44 -rw-r--r-- 1 root wheel181 Aug 20 08:31 nes.com-access.log.2008-08-20-12_31_35 -rw-r--r-- 1 root wheel204 Aug 20 08:34 nes.com-access.log.2008-08-20-12_34_25 -rw-r--r-- 1 root wheel284 Aug 20 08:37 nes.com-access.log.2008-08-20-12_36_56 -rw-r--r-- 1 root wheel710 Aug 20 08:45 nes.com-access.log.2008-08-20-12_40_09 -rw-r--r-- 1 root wheel 3364 Aug 20 08:38 nes.com-error.log.2008-08-20-00_00_00 That does not look like 5 Meg but 5 Minutes. Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rotatelogs is rotating too quickly...
On Wed, Aug 20, 2008 at 4:03 PM, John Almberg [EMAIL PROTECTED] wrote: That does not look like 5 Meg but 5 Minutes. I don't think so... From the man pages: CustomLog |bin/rotatelogs /var/logs/logfile 5M common This configuration will rotate the logfile whenever it reaches a size of 5 megabytes. ErrorLog |bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M This configuration will rotate the error logfile whenever it reaches a size of 5 megabytes, and the suffix to the logfile name will be created of the form errorlog.-mm-dd-HH_MM_SS. Oops sorry. Didn't look close. Initial inspection of log file times looked like 5 mins. Riaan. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ALTQ and services
2008/8/19 Zbigniew Szalbot [EMAIL PROTECTED]
Hello,
I am trying to find out how to specify services in the below scenario:
ext_if=kue0
altq on $ext_if priq bandwidth 1024Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)
pass out on $ext_if proto tcp from $ext_if to any flags S/SA
keep state queue (q_def, q_pri)
pass in on $ext_if proto tcp from any to $ext_if flags S/SA
keep state queue (q_def, q_pri)
I grabbed this example off a web page but would anyone help me
understand how I can define queue priority for ssh, smtp, httpd and ftp?
I understand that q_pri has a priority over q_def, but where do I define
what's inside them? Many, many thanks!
--
Zbigniew Szalbot
www.LCWords.com
See http://www.openbsd.org/faq/pf/queueing.html or
http://home.nuug.no/~peter/pf/en/altqintro.html
Hope it helps
Riaan
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: make release and sysinstall
Sysinstall has a configuration file with wich you can specify several options, see man sysinstall(8) for more details. When making a release you set the sysinstalls configuration file with the LOCAL_PATCHES option to patch it to the chroot environment release build environment. We use it to create a automatic install for a host that we know exactly how the disks will be partitioned, what packages are installed what users etc. Here is an snippet of our patch file, (please note I have changed some of the names to protect the guilty :) ) --- /dev/null Sat Jan 26 17:11:01 2008 +++ release/install.cfg Sat Jan 26 17:17:46 2008 @@ -0,0 +1,31 @@ +debug=yes + +nonInteractive=yes +hostname=a.b.c +domainname=b.c + +mediaSetCDROM + +distSetMinimum + +disk=ar0 etc, etc Hope this helps. PS. You could also look at what nanobsd and I think pfsense does. I think they use a different approach. I have heard sysinstall should have been killed a long time ago but it still works well for us. Riaan On 8/13/08, Matias Surdi [EMAIL PROTECTED] wrote: Hi again, Suppose I build my own FreeBSD based distro, as described in release(7). How can I script sysinstall or replace it with another installer to customize the installation process? Thanks a lot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: make release and sysinstall
Another question: Suppose I create my own install.cfg for sysinstall and then I do a make release.If my sysinstall contains a couple of freeBSD packages (bash, python, etc..) plus a custom package created by me.. How must I instruct make release to include just those packages in the final CDROM? I have not personally added packages to my distribution CDs but, check out the CD_PACKAGE_TREE option in release(7). It is supposed to be the direcory(s) that contains packages for cd1 and cd2. I am replying to the freebsd-questions mailing list, so that other people can see it too. Maybe they can also help or be helped. It looks like you did not reply to the mailing as well. Remember to reply to the mailing list as well next time :) Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Prepending data to struct uio in kernel
I wish to insert a small buffer into (actually in front of) a uio structure received from userland through an ioctl call. I then want to map this uio structure to a dma map. Currently I am mallocing a new buffer, copying the uio data and my own data to that buffer and then mapping the buffer to DMA. Is it possible to insert data into a uio structure? Are there any functions that might help me? Is it a bad idea? (I do hope this is not to the incorrect list) Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Query on kgdb output
On Thu, Jun 5, 2008 at 11:59 AM, [EMAIL PROTECTED] wrote: Hi, I'm seeing regular kernel panics on my new box with a fresh install of 7.0-RELEASE. I'm trying to get some information out of kgdb by following the instructions in the handbook - however, I'm getting a 'cannot access memory' message when I try it: odin2008# kgdb kernel.debug /var/crash/vmcore.1 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol ps_pglobal_lookup] GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-marcel-freebsd. Cannot access memory at address 0x2fd9 (kgdb) where #0 0x in ?? () (kgdb) quit Am I doing something wrong, or does this point to a hardware failure? (I'm also seeing missing characters in /var/log/messages, which I addressed in a separate mail; not sure if it's related). Sorry the first reply went to the wrong place. What info does a stack trace (commadn bt in kgdb) give? Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pmcstat log file analysis
I am looking for an explanation of the pmc native log file fields (or so called raw output) when doing a pmctstat -R /tmp/mylogfile. A typical sample entry will look like: sample0x1000401 874 0xc09da725 s I guess the 874 is a PID and the s means system as opposed to user. Could anybody point me to documentation which explains this Thanx Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Make Release Customization
What is the best way to add new files into the CHROOT environment when doing a make release? I am trying to create my own distribution using the make release, from release(7), mechanism. The problem is, is that I wish to add files to the CHROOT environment. These files are my own config files that I wish to process with the *LOCAL**_**SCRIPT* script. I know there is a *LOCAL**_**PATCHES *option with which to patch in stuff into the CHROOT environment. However, I wish to avoid the patching mechanism, because of many reasons (which I will explain if you want me to :) ) Riaan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD Conferences 2008
Where can I get the FreeBSD conference/event schedule for 2008? I think I am most interested in BSDCan, EuroBSDCon - they seem to be the best. Can anybody recommend any other? Riaan Kruger PS. Sorry for asking 2 questions in one email. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
What is proxy user for?
Does anybody know why there is a proxy user? I am trying to get an understanding what the different users in /etc/passwd are for. A more general question probably would be, Is there any documentation/resource that gives information/motivation for the users and groups in /etc/? Thanx in advance ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
