Re: mpt problem on a Supermicro motherboard (FreeBSD 9.2 amd64)
Victor Sudakov wrote: I have several Supermicro-based servers with the mpt RAID adapter: # mptutil show adapter mpt0 Adapter: Board Name: UNUSED Board Assembly: Chip Name: C1068E Chip Revision: UNUSED RAID Levels: none # The problem is, I cannot configure any RAIDs (please see output below) from FreeBSD. If I configure volumes from BIOS setup, FreeBSD still sees them as separate physical discs. What am I doing wrong? I cannot use gmirror with these servers because a) if no MPT RAID is configured in BIOS setup, it cannot boot from HDD and b) if an MPT RAID *is* configured in BIOS setup, it occupies the last sector and prevents GEOM from working with these drives. Any help please? (or redirect me to a more appropriate maillist). After many unsuccessful trials and googling, we had to reconfigure the adapter from RAID mode to IT mode. It required flashing the adapter's BIOS from a Supermicro-supplied image and changing a jumper setting on the motherboard. Now as the adapter is in IT mode, it is a plain HBA the BIOS can boot from, and I have set up a gmirror on the SAS disks. After flashing the adapter BIOS, don't forget to enter its setup (Ctrl-C) and enable hotplugging of disks (called Removable Media Support in the menu, off by default). People come across similar problems and solutions on other OSes, like http://ubuntuforums.org/archive/index.php/t-973912.html -- Victor Sudakov Tomsk, Russia Russian Barefoot FAQ at http://www.barefooters.ru/barefoot.txt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
mpt problem on a Supermicro motherboard (FreeBSD 9.2 amd64)
Colleagues, I have several Supermicro-based servers with the mpt RAID adapter: # mptutil show adapter mpt0 Adapter: Board Name: UNUSED Board Assembly: Chip Name: C1068E Chip Revision: UNUSED RAID Levels: none # The problem is, I cannot configure any RAIDs (please see output below) from FreeBSD. If I configure volumes from BIOS setup, FreeBSD still sees them as separate physical discs. What am I doing wrong? I cannot use gmirror with these servers because a) if no MPT RAID is configured in BIOS setup, it cannot boot from HDD and b) if an MPT RAID *is* configured in BIOS setup, it occupies the last sector and prevents GEOM from working with these drives. Any help please? (or redirect me to a more appropriate maillist). # mptutil clear Are you sure you wish to clear the configuration on mpt0? [y/N] y mpt0: Configuration cleared # mptutil show volumes mpt0 Volumes: Id SizeLevel Stripe State Write-Cache Name # mptutil show drives mpt0 Physical Drives: da0 ( 558G) ONLINE HITACHI HUS156060VLS600 A760 SCSI-6 bus 0 id 0 da1 ( 558G) ONLINE HITACHI HUS156060VLS600 A760 SCSI-6 bus 0 id 1 da2 ( 558G) ONLINE HITACHI HUS156060VLS600 A760 SCSI-6 bus 0 id 2 da3 ( 558G) ONLINE HITACHI HUS156060VLS600 A760 SCSI-6 bus 0 id 3 # # mptutil create raid1 -v da2,da3 mptutil: Reading config page header failed: Invalid configuration page Added drive da2 with PhysDiskNum 0 mptutil: Reading config page header failed: Invalid configuration page # # mptutil show volumes mpt0 Volumes: Id SizeLevel Stripe State Write-Cache Name # -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
D-Link DUBE100 USB NIC does not work
Dear Colleagues, It is written in axe(4) and in the HCL for 9.1 that D-Link DUBE100 is supported. I have bought one and the system shows it as ugen0.3: product 0x1a02 vendor 0x2001 at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (200mA) What am I doing wrong? Why does it not attach a driver to it? Should I do something else besides plugging the device in for the network interface to appear? I am running stable/9 (9.2-BETA2 at the moment). TIA for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: D-Link DUBE100 USB NIC does not work
Waitman Gobble wrote: It is written in axe(4) and in the HCL for 9.1 that D-Link DUBE100 is supported. I have bought one and the system shows it as ugen0.3: product 0x1a02 vendor 0x2001 at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (200mA) What am I doing wrong? Why does it not attach a driver to it? Should I do something else besides plugging the device in for the network interface to appear? I am running stable/9 (9.2-BETA2 at the moment). Hi, did you see the axe(4) man page? Yes. I mentioned it in my message. Did you put if_axe_load=YES in loader.conf or build kernel with axe support? The GENERIC kernel already has device axe [sudakov@vas ~] grep axe /sys/amd64/conf/GENERIC device axe # ASIX Electronics USB Ethernet [sudakov@vas ~] [root@vas ~] kldload if_axe kldload: can't load if_axe: Exec format error [root@vas ~] dmesg | grep axe module axe already present! interface axe.1 already present in the KLD 'kernel'! [root@vas ~] -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
last(1) does not work after upgrade to 9.1-STABLE
Colleagues, I have upgraded from 9.0-STABLE to 9.1-STABLE (via make world) and have found out that last(1) does not work any more. From the output of strings /var/log/utx.log I guess that the information about recent logins, users, hosts etc is there, but somehow last does not show it. The last entries it shows are from the moment before installworld. [sudakov@vas ~] last | head -n3 sudakovpts/4:0 ср 2 янв 13:32 still logged in sudakovpts/5:0 ср 2 янв 13:01 - 13:01 (00:00) sudakovpts/4:0 ср 2 янв 13:01 - 13:19 (00:18) [sudakov@vas ~] What can it mean? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: a wireless network freezes the machine?
Victor Sudakov wrote: Is it possible that wpa_supplicant or some other part of the WiFi setup causes the hangs? Nothing else has changed in the system besides its role from the access point to a WiFi client. Actually, kern/170066 may be related, but it's different hardware and in my case, the box does not freeze immediately at wpa_supplicant's start, though it does freeze eventually, especially if there is some load on the video subsystem (Intel SandyBridge with the recent x11-drivers/xf86-video-intel) like watching a movie. Now after a period of observation I am sure that it is the wpa_supplicant which freezes the machine. And this happens only when wpa_supplicant cannot associate with a configured access point. If the access point is online and available, everything works fine for hours. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: a wireless network freezes the machine?
Victor Sudakov wrote: [dd] Is it possible that wpa_supplicant or some other part of the WiFi setup causes the hangs? Nothing else has changed in the system besides its role from the access point to a WiFi client. Actually, kern/170066 may be related, but it's different hardware and in my case, the box does not freeze immediately at wpa_supplicant's start, though it does freeze eventually, especially if there is some load on the video subsystem (Intel SandyBridge with the recent x11-drivers/xf86-video-intel) like watching a movie. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
a wireless network freezes the machine?
Dear Colleagues, Running FreeBSD 9.0-STABLE, ath0: Atheros 5212 mem 0xfe40-0xfe40 irq 19 at device 0.0 on pci7 ath0: AR2413 mac 7.9 RF2413 phy 4.5 I have run this box for a long time as a WiFi access point for my home laptops and smartphones and never had a problem, the config was: # Wi-Fi setup wlans_ath0=wlan0 create_args_wlan0=wlanmode hostap hostapd_enable=YES However several days ago I had to run the box as a WiFi client, with ifconfig_wlan0=DHCP WPA hostapd_enable=NO and it began to freeze frequently. It freezes very hard, only the reset button helps. Is it possible that wpa_supplicant or some other part of the WiFi setup causes the hangs? Nothing else has changed in the system besides its role from the access point to a WiFi client. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sharing COM ports to Windows hosts
Peter Vereshagin wrote: Depending on a task I think the most interactive user-friendly solution here is a minicom(s) each in its own ssh'ed jail(s). There is special Windows software for managing Natex MUXes. It works with those MUXes via an RS232 port only. I want to be able to run it from a remote location. Solution 1. A hardware RS232 portserver (e.g. Moxa) and a special Windows driver for COM-port redirection. Works great. Disadvantage: it's pretty expensive and occupies additional rack space. Solution 2. Using an existing networked FreeBSD box sitting next to the MUX, it already has COM ports. Advantage: cheap, no additional rack space and power. Disadvantage: doubts if this solution is feasible, especially on the Windows side. A minicom or any other interactive terminal emulation software is out of the question. The MUX managing software uses its own protocol over RS323 and insists that it be a real port. Perhaps my English is so poor that I could not present the task correctly from the very beginning. Sorry for that. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sharing COM ports to Windows hosts
per...@pluto.rain.com wrote: In fact, the question is whether there is a standards compliant (not written for some proprietary hardware terminal server protocol) driver for Windows. Not exactly a FreeBSD question, I know :) Finding a Windows driver that will work with an existing FreeBSD program is certainly one possible approach. Another, which I understood to be the intent of the original inquiry, is finding a FreeBSD solution that will work with an existing Windows driver. I am fine with that too. Whatever works. There's surely no reason why a FreeBSD system _can't_ support a protocol originally developed by a hardware terminal server manufacturer, as vpnc does for the Cisco VPN protocol. Actually, that was the reason of my question here: perhaps someone has already found a matching pair (freeware if possible). Two commercial solutions have already been named: NetDialout from PCMicro and DialOut/EZ COM Port Redirector from Tactical Software. Eric has mentioned com0com, but I have not been able to make it work (I am not much of a Windows guy, and this software is a good example of Windows hacking, in the good sense of the word, but still, I cannot figure out how to create the configuration described in the README file, some components seem missing). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sharing COM ports to Windows hosts
per...@pluto.rain.com wrote: There is a FreeBSD box with several RS232 ports. Can those ports be accessed by Windows hosts over the network? If I understand your question correctly, then AFAICT the only way to access serial ports over the network is with a piece of additional hardware, like a terminal server, for instance: http://www.perle.com/products/Terminal-Server.shtml?utm_source=ppcutm_medium=cpcutm_campaign=server I believe the OP wants to use a FreeBSD machine, that has several serial ports and a network connection, _as_ a terminal server. Correct. I can think of no reason why such an arrangement could not be made to work; the question is whether someone has already written the necessary FreeBSD code to accept a telnet/ssh/whatever connection, There are several in the ports collection. Some even implement RFC2217. Some work and some don't. initiated by a Windows terminal-server driver, and _transparently_ connect the session to a serial port on the FreeBSD machine In fact, the question is whether there is a standards compliant (not written for some proprietary hardware terminal server protocol) driver for Windows. Not exactly a FreeBSD question, I know :) -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sharing COM ports to Windows hosts
Eric Masson wrote: There is a FreeBSD box with several RS232 ports. Can those ports be accessed by Windows hosts over the network? Actually, does anyone have a success story for such a scenario? Yes, sredird on the FreeBSD box NetDialout from PCMicro on the Windows box. Oh, NetDialout is commercial software, but thanks anyway. There is some software like comms/serialoverip, comms/tits etc but are there any (freeware) Windows virtual COM port drivers compatible therewith? http://en.wikipedia.org/wiki/COM_port_redirector#Open_source_solutions com0com Project's com2tcp may be what you're expecting. At least it has an example of an RFC 2217 client (COM port to TCP redirector) in its README file. Thanks again, will look at it. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sharing COM ports to Windows hosts
Polytropon wrote: There is a FreeBSD box with several RS232 ports. Can those ports be accessed by Windows hosts over the network? Actually, does anyone have a success story for such a scenario? There is some software like comms/serialoverip, comms/tits etc but are there any (freeware) Windows virtual COM port drivers compatible therewith? Maybe some Windows drivers for hardware console servers (like Moxa) would work with tits etc? It is _easily_ possible, even though my own experiences do not include doing this with Windows, but with other BSD boxes and even DOS. First you have to enable a serial terminal connection just the same way you handle the virtual terminals in text mode: Edit /etc/ttys and enable the line ttyu0 /usr/libexec/getty std.19200 dialup on secure Sorry, Polytropon, you understood the challenge the wrong way around. Have you ever heard of reverse telnet and reverse ssh (these are terms from the Cisco world though). I am trying to use an existing FreeBSD box as an el cheapo portserver. I don't need to use the Windows box as a serial terminal. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sharing COM ports to Windows hosts
Colleagues, There is a FreeBSD box with several RS232 ports. Can those ports be accessed by Windows hosts over the network? Actually, does anyone have a success story for such a scenario? There is some software like comms/serialoverip, comms/tits etc but are there any (freeware) Windows virtual COM port drivers compatible therewith? Maybe some Windows drivers for hardware console servers (like Moxa) would work with tits etc? Thanks a lot for any advice. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: doom, quake, hexen...
Victor Sudakov wrote: Try games/deng. This one would not run out of the box either: Yuri, you are the maintainer of the games/deng port. What great luck! I have contacted the deng forum about deng not working and they said the software is too old: http://dengine.net/forums/viewtopic.php?f=7t=1176 Do you care to update the port, perhaps the new deng will work? [sudakov@vas ~] deng -game jdoom -file tmp/DOOM.WAD Z_Create: New 32.0 MB memory volume. determineGlobalPaths: Base path = /usr/local/share/deng/ Con_Init: Initializing the console. Executable: Version 1.9.0-beta6.9 Aug 21 2012 (DGL). Sys_InitWindowManager: Using SDL window management. While opening dynamic library /usr/local/lib/libjdoom.so: /usr/local/lib/libjdoom.so: Undefined symbol Con_AddCommand loadGamePlugin: Loading of libjdoom.so failed ((null)). Error loading game library.Z_Shutdown: Used 1 volumes, total 33554432 bytes. [sudakov@vas ~] -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: doom, quake, hexen...
Josh Tolbert wrote: games/quake2max is a good one...At least it was years ago when I tried it. I see nothing in the Makefile that will prevent it from building on amd64. Josh, I must be especially out of luck, it dumps core. Script started on Tue Aug 21 20:29:49 2012 [sudakov@vas ~] quake2max^M Added packfile /usr/local/share/quake2/baseq2/pak0.pak (1106 files) Added packfile /usr/local/lib/quake2max/baseq2/maxpak.pak (118 files) Using '/home/sudakov/.quake2/baseq2' for writing. execing default.cfg couldn't exec maxconfig Console initialized. --- sound initialization --- sound sampling rate: 44100 --- Loading rfx_glx.so --- LoadLibrary(/usr/local/lib/quake2max/rfx_glx.so) rfx_gl version: GL 0.01 ... Using stencil buffer Initializing OpenGL display ...setting fullscreen mode 3: 640 480 Using XFree86-VidModeExtension Version 2.2 Using hardware gamma GL_VENDOR: Tungsten Graphics, Inc GL_RENDERER: Mesa DRI Intel(R) Sandybridge Desktop GL_VERSION: 2.1 Mesa 7.11.2 GL_EXTENSIONS: GL_ARB_multisample GL_EXT_abgr GL_EXT_bgra GL_EXT_blend_color GL_EXT_blend_logic_op GL_EXT_blend_minmax GL_EXT_b ...allowing CDS ...enabling GL_EXT_compiled_vertex_array ...using GL_EXT_point_parameters ...using GL_ARB_multitexture ...GL_SGIS_multitexture not found ...using GL_ARB_texture_env_combine ...GL_NV_texture_shader not found ...using GL_SGIS_generate_mipmap ...ignoring GL_ARB_texture_compression Segmentation fault (core dumped) [sudakov@vas ~] exit Script done on Tue Aug 21 20:30:06 2012 -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
doom, quake, hexen...
Colleagues, Please advise if there are any 3D shooters in the ports collection which work out of the box on 9.0-STABLE (amd64)? None of those I have tried work for a number of irritating reasons, like e.g. games/uhexen: http://pastebin.com/ZaJ74eaa games/doom: http://pastebin.com/XdrCwzvn games/quake2lnx even pretends to do something: it opens a tiny X11 window with some flickering rubbish and plays some farting sounds to the audio system. Is there any working 3D shooter in the ports collection my 8 year old son could enjoy? Thank you very much in advance. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: doom, quake, hexen...
Polytropon wrote: Please advise if there are any 3D shooters in the ports collection which work out of the box on 9.0-STABLE (amd64)? None of those I have tried work for a number of irritating reasons, like e.g. games/uhexen: http://pastebin.com/ZaJ74eaa MIDI load failed:/etc/timidity.cfg: No such file or directory Install timidity++ from ports to get MIDI background music support. Actually I have compiled it WITHOUT_MUSIC. Anyway, recompiling with background music support does not make things any better: Starting Hexen! XDM authorization key matches an existing client!V_Init: allocate screens. M_LoadDefaults: Load system defaults. W_Init: Init WADfiles. DEMO IWAD detected! Z_Init: Init zone memory allocation daemon. MN_Init: Init menu system. CT_Init: Init chat mode data. S_InitScript SN_InitSequenceScript: Registering sound sequences. I_Init: Setting up machine state. SDL Audio opened successfully. ST_Init: Init startup screen. Executable: U-Hexen 0.5 build Aug 20 2012. R_Init: Init Hexen refresh daemonTextures Bus error (core dumped) games/doom: http://pastebin.com/XdrCwzvn doom-1.10_5 is only for i386, while you are running amd64. A precise message. Does not make me any happier. games/quake2lnx even pretends to do something: it opens a tiny X11 window with some flickering rubbish and plays some farting sounds to the audio system. Is there any working 3D shooter in the ports collection my 8 year old son could enjoy? How about OpenArena? I'm currently playing it with pals via Internet. Okay, not at this moment, as I'm writing this message, obviously... :-) This is some multiuser game, isn't it? I was looking for something one could play alone, like Doom or Hexen. I have some WADs from the old DOS CDs and from BBSes. Thank you very much in advance. First make sure all your 3D stuff runs fine. Install xlockmore and test it with: % xlock -nolock -mode lament % xlock -nolock -mode fire Works fine? Yes, it does. In fact, I use xlock as my screensaver all the time. Next consideration: Games in ports collection that run out of the box (even though I still have 8.2-STABLE/x86 here) include DooM 3 and Quake 4. If I wanted a linux game, I would use the linux notebook. I am very reluctant in install half-a-penguin on my FreeBSD box just to play a game. I've also tried RTCW, but except a grey fullscreen I get nothing. Music plays, I can move the mouse and listen to the main menu choices clicking, but I don't see anything. For older DooM ports, I've successfully been playing DooM, DooM II and Heretic using lsdldoom port on a 300 MHz P2. Note lsdldoom also supports OpenGL graphics. Which port is it? make search key=lsdldoom finds nothing. I could also play Quake, Quake 2 from ports, and Jedi Knight II via wine. Oh, is there really nothing native? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: doom, quake, hexen...
Walter Hurry wrote: prboom works flawlessly on my FreeBSD9 laptop. Wow! This one really works and looks like the good old Doom, music and sound and all. Thank you Walter! -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: doom, quake, hexen...
Yuri Pankov wrote: Please advise if there are any 3D shooters in the ports collection which work out of the box on 9.0-STABLE (amd64)? None of those I have tried work for a number of irritating reasons, like e.g. games/uhexen: http://pastebin.com/ZaJ74eaa games/doom: http://pastebin.com/XdrCwzvn games/quake2lnx even pretends to do something: it opens a tiny X11 window with some flickering rubbish and plays some farting sounds to the audio system. Is there any working 3D shooter in the ports collection my 8 year old son could enjoy? Thank you very much in advance. Try games/deng. This one would not run out of the box either: [sudakov@vas ~] deng -game jdoom -file tmp/DOOM.WAD Z_Create: New 32.0 MB memory volume. determineGlobalPaths: Base path = /usr/local/share/deng/ Con_Init: Initializing the console. Executable: Version 1.9.0-beta6.9 Aug 21 2012 (DGL). Sys_InitWindowManager: Using SDL window management. While opening dynamic library /usr/local/lib/libjdoom.so: /usr/local/lib/libjdoom.so: Undefined symbol Con_AddCommand loadGamePlugin: Loading of libjdoom.so failed ((null)). Error loading game library.Z_Shutdown: Used 1 volumes, total 33554432 bytes. [sudakov@vas ~] -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: doom, quake, hexen...
Polytropon wrote: [dd] Which port is it? make search key=lsdldoom finds nothing. Oh, it's doomlegacy. Thanks, will look at it. I could also play Quake, Quake 2 from ports, and Jedi Knight II via wine. Oh, is there really nothing native? No, that game is far too old, but Quake and Quake 2 have ports (to native FreeBSD) which work very nicely with the original files from the DOS version. What are the ports' names? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: doom, quake, hexen...
Polytropon wrote: I could also play Quake, Quake 2 from ports, and Jedi Knight II via wine. Oh, is there really nothing native? No, that game is far too old, but Quake and Quake 2 have ports (to native FreeBSD) which work very nicely with the original files from the DOS version. What are the ports' names? The port for Quake is games/quakeforce (the binary then is You probably meant games/quakeforge. It does not compile. Perhaps I should submit a PR. for Quake 2 it is games/quake2. There is no such directory games/quake2. There is games/quake2lnx, but it does not work as I wrote in the first mail: games/quake2lnx even pretends to do something: it opens a tiny X11 window with some flickering rubbish and plays some farting sounds to the audio system. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Locally modifying ports
kron wrote: I use in /etc/make.conf: ... .if ${.CURDIR:M*/ports/x11-wm/openbox} EXTRA_PATCHES+=/home/ok/patches/openbox/patch-VK-NULL_SELF_TITLE.diff EXTRA_PATCHES+=/home/ok/patches/openbox/patch-VK-SPEED_FOCUS.diff .endif ... What do you do if the extra patches need some pathnames to be removed (need a PATCH_STRIP different from those in files/patch-*)? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Securituy - logging of user commands
Peter Boosten wrote: Have you ever considered the audit function of FreeBSD? Does it really log user commands? At best, it logs executed processes. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
alias_pptp.ko
Colleagues, Several PPTP sessions do not work through ipfw nat without loading the alias_pptp.ko module. How can I compile this functionality (NAT for PPTP sessions) into the kernel? The following confuguration: options IPFIREWALL options IPFIREWALL_NAT options LIBALIAS is not sufficient, one still has to load alias_pptp.ko as a module. I could not find the relevant option in the NOTES. Thank you very much for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
enable modeline in vim
Colleagues, Do you know how to enable modelines in vim running from root? Even if I put set modeline in /root/.vimrc, the output of :set modeline? still shows nomodeline. At the same time, set modeline in ~/.vimrc works for all other accounts except root. Someone has protected the root account so tightly that I cannot even shoot myself in the leg. Do you know how I could override this protection? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: enable modeline in vim
Виталий Туровец wrote: Do you know how to enable modelines in vim running from root? Even if I put set modeline in /root/.vimrc, the output of :set modeline? still shows nomodeline. At the same time, set modeline in ~/.vimrc works for all other accounts except root. Someone has protected the root account so tightly that I cannot even shoot myself in the leg. Do you know how I could override this protection? In my vimrc i have next: set modeline set modelines=3 As I said, in /root/.vimrc I have: set modeline set modelines=5 And it works, no matter from root or normal user. Hope this helps. And it does not work for root. vim-7.3.556_1 Surely I am doing something stupid but I cannot figure out what. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: enable modeline in vim
Patrick wrote: Do you know how to enable modelines in vim running from root? Even if I put set modeline in /root/.vimrc, the output of :set modeline? still shows nomodeline. At the same time, set modeline in ~/.vimrc works for all other accounts except root. Someone has protected the root account so tightly that I cannot even shoot myself in the leg. Do you know how I could override this protection? In my vimrc i have next: set modeline set modelines=3 As I said, in /root/.vimrc I have: set modeline set modelines=5 And it works, no matter from root or normal user. Hope this helps. And it does not work for root. vim-7.3.556_1 Surely I am doing something stupid but I cannot figure out what. Assuming you've installed vim from the ports tree, /usr/local/share/vim/vimrc is the shared vimrc file amongst all users. Have you tried setting it in there? I have finally found the cause of the trouble. There was a set nocompatible command in ~/.vimrc after the set modeline command. According to the documentation, the compatible option modifies many other options, including the modeline options. The solution is to put the set nocompatible command at the very start of the ~/.vimrc file (as the documentation recommends) or to remove it altogether. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD on the ASUS P8H67-M LGA1155 H67 motherboard
Victor Sudakov wrote: 2. It looses one of the HDDs during intensive read/write operations: Jun 2 00:55:33 vas kernel: ahcich1: Timeout on slot 4 port 0 Jun 2 00:55:33 vas kernel: ahcich1: is cs 00c0 ss 00f0 rs 00f0 tfd c0 serr cmd c617 Jun 2 00:56:48 vas kernel: ahcich1: Timeout on slot 0 port 0 Jun 2 00:56:48 vas kernel: ahcich1: is cs 0001 ss rs 0001 tfd c0 serr cmd c017 Jun 2 00:57:20 vas kernel: ahcich1: AHCI reset: device not ready after 31000ms (tfd = 0080) I shall of course check the HDD and cable, but they worked flawlessly on the previous system. The cable is OK. I have tried different SATA slots on the motherbord too, the HDD losses persist. How can a rule out a kernel driver bug in ahci or ada, perhaps a PR is due? Well, there is already a very similar PR kern/161248 -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD on the ASUS P8H67-M LGA1155 H67 motherboard
Peter Vereshagin wrote: VS What video card would the collective mind of FreeBSD users recommend? VS I'm not a gamer, this box runs FreeBSD only with a recent xorg, I VS often watch movies on it. I'd try with nvidia. Any modern one has support of 'xvideo' extension with the 'driver nv' that is 'just enough' for watching movies. I've no modern hardware but the model that works good for years for me is: tnt2 agp 32M. Just the same as out of every TransNeft's trashcan around the corner these days. ;-) They gave me the following from the TransNeft trashcan, indeed: VendorName NVIDIA Corporation BoardName NV18 [GeForce4 MX 440 AGP 8x] Driver nv It says AGP but in reality it is PCI, perhaps some very rare species :) It has X-Video Extension version 2.2, my movies are back, hurrah! In the meanwhile, I'll wait for the development of the SandyBrdige Intel driver. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD on the ASUS P8H67-M LGA1155 H67 motherboard
Victor Sudakov wrote: 2. It looses one of the HDDs during intensive read/write operations: Jun 2 00:55:33 vas kernel: ahcich1: Timeout on slot 4 port 0 Jun 2 00:55:33 vas kernel: ahcich1: is cs 00c0 ss 00f0 rs 00f0 tfd c0 serr cmd c617 Jun 2 00:56:48 vas kernel: ahcich1: Timeout on slot 0 port 0 Jun 2 00:56:48 vas kernel: ahcich1: is cs 0001 ss rs 0001 tfd c0 serr cmd c017 Jun 2 00:57:20 vas kernel: ahcich1: AHCI reset: device not ready after 31000ms (tfd = 0080) I shall of course check the HDD and cable, but they worked flawlessly on the previous system. The cable is OK. I have tried different SATA slots on the motherbord too, the HDD losses persist. How can a rule out a kernel driver bug in ahci or ada, perhaps a PR is due? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD on the ASUS P8H67-M LGA1155 H67 motherboard
Wojciech Puchar wrote: 2. It looses one of the HDDs during intensive read/write operations: Jun 2 00:55:33 vas kernel: ahcich1: Timeout on slot 4 port 0 Jun 2 00:55:33 vas kernel: ahcich1: is cs 00c0 ss 00f0 rs 00f0 tfd c0 serr cmd c617 Jun 2 00:56:48 vas kernel: ahcich1: Timeout on slot 0 port 0 Jun 2 00:56:48 vas kernel: ahcich1: is cs 0001 ss rs 0001 tfd c0 serr cmd c017 Jun 2 00:57:20 vas kernel: ahcich1: AHCI reset: device not ready after 31000ms (tfd = 0080) I shall of course check the HDD and cable, but they worked flawlessly on the previous system. well i've had such problems regularly with many motherboard. It happens often when you have many disks and put heavy load on them. Indeed this happens under load. I would not call it particularly heavy though, it's more like moving large files between zfs datasets causes the loss of drive. And it is only result of poor hardware (not sure - poor controller, motherboard design, both?). i tried changing disks, ports, until i replaced this server with dell poweredge ;) Can we be sure that it is not a bug in the ahci or ada driver? Is there a way to reinit and reattach the failed drive? if this is quite random, swapping ports change the behaviour but not solve it, swapping cables does not, yet there is no real rule when and why it happens you have same problem that i've had. Could it have been a power problem? 3. I had to run xorg in VESA mode, because xf86-video-intel-2.7.1_4 does not recognize the video chip on the motherboard on question. That is a tried this from ports? drwxr-xr-x 2 root wheel 512 18 maj 16:49 xf86-video-intel29 Yes, I have too. It says no device detected or something like that. depends of hardware model. actually intel GFX is the only one i tolerate and it works. Eg the one in my lenovo G550 laptop needs 2.7 driver, the one builtin in Atom D525 processor needs 2.9 driver. Completely new intel GFX are not YET supported but that what i only heard as i don't have any of them. What video card would the collective mind of FreeBSD users recommend? I'm not a gamer, this box runs FreeBSD only with a recent xorg, I often watch movies on it. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.0 on SSD
Warren Block wrote: [dd] I have not done any tricky partition alignment, do I really need to? Is anything else advisable? If it's not aligned, there can be a pretty significant performance drop. Please show the output of 'gpart show' on that drive if it's GPT (gpart show ada0) or drive and slice if it's MBR/bsdlabel (gpart show ada0 gpart show ada0s1). It was created by the Auto option of the new FreeBSD installer: [sudakov@vas ~] gpart show ada0 = 34 117231341 ada0 GPT (55G) 34128 1 freebsd-boot (64k) 162 48928 2 freebsd-ufs (53G) 490905861376 3 freebsd-swap (2.8G) 117010466 220909- free - (107M) That is not aligned, either with 4K or 1M: (162*512)/4096 = 20.25 If the performance is good enough, leave it alone. Use # diskinfo -tv /dev/ada0p2 to get an optimistic version, or do some in-depth benchmarking with benchmarks/bonnie++. To get it aligned, back up and repartition: [dd] Warren, Thank you very much for the useful tips. One more question regarding SSD. The FreeBSD installer enabled journaled soft-updates on the filesystem which resides on the SSD. Is it good, bad or irrelevant for the SSD ? /dev/ada0p2 on / (ufs, local, noatime, journaled soft-updates, nfsv4acls) -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD on the ASUS P8H67-M LGA1155 H67 motherboard
I have installed 9.0-RELEASE on this motherboard with the following brief results: $ cat /dev/sndstat FreeBSD Audio Driver (newpcm: 64bit 2009061500/amd64) Installed devices: pcm0: HDA Realtek ALC892 PCM #0 Analog (play/rec) default pcm1: HDA Realtek ALC892 PCM #1 Analog (play/rec) pcm2: HDA Realtek ALC892 PCM #2 Digital (play) pcm3: HDA Realtek ALC892 PCM #3 Digital (play) pcm4: HDA Intel Cougar Point HDMI PCM #0 DisplayPort (play) $ The devices /dev/dsp0, /dev/dsp1 even play to different audio outputs (front panel and rear panel). However, there are some more or less serious problems: 1. The green console screensaver does not poweroff the monitor. It just blanks the screen and sometimes displays white rubbish thereon. 2. It looses one of the HDDs during intensive read/write operations: Jun 2 00:55:33 vas kernel: ahcich1: Timeout on slot 4 port 0 Jun 2 00:55:33 vas kernel: ahcich1: is cs 00c0 ss 00f0 rs 00f0 tfd c0 serr cmd c617 Jun 2 00:56:48 vas kernel: ahcich1: Timeout on slot 0 port 0 Jun 2 00:56:48 vas kernel: ahcich1: is cs 0001 ss rs 0001 tfd c0 serr cmd c017 Jun 2 00:57:20 vas kernel: ahcich1: AHCI reset: device not ready after 31000ms (tfd = 0080) I shall of course check the HDD and cable, but they worked flawlessly on the previous system. 3. I had to run xorg in VESA mode, because xf86-video-intel-2.7.1_4 does not recognize the video chip on the motherboard on question. That is a pain! mplayer is incredibly slow on all movies. It complains that your system is too slow to play this and gives a plethora of obscure recommendations, but I basically thought that the sheer CPU power should be sufficient to play the video. Is there a solution which just works? Replacing mplayer with something else? Buying a video card (what model)? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 9.0 on SSD
Warren Block wrote: I have installed 9.0-RELEASE on a SSD drive with the following tweaking so far: 1. tmpmfs=YES (WRKDIRPREFIX etc will go there too). 2. mount -o noatime 3. tunefs -t enable I have not done any tricky partition alignment, do I really need to? Is anything else advisable? If it's not aligned, there can be a pretty significant performance drop. Please show the output of 'gpart show' on that drive if it's GPT (gpart show ada0) or drive and slice if it's MBR/bsdlabel (gpart show ada0 gpart show ada0s1). It was created by the Auto option of the new FreeBSD installer: [sudakov@vas ~] gpart show ada0 = 34 117231341 ada0 GPT (55G) 34128 1 freebsd-boot (64k) 162 48928 2 freebsd-ufs (53G) 490905861376 3 freebsd-swap (2.8G) 117010466 220909- free - (107M) [sudakov@vas ~] There is one thing that worries me, why is TRIM not shown as enabled in camcontrol output? [root@vas ~] tunefs -p /dev/ada0p2 | grep -i trim tunefs: trim: (-t) enabled [root@vas ~] camcontrol identify ada0 | egrep '^Fea|TRIM' Feature Support Enabled Value Vendor data set management (TRIM) yes [root@vas ~] I think that no value there means it cannot be enabled or disabled; it's always on. Oh. Thanks. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
9.0 on SSD
Colleagues, I have installed 9.0-RELEASE on a SSD drive with the following tweaking so far: 1. tmpmfs=YES (WRKDIRPREFIX etc will go there too). 2. mount -o noatime 3. tunefs -t enable I have not done any tricky partition alignment, do I really need to? Is anything else advisable? There is one thing that worries me, why is TRIM not shown as enabled in camcontrol output? [root@vas ~] tunefs -p /dev/ada0p2 | grep -i trim tunefs: trim: (-t) enabled [root@vas ~] camcontrol identify ada0 | egrep '^Fea|TRIM' Feature Support Enabled Value Vendor data set management (TRIM) yes [root@vas ~] -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD on the ASUS P8H67-M LGA1155 H67 motherboard
Shane Ambler wrote: Do you have success stories running FreeBSD on an ASUS P8H67-M LGA1155 H67 motherboard? This will be mostly a desktop system on 9.0-RELEASE. I am worried especially about the Sandy Bridge video, shall I be able to use it with xorg at least in VESA modes? Do also the sound/NIC/etc drivers work well with this motherboard? I am running 9.0-RELEASE on an ASUS P8H61-M LE/USB3 with a corei5 Having the same audio and LAN chips I can say they work. Had some trouble getting the audio working to start with, vaguely recall it was something with the generic sound detection didn't pick the right driver, once I enabled one specific sound device I haven't had trouble (also that was back in rc3). Only using stereo speakers so can't vouch for any surround features. Add snd_hda_load=YES to /boot/loader.conf Thanks for the good news. Can you please show 'cat /dev/sndstat' and what the kernel thinks about the NIC (is it the re(4) driver?) Using an Nvidia PCIe card - haven't tried the on-board video. I have tried PC-BSD 9.0 on a similar motherboard with a Sandy Bridge video, it seems to work in VESA mode. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD on the ASUS P8H67-M LGA1155 H67 motherboard
Colleagues, Do you have success stories running FreeBSD on an ASUS P8H67-M LGA1155 H67 motherboard? This will be mostly a desktop system on 9.0-RELEASE. I am worried especially about the Sandy Bridge video, shall I be able to use it with xorg at least in VESA modes? Do also the sound/NIC/etc drivers work well with this motherboard? TIA. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
getty + cu, blocking mode, dialout
Colleagues, If there is a getty on /dev/ttyu0, should I be able to dialout from the /dev/cuau0 device? I remember that several years ago a getty did not interfere with dialout if you used a special dialout device, but now it does not seem to be the case: # cu -s 9600 -l /dev/cuau0 link down # grep ttyu0 /etc/ttys ttyu0 /usr/libexec/getty ppp.57600 dialup on insecure # # grep -A4 ppp.57600 /etc/gettytab ppp.57600:\ :im=User Access Verification\n\n:\ :pp=/etc/ppp/ppplogin:\ :tc=std.57600: # I can only dialout after setting ttyu0 to off and init q. It is all happening on 8.2-RELEASE-p6 i386. There is an external modem attached to the ttyu0 line. Here is a ktrace of cu: http://zalil.ru/33111377 Thank you very much for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster best practices
Volodymyr Kostyrko wrote: [dd] NO_BACKUP means don't create a temporary package when deleting something. This is unsuitable for me as /usr/ports in my network is distributed via NFS ro. I also share /usr/ports via NFS ro, but I have defined PACKAGES=/var/tmp/packages in portmaster.rc to store backups of deleted packages, just in case. [dd] -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster best practices
Volodymyr Kostyrko wrote: If portaudit shows that some installed packages have vulnerabilities, what do you usually do? Greatly depend on where am I. All my systems are staying up-to-date whereas when I'm visiting someones system I prefer to update only required pieces of software. Anyway if you tell portmaster to update port x it would try to update all ports it depends on. Does it often screw things up when updating dependencies (both ascending and descending ones)? Do you recommend to always update the ascending dependencies (portmaster -r) also? [dd] The better way of debugging such problems for me is pkg_libchk from sysutils/bsdadminscripts. I use sysutils/libchk when I have to, but it is a tedious manual job I would like to avoid. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster best practices
Roland Smith wrote: If portaudit shows that some installed packages have vulnerabilities, what do you usually do? It depends on the vulnerability and what the package does. I will de-install it if I think that the vulnerability is critical for me and there is no workaround. Look at freshports [http://www.freshports.org/commits.php] regularly to see if updates for vulnerable packages are available. This is pretty obvious and I run portsnap from cron. Generally I like to run 'portsnap fetch update' followed by 'portmaster -ai' (after reading /usr/ports/UPDATING) every week. This keeps the number of huge compilefests (like gettext updates :-() to a minimum. Has portmaster ever screwed things up for you? For efficiency, I tend to keep one machine up-to-date in that way, and use rsync to then distribute the changes in /usr/local to my other machines. This only works for machines that are on the same major FreeBSD version and architecture, of course. That's interesting. Do you also rsync /var/db/pkg ? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
portmaster best practices
Hello portmaster users, If portaudit shows that some installed packages have vulnerabilities, what do you usually do? Do you upgrade only the vulnerable packages, or vulnerable packages and dependent packages (portmaster -r), or perhaps all packages (portmaster -a)? Or do you pkg_delete -a all packages first and then reinstall from scratch (from `portmaster --list-origins` perhaps)? I am a bit uneasy about portmaster -a because, for example, in the output below it intends to install a package which is already installed: pg01-sibptus# portmaster -n -a === Gathering distinfo list for installed ports [dd] Upgrade php5-ldap-5.3.5_1 to php5-ldap-5.3.9 Install net/openldap24-sasl-client Upgrade postgresql-server-9.0.1 to postgresql-server-9.0.6_3 Upgrade tcl-8.5.9 to tcl-8.5.11 Upgrade vim-7.3.81 to vim-7.3.121 Install devel/gettext === Proceed? y/n [y] n === If you would like to upgrade or install some, but not all of the above try adding '-i' to the command line. pg01-sibptus# pg01-sibptus# pg01-sibptus# pkg_info -xo openldap Information for openldap-sasl-client-2.4.24: Origin: net/openldap24-client -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
need a weird samba configuration
Any Samba gurus here? I have a file server running samba34-3.4.14 as a domain member server with security = domain. winbindd is not started and all Windows users are resolved to Unix uids/gids via getpwnam() as described in http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2604553 Now I need to start winbindd for other purposes, not connected with smbd and the file service. How do I configure smb.conf so that smbd should not consult winbind and should continue using getpwnam() for Windows logon name - Unix uid/gid mapping? In other words, how do I disable the idmap functionality and use existing Unix uids/gids with winbindd running? TIA for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster --list-origins question
Scott Bennett wrote: have quite a few windowmaker-related ports installed. Only one of those related ports appeared in the portmaster output, and windowmaker itself was absent, so I looked at the numbers next. I think --list-origins lists only leaf packages and not dependencies. It is strange however that windowmaker itself was absent. What does 'pkg_info -xrR windowmaker' show? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mutual forwarders in ISC BIND
Peter Andreev wrote: Victor, we researched this topic and learned that response time highly depends on distance between user and resolver, while cache influence on this value is lesser. So I advice you to keep all as is. Be it so. Thank you. And the reason for the whole thread. One of the customers told me that 8.8.8.8 is faster than our own DNS servers which are located on the same 100 MBit/s LAN with them. I was shocked but it seems true, at least for the answers which are not yet cached. I don't know what software google uses on its resolvers, but I suppose something with shared or synchronizing cache. May be they also make preventive lookups on popular domains to fill this cache. And the reason why 8.8.8.8 seems faster - it answered from cache while your resolver made full lookup chain. Duh! That is why I started thinking about some cache synchronizing technique for my resolvers. Preventive lookups can be made via self-written scripts. Sure, after query log analysis. AFAIK there is no free open source implementations providing cache synchronization between different resolvers. Unbound cannot do that, can it? I am surprised. After all, squid siblings are quite common. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mutual forwarders in ISC BIND
Damien Fleuriot wrote: If you're trying to build up a cache to improve performance and response time, here's your scenario: DNS C, forward to DNS A,B for all queries DNS D, forward to DNS B,A for all queries Your cache will start building up and only responses that are not cached will be taken from your NS A and B servers. Sorry, I fail to see how this is any better than two independent DNS servers. Perhaps a variant like DNS C, forward to DNS A DNS D, forward to DNS A would be close to the goal of cache consolidation. Matthew Seaman wrote: If you want to consolidate caches then probably your best bet is to have fewer, but larger resolvers. A pretty standard server class machine dedicated to recursive DNS should be easily capable of supporting many thousands of clients. You are certainly right. DNS is not really a fruitful target for reducing traffic volume -- there really isn't that much of it compared to all other types in any case. It's also pretty critical to the perceived performance of your networks. Complicating and slowing down the DNS lookup path just makes everything look slow. I just wanted the servers to benefit from each other's caches. That could speed up the lookups. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mutual forwarders in ISC BIND
Damien Fleuriot wrote: If you're trying to build up a cache to improve performance and response time, here's your scenario: DNS C, forward to DNS A,B for all queries DNS D, forward to DNS B,A for all queries Your cache will start building up and only responses that are not cached will be taken from your NS A and B servers. Sorry, I fail to see how this is any better than two independent DNS servers. Perhaps a variant like DNS C, forward to DNS A DNS D, forward to DNS A would be close to the goal of cache consolidation. DNS A suffers an outage ; you're fucked, to put it bluntly. Nope. DNS C and D will do the queries on their own. I don't suggest a forward only setup. I just want the servers to share the cache. [dd] On a side note, have you considered unbound ? It may be better suited to your needs and scale. I would read a comparison of BIND and Unbound with great interest. Do you perchance have a link? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mutual forwarders in ISC BIND
Peter Andreev wrote: [dd] Victor, we researched this topic and learned that response time highly depends on distance between user and resolver, while cache influence on this value is lesser. So I advice you to keep all as is. Be it so. Thank you. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mutual forwarders in ISC BIND
Victor Sudakov wrote: Victor, we researched this topic and learned that response time highly depends on distance between user and resolver, while cache influence on this value is lesser. So I advice you to keep all as is. Be it so. Thank you. And the reason for the whole thread. One of the customers told me that 8.8.8.8 is faster than our own DNS servers which are located on the same 100 MBit/s LAN with them. I was shocked but it seems true, at least for the answers which are not yet cached. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mutual forwarders in ISC BIND
Peter Andreev wrote: Victor, we researched this topic and learned that response time highly depends on distance between user and resolver, while cache influence on this value is lesser. So I advice you to keep all as is. Be it so. Thank you. And the reason for the whole thread. One of the customers told me that 8.8.8.8 is faster than our own DNS servers which are located on the same 100 MBit/s LAN with them. I was shocked but it seems true, at least for the answers which are not yet cached. I don't know what software google uses on its resolvers, but I suppose something with shared or synchronizing cache. May be they also make preventive lookups on popular domains to fill this cache. And the reason why 8.8.8.8 seems faster - it answered from cache while your resolver made full lookup chain. Duh! That is why I started thinking about some cache synchronizing technique for my resolvers. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
mutual forwarders in ISC BIND
Colleagues, This question is not directly related to FreeBSD, but perhaps some network administrators reading this list know the answer. Can I setup several ISC BIND servers to be each other's mutual forwarders? Will it work or create an endless loop of DNS queries? I have customers using several DNS servers as recursive resolvers. The usage pattern is pretty much equal between all the servers. What I want is create a cache common to all the recursive servers to reduce traffic and response time (much like squid siblings work). Thank you for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: opening vim with a flag: ready to write?
Gary Kline wrote: is the a way of starting off vim or gvim and be able to type into the editor _without_ first typing: a,i,o,O,I,A, or any other character? I use all the time: $ echo $SVN_EDITOR vim -c startinsert -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: carp(4) on FreeBSD 8.2
Johan Hendriks wrote: Are there any success stories or known issues with carp(4) on FreeBSD 8.2? I have configured a carp interface: [dd] But for some reason I can ping 10.14.135.88, but cannot ping 10.14.134.99. There seem to be ARP responses however: [dd] What am I doing wrong? Can you show your relevant rc.conf settings. What settings are relevant? I really did not use rc.conf to configure carp. I just did manually ifconfig carp0 create ifconfig carp0 vhid 1 pass X 10.14.134.99/23 and the same on the other host. For both master and slave machine, also the relevant sysctl.conf settings could help. sysctl.conf is really empty, these are just vanilla boxes in a lab. router1# sysctl -a | grep carp net.inet.ip.same_prefix_carp_only: 0 net.inet.carp.allow: 1 net.inet.carp.preempt: 0 net.inet.carp.log: 1 net.inet.carp.arpbalance: 0 net.inet.carp.suppress_preempt: 0 router1# ipfw list 65535 allow ip from any to any Well, _almost_ vanilla boxes. They have custom kernels: include GENERIC ident FW device carp device lagg options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=100#limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT#allow everything by default options IPDIVERT#divert sockets options IPFIREWALL_FORWARD #packet destination changes options IPFIREWALL_NAT #ipfw kernel nat support options LIBALIAS options QUOTA #enable disk quotas options ROUTETABLES=4 # $Header: svn://big/configs/kernels/trunk/FW 2967 2011-12-13 10:08:29Z sudakov $ -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: carp(4) on FreeBSD 8.2
Matt Mullins wrote: I've used carp very successfully in the past, both in the standard mode and ARP load-balancing mode, to build fail-over sets of firewalls. It worked well enough that one of our firewalls was down for a week before we noticed (and none of our clients did). I just did a mock-up of your scenario on a system at home (using the GENERIC kernel), and it seemed to work for me. I see you have a managed switch; you might see if some features like port security are disabled for that port. It turned out even more interesting. The lab is virtual, and promiscuous mode was prohibited in the virtual NICs' properties on the hypervisor. Thanks to all who responded. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
carp(4) on FreeBSD 8.2
Colleagues, Are there any success stories or known issues with carp(4) on FreeBSD 8.2? I have configured a carp interface: router1# ifconfig le0 le0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8VLAN_MTU ether 08:00:27:aa:6a:bd inet 10.14.135.88 netmask 0xfe00 broadcast 10.14.135.255 media: Ethernet autoselect status: active router1# router1# ifconfig carp0 carp0: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 10.14.134.99 netmask 0xfe00 carp: MASTER vhid 1 advbase 1 advskew 0 router1# But for some reason I can ping 10.14.135.88, but cannot ping 10.14.134.99. There seem to be ARP responses however: $ arp -an | grep 10.14.134.99 ? (10.14.134.99) at 00:00:5e:00:01:01 on re0 [ethernet] This looks like a VRRP MAC address for sure. And this MAC address is present in the switch forwarding table: Core5sh mac-address-table | i .5e00.0101 1.5e00.0101DYNAMIC Fa0/18 What is even more strange, tcpdump on le0 does not even see ICMP echo requests addressed to 10.14.134.99. What am I doing wrong? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
Matthias Apitz wrote: Victor Sudakov wrote: I am trying to restore a UFS2 zero level dump sized about 51G. restore has created 6105 directories and no files at all, and now is waiting forever in the runnable state. Side note: I have already restored UFS level zero dumps of 130G, even into FreeBSD in a VM, without any kind of problem. Don't know UFS2, though. How many files did your 130G filesystem have? My 51G dump should contain 1769484 files in 24705 directories. I don't have any specific advice here, but if it were me I think my next troubleshooting step would be to attach truss to the restore process after it gets stuck, to try to see exactly what it's doing. That may give you a clue as to why it's taking so long and whether it's actually making any progress. It's doing something like that. I should have piped the output through uniq not to clutter the list, but on second thought, I decided not to: # truss -p 18568 lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) Asuming 4 is the fd of the restore device, i.e. the DUMP, this seek does nothing: moves to offset of 0 bytes from the current position. Are you sure that the device (tape?) is fine? Lo and behold! On an amd64 system with 8GB RAM and 2 2.66GHz Xeon CPUs, restore -rNf home.dmp has successfully completed after 3 hours 15 minutes. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
Matthias Apitz wrote: I have already copied the dump from tape to disk with dd and tried restoring from the disk file with the same effect. The disk is fine in the sense that the dump file can be copied from tape to disk and from disk to /dev/null without any errors. Can restore(8) do a listing of the DUMP? Sure. The listing has 1330237 lines. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
Warren Block wrote: Lo and behold! On an amd64 system with 8GB RAM and 2 2.66GHz Xeon CPUs, restore -rNf home.dmp has successfully completed after 3 hours 15 minutes. What are the specs for the system that wrote the dumpfile originally 8.2-RELEASE-p3 amd64, 8GB RAM and 2xXeon 2.66GHz and the system that couldn't restore it? FreeBSD 6.4-RELEASE-p10 i386, 256M RAM, Pentium II 350.80MHz (yes, it's pretty old). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
Mike Tancsa wrote: Lo and behold! On an amd64 system with 8GB RAM and 2 2.66GHz Xeon CPUs, restore -rNf home.dmp has successfully completed after 3 hours 15 minutes. What are the specs for the system that wrote the dumpfile originally 8.2-RELEASE-p3 amd64, 8GB RAM and 2xXeon 2.66GHz and the system that couldn't restore it? FreeBSD 6.4-RELEASE-p10 i386, 256M RAM, Pentium II 350.80MHz (yes, it's pretty old). ufs1 vs ufs2 ? UFS2 on the first host, irrelevant on the second host (I was trying restore -rN). Also if there are a lot of files, restore needs quite a bit of RAM. I should think so, but it generated no errors or out of swap messages. It was just running forever. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
Robert Bonomi wrote: Lo and behold! On an amd64 system with 8GB RAM and 2 2.66GHz Xeon CPUs, restore -rNf home.dmp has successfully completed after 3 hours 15 minutes. What are the specs for the system that wrote the dumpfile originally 8.2-RELEASE-p3 amd64, 8GB RAM and 2xXeon 2.66GHz and the system that couldn't restore it? FreeBSD 6.4-RELEASE-p10 i386, 256M RAM, Pentium II 350.80MHz (yes, it's pretty old). *WITHOUT* checking, I'm willing to bet that _that_ is the problem. An O/S limit on the size of a _file_ -- a 32-bit 'offset' type. And a 'large' file in the dump. I used the '-N' switch to restore, so no actual files were being created on the 6.4-RELEASE box. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
Victor Sudakov wrote: I am trying to restore a UFS2 zero level dump sized about 51G. restore has created 6105 directories and no files at all, and now is waiting forever in the runnable state. I don't have any specific advice here, but if it were me I think my next troubleshooting step would be to attach truss to the restore process after it gets stuck, to try to see exactly what it's doing. That may give you a clue as to why it's taking so long and whether it's actually making any progress. It's doing something like that. I should have piped the output through uniq not to clutter the list, but on second thought, I decided not to: # truss -p 18568 lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) restore has been running for more than 48 hours now. Whatever is the matter, it is unacceptable as a backup solution. I will try restoring on an amd64 system tomorrow just to see if it will make any difference. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
Matthias Apitz wrote: I am trying to restore a UFS2 zero level dump sized about 51G. restore has created 6105 directories and no files at all, and now is waiting forever in the runnable state. Side note: I have already restored UFS level zero dumps of 130G, even into FreeBSD in a VM, without any kind of problem. Don't know UFS2, though. I don't have any specific advice here, but if it were me I think my next troubleshooting step would be to attach truss to the restore process after it gets stuck, to try to see exactly what it's doing. That may give you a clue as to why it's taking so long and whether it's actually making any progress. It's doing something like that. I should have piped the output through uniq not to clutter the list, but on second thought, I decided not to: # truss -p 18568 lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) lseek(4,0x0,SEEK_CUR) = 25395100 (0x1837f9c) Asuming 4 is the fd of the restore device, i.e. the DUMP, this seek does nothing: moves to offset of 0 bytes from the current position. Are you sure that the device (tape?) is fine? I have already copied the dump from tape to disk with dd and tried restoring from the disk file with the same effect. The disk is fine in the sense that the dump file can be copied from tape to disk and from disk to /dev/null without any errors. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
strange behavior of restore(8)
Colleagues, I am trying to restore a UFS2 zero level dump sized about 51G. restore has created 6105 directories and no files at all, and now is waiting forever in the runnable state. What could the problem be? I have always used dump/restore with success. Does the number 6105 look somewhat suspiciuos? I have tried restore -rN with the same result: after some time it just seems to do nothing, not reading from tape or disk. Still it is not frozen, you can press ^C and it will ask: restore interrupted, continue? [yn] Its /tmp/rstdir1318692759 file has the size about 38M, I still have plenty of room in /tmp. TIA for any ideas. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: strange behavior of restore(8)
(0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) lseek(4,0x0,SEEK_CUR)= 25398172 (0x1838b9c) read(4,\M-kD\M^^\0\^\\0\b\^Phappykidz.r...,1024) = 1024 (0x400) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) lseek(4,0x0,SEEK_CUR)= 25399196 (0x1838f9c) I hope this means something meaningful. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RFC2544 benchmark implementation for FreeBSD?
Colleagues, Does anyone know of an RFC2544 network benchmark implementation for FreeBSD? What network benchmarking software do you use? There are some in ports/benchmarks like netpipe, dbs etc, which would you advise from personal experience? TIA. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: need help with pf configuration
Matthew Seaman wrote: I need no details, just a general hint how to setup such security levels, preferably independent of actual IP addressses behind the interfaces (a :network macro is not always sufficient). You may use urpf-failed instead :network urpf-failed: Any source address that fails a unicast reverse path forwarding (URPF) check, i.e. packets coming in on an interface other than that which holds the route back to the packet's source address. Excuse me, I do not see how this is relevant to my question (allowing traffic to be initiated from a more secure interface to a less secure interface and not vice versa). Sorry, you can't do this with pf, ipf or ipfw (the 3 firewalls in FreeBSD). There is no concept of security level at all, you must specify on each interface the traffic allowed (in input and output). My reply was about the use of the interface:network addresses. pf has the concept of packet tagging. So you can write a small rule to tag traffic crossing eg. your set of internal interfaces and then write one ruleset to filter all that traffic identified by tag. Quoting pf.conf(5): This can be used, for example, to provide trust between interfaces and to determine if packets have been processed by translation rules. I guess the tagging feature can be useful. Thank you for the hint. If I come up with a working ruleset, I'll post it here. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: need help with pf configuration
Nikos Vassiliadis wrote: I have a configuration with 2 inside interfaces, 1 outside and 1 dmz interface. The traffic should be able to flow 1) from inside1 to any (and back) 2) from inside2 to any (and back) 3) from dmz to outside only (and back). I need no details, just a general hint how to setup such security levels, preferably independent of actual IP addressses behind the interfaces (a :network macro is not always sufficient). You may use urpf-failed instead :network urpf-failed: Any source address that fails a unicast reverse path forwarding (URPF) check, i.e. packets coming in on an interface other than that which holds the route back to the packet's source address. Excuse me, I do not see how this is relevant to my question (allowing traffic to be initiated from a more secure interface to a less secure interface and not vice versa). What if you combine macros and lists? The ruleset below seems scalable to any number of interfaces. inside1 = em1 inside2 = em2 dmz = em0 insides = { $inside1:network $inside2:network } The problem is, there could be several routed networks behind the inside interfaces. Not all inside networks are directly connected, and the :network macro works only for directly connected interfaces, right? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: need help with pf configuration
Patrick Lamaiziere wrote: I have a configuration with 2 inside interfaces, 1 outside and 1 dmz interface. The traffic should be able to flow 1) from inside1 to any (and back) 2) from inside2 to any (and back) 3) from dmz to outside only (and back). I need no details, just a general hint how to setup such security levels, preferably independent of actual IP addressses behind the interfaces (a :network macro is not always sufficient). You may use urpf-failed instead :network urpf-failed: Any source address that fails a unicast reverse path forwarding (URPF) check, i.e. packets coming in on an interface other than that which holds the route back to the packet's source address. Excuse me, I do not see how this is relevant to my question (allowing traffic to be initiated from a more secure interface to a less secure interface and not vice versa). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: need help with pf configuration
Patrick Lamaiziere wrote: I need no details, just a general hint how to setup such security levels, preferably independent of actual IP addressses behind the interfaces (a :network macro is not always sufficient). You may use urpf-failed instead :network urpf-failed: Any source address that fails a unicast reverse path forwarding (URPF) check, i.e. packets coming in on an interface other than that which holds the route back to the packet's source address. Excuse me, I do not see how this is relevant to my question (allowing traffic to be initiated from a more secure interface to a less secure interface and not vice versa). Sorry, you can't do this with pf, ipf or ipfw (the 3 firewalls in FreeBSD). There is no concept of security level at all, you must specify on each interface the traffic allowed (in input and output). Actually you can with ipfw. The following concise ruleset should do it: check-state permit ip from any to any recv INSIDE xmit DMZ keep-state permit ip from any to any recv INSIDE xmit OUTSIDE keep-state permit ip from any to any recv DMZ xmit OUTSIDE keep-state -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
need help with pf configuration
Colleagues, I have a configuration with 2 inside interfaces, 1 outside and 1 dmz interface. The traffic should be able to flow 1) from inside1 to any (and back) 2) from inside2 to any (and back) 3) from dmz to outside only (and back). I need no details, just a general hint how to setup such security levels, preferably independent of actual IP addressses behind the interfaces (a :network macro is not always sufficient). It would be nice to find a configuration that would scale to any number of interfaces with different security levels. On a Cisco PIX I would configure outside security0 inside1 security100 inside2 security100 dmz security50 and that's it, the PIX logic would do the rest. Thank you very much in advance for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cannot remove filesystem ACLs
Victor Sudakov wrote: I don't understand why I cannot completely remove the ACLs from a directory. Please look: [dd] Why are the + sign and the mask entry still there? How do I get rid of them completely? It may seem a bit radical but it does the job: find /some/dir | xargs rmextattr system posix1e.acl_access find /some/dir | xargs rmextattr system posix1e.acl_default -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Need an audio multicasting solution
RW wrote: You can use videolan / vlc. It allows you to multicast video too. In September 2011 BSD Magazine you have some examples about that. I like vlc on Linux/Windows machines. But installing it to a streaming server is a pain. Even if you disable all options in make config, it still tries to build scores of dependencies including some components of the X Window system. Not nice. did you try setting WITH_SERVER_ONLY? Actually, setting WITH_SERVER_ONLY only sets 4 options WITHOUT_LUA=yes WITHOUT_QT4=yes WITH_RUNROOT=yes WITHOUT_XCB=yes which I have set anyway. The number of dependencies is still appalling. In fact, I have found a solution with ffmpeg, the example command lines are: ffmpeg -i file.mp3 -acodec copy -f rtp rtp://239.8.8.8:5000 -re ffmpeg -f oss -i /dev/dsp -acodec mp2 -f rtp rtp://239.8.8.8:5000 -re ffmpeg should be compiled WITH_LAME. Multicast stream playback has been tested with vlc (Windows XP, Fedora Linux) and mplayer (FreeBSD 8). In more detail in Russian: http://victor-sudakov.dreamwidth.org/68437.html http://victor-sudakov.dreamwidth.org/68975.html http://victor-sudakov.dreamwidth.org/69243.html -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Need an audio multicasting solution
Alejandro Imass wrote: A quick look at Icecast showed that it does not support multicast either. It this true? If so, Icecast is completely useless for my scenario. AFAIK very few media streamers (or none) actually support real IPv4 (Class D) Multicast. They support what is known as application multicast akin to a multi-process/multi-threaded Web server. I don't know much about real IPv4 Multicast but I've heard it's not that easy to do in the real world and would probably require coordination with your ISP unless you're multicasting in a private networks. I use multicasting in a corporate network. Again, IMHO because I've never even attempted multicasting. It's fun and very pleasing aesthetically :) At least on Cisco. As to the original question. I have had some success with multimedia/ffmpeg, at least this: ffmpeg -i file.mp3 -acodec copy -f rtp rtp://239.8.8.8:5000 -re does send a multicast stream which can be listened to with VLC (but not mplayer for some reason) on multiple hosts. Now I need to figure out how to stream live sound from /dev/dsp. All my attemps to record sound from a USB audio interface have resulted so far in a severely distorted growl instead of normal voice. Does anybody know how to figure out the sampling rate and other parameters of the sound card? cat /dev/sndstat does not output anything really useful. Why do you need multicasting anyway? To save bandwidth mostly, and it's fun to setup :). Taking into account that I have PIM working across all our WAN links (an in-house monitoring/alarm system relies thereupon), it would be nice to use this infrastructure for sound too. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Need an audio multicasting solution
Eduardo Morras wrote: I need a solution to read sound from a soundcard (/dev/dsp) and multicast it into the network, for the multicast audio stream to be played on FreeBSD, Linux and Windows workstations. No sophisticated codecs needed, plain PCM would do. Can you advise something? I know that in theory there are many ways to implement this, but I am especially interested in personal first-hand experience, success stories or good white papers. Please no lmgtfu-type replies. Thanks very much in advance. You can use videolan / vlc. It allows you to multicast video too. In September 2011 BSD Magazine you have some examples about that. I like vlc on Linux/Windows machines. But installing it to a streaming server is a pain. Even if you disable all options in make config, it still tries to build scores of dependencies including some components of the X Window system. Not nice. Now I am experimenting with ffmpeg (with ffserver and without) with moderate success. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Need an audio multicasting solution
Alejandro Imass wrote: I need a solution to read sound from a soundcard (/dev/dsp) and multicast it into the network, for the multicast audio stream to be played on FreeBSD, Linux and Windows workstations. No sophisticated codecs needed, plain PCM would do. Can you advise something? I know that in theory there are many ways to implement this, but I am especially interested in personal first-hand experience, success stories or good white papers. Please no lmgtfu-type replies. Thanks very much in advance. I doubt people in this list are the lmgtfu type! I use Icecast on FBSD and it works great. Alejandro, correct me if I am wrong but AFAIK Icecast works with mp3 files. Can it really read audio from /dev/dsp? I don't need mp3, I would prefer to multicast simple PCM data. Even 8 bit PCM (64 Kbit/s) would do. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Need an audio multicasting solution
Alejandro Imass wrote: I need a solution to read sound from a soundcard (/dev/dsp) and multicast it into the network, for the multicast audio stream to be played on FreeBSD, Linux and Windows workstations. No sophisticated codecs needed, plain PCM would do. Can you advise something? I know that in theory there are many ways to implement this, but I am especially interested in personal first-hand experience, success stories or good white papers. Please no lmgtfu-type replies. Thanks very much in advance. I doubt people in this list are the lmgtfu type! I use Icecast on FBSD and it works great. A quick look at Icecast showed that it does not support multicast either. It this true? If so, Icecast is completely useless for my scenario. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Need an audio multicasting solution
Colleagues, I need a solution to read sound from a soundcard (/dev/dsp) and multicast it into the network, for the multicast audio stream to be played on FreeBSD, Linux and Windows workstations. No sophisticated codecs needed, plain PCM would do. Can you advise something? I know that in theory there are many ways to implement this, but I am especially interested in personal first-hand experience, success stories or good white papers. Please no lmgtfu-type replies. Thanks very much in advance. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: OCI support in PHP is dead
Matthew Seaman wrote: The databases/php5-oci8 port exists no more, and databases/php52-oci8 is marked as vulnerable. Oracle 8 is pretty obsolete now. Now, the only options for getting more up to date support are -- persuading Oracle to release eg. an Oracle Instant Client package for FreeBSD -- somehow being able to use the Linux client software under emulation. I've no idea what Oracle's response to the first option would be, but I suspect their response might well be that they won't get enough return to justify the cost of producing a FreeBSD native client. The second option looks pretty difficult to me -- making a PHP shared object that links to a Linux shlib but that is itself linked into various PHP applications. I suspected that databases/linux-oracle-instantclient-basic is virtually useless. The future looks Postgresql shaped to me. I don't believe so. Our in-house sites use Postgres, but sometimes they have to interact with commercial systems (ERP, NetID etc) and I don't envision commercial vendors moving from Oracle to Postgres any time soon. I even considered running sqlplus via ssh but this is too ugly and not compatible with PHP frameworks. Seems that FreeBSD has lost yet another niche in our company. Which is a real pity because Linux is a pain in the ass and Solaris is not free. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Cannot remove filesystem ACLs
Colleagues, I don't understand why I cannot completely remove the ACLs from a directory. Please look: # setfacl -b /home/dogovor.common/ # setfacl -k /home/dogovor.common/ # ls -ald !$ ls -ald /home/dogovor.common/ drwxrwx---+ 4 nastenkoea dogovor 3584 13 янв 09:35 /home/dogovor.common/ # getfacl !$ getfacl /home/dogovor.common/ # file: /home/dogovor.common/ # owner: nastenkoea # group: dogovor user::rwx group::rwx mask::rwx other::--- # Why are the + sign and the mask entry still there? How do I get rid of them completely? TIA for any input. FreeBSD 8.1-RELEASE-p2 i386 -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Da Rock wrote: [dd] Doesn't the rc.d script run as root initially and then a method (default flags, etc) is used to change the owner to a nobody (restricted privilege user)? Just my 2c, but please correct me if I'm wrong. That is probably correct, rc.subr does su -m $user, but the login class is not applied there, nor is the users's shell called. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
RW wrote: I'm not sure this will work. The initial question was about how to obtain an environmental variable. If the rc.d script of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, it is okay, They do. rc.d scripts all start by sucking in rc.subr, which in turn pulls in the rc.conf files. So how do I make the /usr/local/etc/rc.d/svnserve script suck in KRB5_KTNAME for the svn user from the rc.conf* files? Just export it from rc.conf If exported from rc.conf, it will affect all daemons. I need to set it only for svnserve or for the svn user (which is equivalent in my case). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Da Rock wrote: Doesn't the rc.d script run as root initially and then a method (default flags, etc) is used to change the owner to a nobody (restricted privilege user)? Just my 2c, but please correct me if I'm wrong. That is probably correct, rc.subr does su -m $user, but the login class is not applied there, nor is the users's shell called. Exactly. Which means that you'd have to adapt root's env because root's shell would be called(?). In this case, how do I limit the variables's visibility only to the particular daemon (svnserve) or particular user (svn)? PITA, but as an alternative couldn't all the keytabs be stored in the same _secure_ location? Then a global env could be used. I really don't know what the security implications will be if /etc/krb5.keytab is readable by anyone besides the root user? Do you have a clue about it? There are other services' keys stored there besides svn (host/*, cvs/* etc). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Da Rock wrote: [dd] I really don't know what the security implications will be if /etc/krb5.keytab is readable by anyone besides the root user? Do you have a clue about it? There are other services' keys stored there besides svn (host/*, cvs/* etc). At the risk of getting laughed off stage, and pulling in yet another service, what about ldap? I believe there is supposed to be a way to store keytabs in ldap, which theoretically would mean only the particular services would be able to access their keytabs. No matter where we store the keytabs, if it is not the default location (/etc/krb5.keytab for FreeBSD), we face the same problem of telling the server application about the alternative location of the keytab. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
RW wrote: I'm not sure this will work. The initial question was about how to obtain an environmental variable. If the rc.d script of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, it is okay, They do. rc.d scripts all start by sucking in rc.subr, which in turn pulls in the rc.conf files. So how do I make the /usr/local/etc/rc.d/svnserve script suck in KRB5_KTNAME for the svn user from the rc.conf* files? Just export it from rc.conf If exported from rc.conf, it will affect all daemons. I need to set it only for svnserve or for the svn user (which is equivalent in my case). [ $name = svnserve ] export KRB5_KTNAME=/home/svn/svn.keytab This looks really ugly. A thorough examination of /etc/rc.subr shows that a startup script sources a certain /etc/rc.conf.d/$_name. Maybe I should try to place export KRB5_KTNAME=/home/svn/svn.keytab there. At least /etc/rc.conf.d/svnserve will be sourced only once at svnserve startup, and not hundreds of times like rc.conf. But anyway, I don't like the idea of placing commands (not variables) in /etc/rc.conf* There should be support for the rc.d framework to assign limits, environment variables and login classes. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
rc.d and environment variables
Colleagues, The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the daemon on start. How do I do that? I tried to do this via a login class for the svn user, but it did not work. If I first 'su -l svn' and then start the daemon manually, the environment variable is set all right, but not when it is started from /usr/local/etc/rc.d/svnserve. All this is happening on 8.1-RELEASE-p2. Thanks in advance for any help. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
rc.d and environment variables
Colleagues, The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the daemon on start. How do I do that? I tried to do this via a login class for the svn user, but it did not work. If I first 'su -l svn' and then start the daemon manually, the environment variable is set all right, but not when it is started from /usr/local/etc/rc.d/svnserve. All this is happening on 8.1-RELEASE-p2. Thanks in advance for any help. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Polytropon wrote: The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the daemon on start. How do I do that? If the user corresponding to the svnservice has a login shell, which would usually be the system's default dialog shell, the C shell, you could edit /etc/csh.cshrc and put setenv KRB5_KTNAME /home/svn/svn.keytab to make it a system-wide setting (or use the user's ~/.cshrc for a user-only setting). I have tried putting setenv KRB5_KTNAME /home/svn/svn.keytab in ~svn/.cshrc, it does not help. Evidently the svn user's login shell is not called when /usr/local/etc/rc.d/svnserve start is called. In case the user does NOT have a default shell, I think you should be able to also define a system-wide environmental variable by coding KRB5_KTNAME=/home/svn/svn.keytab; export KRB5_KTNAME into /etc/rc.local (which will be executed at system startup). See man rc.local for details. Excuse me? What does /etc/rc.local have to do with the rc.subr framework? Of course I can abandon the standard /usr/local/etc/rc.d/svnserve script and write my own one, or start svnserve from /etc/rc.local (which I will do if I don't find a more graceful way), but it is not what the question was about. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Jerry McAllister wrote: The svnserve daemon is started from /usr/local/etc/rc.d/svnserve. I need to pass the environment variable KRB5_KTNAME=/home/svn/svn.keytab to the daemon on start. How do I do that? If the user corresponding to the svnservice has a login shell, which would usually be the system's default dialog shell, the C shell, you could edit /etc/csh.cshrc and put setenv KRB5_KTNAME /home/svn/svn.keytab to make it a system-wide setting (or use the user's ~/.cshrc for a user-only setting). In case the user does NOT have a default shell, I think you should be able to also define a system-wide environmental variable by coding KRB5_KTNAME=/home/svn/svn.keytab; export KRB5_KTNAME into /etc/rc.local (which will be executed at system startup). See man rc.local for details. Put it in /etc/rc.conf and have your script read up rc.conf and set any of the stuff in there it is interested in, such as KRB5_KINAME. What my script do you mean? The script /usr/local/etc/rc.d/svnserve is already installed by the port, how can I make the stock script read up KRB5_KTNAME from rc.conf? And besides, KRB5_KTNAME should be only defined for the svn user (the user svnserve runs from) and not any other user. I think that is the officially sanctioned way of doing such things. Of course I can always write my own script or put something like su -l svn -c 'usr/local/bin/svnserve -d --listen-port=3690 bla bla' into /etc/rc.local, but the question was about the rc.d framework. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Polytropon wrote: [dd] Anyway, if svnserve is able to be passed a command string to, a setting like svnserve_flags=... -k /home/svn/svn.keytab ... No, this is not a svnserve option, it is a setting used by libsasl2 with which svnserve is linked (or even by libkrb5.so). coded in /etc/rc.conf or /etc/rc.conf.local would work, and would also be the preferred method for such things. In fact, I've not come across the need to have an environmental variable to store a configuration setting for an additional program, as such kind of variables is mainly for low level system use, mostly. This need is indeed rare, but not nonexistent. In fact, if cyrus-sasl implemented the keytab: configuration option, there would be no need to set KRB5_KTNAME prior to starting svnserve. I also remember a need to pass $ORACLE_HOME to apache on start for some PHP module to work correctly. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Lowell Gilbert wrote: I'm not sure this will work. The initial question was about how to obtain an environmental variable. If the rc.d script of svnserve sources /etc/rc.conf and/or /etc/rc.conf.local, it is okay, They do. rc.d scripts all start by sucking in rc.subr, which in turn pulls in the rc.conf files. So how do I make the /usr/local/etc/rc.d/svnserve script suck in KRB5_KTNAME for the svn user from the rc.conf* files? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Polytropon wrote: I have tried putting setenv KRB5_KTNAME /home/svn/svn.keytab in ~svn/.cshrc, it does not help. Evidently the svn user's login shell is not called when /usr/local/etc/rc.d/svnserve start is called. I did already assume something like that. This mechanism relies on some kind of login that causes the shell to be run (usually an interactive shell), which isn't the case here. Besides, the login.conf capability database does not seem to be used by the rc.d framework either, which is sad. Excuse me? What does /etc/rc.local have to do with the rc.subr framework? Nothing. The /etc/rc.local script is executed along with the system startup. It is considered obsolete (I think), but it should work, and therefore be able to set a system-wide environment variable. I guess any environment variable set in the /etc/rc.local script would be available in the script itself and its children, but not system wide. Even if it were, remember, I do not need to change KRB5_KTNAME system wide, but just for one particular user. [dd] Anyway, did you find a way to use some _flags= setting for /etc/rc.conf to be used by svnserve? This would be the method most other programs handle things like configuration flags that are not set by an own config file. To my regret, this is not a svnserve option, it is a setting used by libsasl2 with which svnserve is linked. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rc.d and environment variables
Polytropon wrote: Of course I can always write my own script or put something like su -l svn -c 'usr/local/bin/svnserve -d --listen-port=3690 bla bla' into /etc/rc.local, but the question was about the rc.d framework. Environmental variables cannot be controlled by the rc.d framework, as far as I understand. Using login classes to define them should be the correct way. From man login.conf: setenv listA comma-separated list of environment variables and values to which they are to be set. I thought of that, and in fact I wrote about it in the very first message: I tried to do this via a login class for the svn user, but it did not work. If I first 'su -l svn' and then start the daemon manually, the environment variable is set all right, but not when it is started from /usr/local/etc/rc.d/svnserve. What did you enter for the svnserve user in /etc/login.conf, svn:\ :setenv=KRB5_KTNAME=~/svn.keytab:\ :tc=default: and did you make sure there is no override setting in the corresponding user's ~/.login.conf? I am pretty sure because when I login interactively as svn, I see $ whoami svn $ printenv | grep KT KRB5_KTNAME=/home/svn/svn.keytab $ But it does not work for the rc.d script. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
geli keys
Colleagues, The geli(8) man page suggests initializing a geli provider with a random keyfile (geli init -K). It also asks for a passphrase by default. What happens if a provider is initialized without the -K option, just with a passphrase? Will there be no encryption? Encryption will be weaker? Thanks in advance for any input. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: geli keys
RW wrote: The geli(8) man page suggests initializing a geli provider with a random keyfile (geli init -K). It also asks for a passphrase by default. What happens if a provider is initialized without the -K option, just with a passphrase? Will there be no encryption? Encryption will be weaker? You can use either or both, they get combined. I see. It's hard to remember a passphrase that contains 256 bits of entropy, OTOH a passfile might get stolen, so some people will want to use both. Why does the geli(8) man page always use a 64B long keyfile as an example? Why 64 bytes and not 128 or 1024 or whatever? What if I use a well randomized keyfile and a weak passphrase, will the master key be weaker? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache22 and threads
Michael Powell wrote: When building apache22 from ports, would you recommend to enable or to disable threads support? Even more confusing is the fact that for ports/www/apache22 the default is: Enable threads support in APR is off (WITHOUT_THREADS=true) while for ports/devel/apr1 the default is: Enable Threads in apr is on (WITH_THREADS=true). Thank you in advance for any input. PS ports/devel/apr1 will also be used for the subversion client. I wouldn't mind someone with more apache22-fu to elaborate, correcting the following if necessary. My thoughts are this matters depending upon which mpm you choose to build into apache. The default is prefork, and it handles incoming requests by spawning child processes. Do you mean to say WITH_MPM=prefork works exactly like apache13? [dd] An additional consideration might be what kind of backend is used. For example, since not all of PHP is known to be thread safe it is not recommended for use with a threaded server and mod_php. The way to get around this situation is to separate PHP from Apache with something like mod_fcgid which runs PHP as a FastCGI. This way you can safely run a threaded Apache with non-thread safe PHP. As far as which is the better approach I still am not really sure. Each has its set of pros and cons. From what you have written it seems that prefork and no threads is the robustest, most reliable configuration (even if more resource consuming)? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
apache22 and threads
Colleagues, When building apache22 from ports, would you recommend to enable or to disable threads support? Even more confusing is the fact that for ports/www/apache22 the default is: Enable threads support in APR is off (WITHOUT_THREADS=true) while for ports/devel/apr1 the default is: Enable Threads in apr is on (WITH_THREADS=true). Thank you in advance for any input. PS ports/devel/apr1 will also be used for the subversion client. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw fwd and ipfw allow
per...@pluto.rain.com wrote: ... the 'fwd ... keep-state' statement does create a useful dynamic rule. It contradicts the ipfw(8) man page but works ... Hopefully someone who understands all this will submit a patch for the man page :) The man page says that the Dynamic rules will be checked at the first check-state, keep-state or limit occurrence, and the action performed upon a match will be the same as in the parent rule. It suggests that if the parent rule is a 'fwd' rule, the corresponding dynamic rule is also a 'fwd' rule, which would be no use (who needs a reflexive 'fwd' rule?). However, in reality a parent 'fwd' rule seems to create an 'allow' dynamic rule, which is useful but confusing. Where exactly is this place in the ipfw code? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw fwd and ipfw allow
Nikos Vassiliadis wrote: A packet generated locally 1) should be forwarded by a 'fwd' rule and 2) should create a dynamic 'allow' rule for returning traffic. Could you please suggest a ruleset for this. The fw has the 10.0.0.1 IP address. The 10.0.0.100 IP address belongs to another computer running a TCP service at . The IPFW rules: fw# ipfw list 00100 fwd 10.0.0.100 tcp from any to 10.90.10.3 dst-port keep-state 00200 deny ip from any to any 65535 allow ip from any to any It seems that the 'fwd ... keep-state' statement does create a useful dynamic rule. It contradicts the ipfw(8) man page but works. Thank you for enlightment. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfw fwd and ipfw allow
Am I asking something unreasonable? Victor Sudakov wrote: What tricks do you use if you need to allow a packet and then fwd it (or vice versa)? The search terminates and the packet quits ipfw on fwd as well as on allow. How do I allow a packet and then policy route it? An example ruleset will be appreciated. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org