Re: ipfw(8) lookup tables now available for RELENG_4
On Thu, Jun 10, 2004 at 07:11:32PM -0400, Chuck Swiger wrote: Ruslan Ermilov wrote: For those of you interested, here you can find a patch that adds the IPFW2 lookup tables feature to RELENG_4: http://people.FreeBSD.org/~ru/patches/ipfw_tables.patch I plan to commit it next Friday. Feedback is appreciated. Was the patch not made relative to /usr/src? It was. I don't know what your problem is. Anyway, I just finished rebuilding kernel and world, so the changes compile fine, and it looks like my machine rebooted cleanly. Seems to work okay with a trivial IPFW2 ruleset, I haven't tried anything more complicated: 00100 78 25096 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 513 53267 allow ip from any to any Well, I'm mostly interested in guys testing the new IPFW2 tables feature. It otherwise won't affect anything if not used. ;) Thanks anyway. Cheers, -- Ruslan Ermilov [EMAIL PROTECTED] FreeBSD committer pgpEh2V1gDCPM.pgp Description: PGP signature
Re: -current boot bring to db prompt
On 2004-06-11 06:41, pirat [EMAIL PROTECTED] wrote: On Thursday, 10 June 2004 at 21:49:01 +0700, pirat wrote: i boot my inspiron 1100 box but it stop at db and i can not get out of there. what i did were that i copied ltmdm.ko from other machine to inspiron at /boot/kernel/ and add ltmdm_load=YES at /boot/load.conf i just wanted to remove either ltmdm.ko from /boot/kernel/ or ltmdm_load=YES from /boot/load.conf sorry for the noises. i boot once again and go to loader prompt and then unload load /boot/kernel/kernel boot now that i can get rid of that harm ltmdm.ko once again apologize me for disturbing the lists There's, really, no need to apologise. The answer you posted, the solution to a problem more common than you probably think it is (preloading or unloading modules at boot time), is very probably going to be interesting for a lot of people. Agreed, this has already been mentioned in past posts which live in the the archives now, but you get extra karma points for discovering the solution yourself *and* posting it as a followup. Thanks, that was cool :) - Giorgos ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
IPSec and compression
Hi All. I can't resolve little problem. Couple of words about. I've 2 offices in different cities. I need connect them via VPN. I'd read Handbook article 10.10 VPN over IPsec and did all exactly. Fine, i have secured channel but ... without compression. I can't do compression. I'd tried do so spdadd A.B.C.D/32 W.X.Y.Z/32 ipencap -P out ipsec ipcomp/tunnel/A.B.C.D-W.X.Y.Z/require esp/tunnel/A.B.C.D-W.X.Y.Z/require; spdadd W.X.Y.Z/32 A.B.C.D/32 ipencap -P in ipsec esp/tunnel/W.X.Y.Z-A.B.C.D/require ipcomp/tunnel/W.X.Y.Z-A.B.C.D/require; This work fine without ipcomp. May be i should add additional rules to firewall? -- Best regards Vladislav Gagarin mailto:[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error in starting SSH
Bilal Ahmed wrote: I have been facing an error on running sshd: /usr/sbin/sshd Could not load host key: /etc/ssh/ssh_host_key Could not load host key: /etc/ssh/ssh_host_dsa_key Are these two files not there? In 5.X, you should start such daemons from /etc/rc.d : # cd /etc/rc.d # ./sshd start It will generate the host key files, if not there; and then start the daemon. Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Portrange randomized problems - a little bit more info...
O.K., I have been doing a lot of testing with this, though have not yet managed to generate a lot of useful data sadly. To summarise - with net.inet.ip.portrange.randomized set to 1 I am seeing failures of mysql connections from a machine back to a server on the same machine. These happen rarely, but are freqnet enough that on a webserver I am seeing a handful every hour. The effect is real - if I disable net.inet.ip.portrange.randomized then it goes away completely. I have now tried this on a number of different machines with different configurations, and all of them give the same results. The error appears to be tthat the TCP socket cannot connect. I have several webservers here which are load balanced so they are all taking an equal share of the incomming requests. If I enable the randomisation on one of them and compare netstat -n outout what I see is that the randomised machine has far more of the mysql connecions stuck in the TIME_WAIT state. Foir example I just did a snapshot under very light load - there are 64 connections in that state on the randomised webserver, comapred to 3 on the non-randomised one. Does this help track down the problem at all ? Although turning off the randomisation is a workable workaround, I am concerned that this is the symptom of some rather more fundamental bug in the TCP code. -pcf. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw(8) lookup tables now available for RELENG_4
On Jun 11, 2004, at 3:32 AM, Ruslan Ermilov wrote: On Thu, Jun 10, 2004 at 07:11:32PM -0400, Chuck Swiger wrote: Was the patch not made relative to /usr/src? It was. I don't know what your problem is. I retried on another machine and patch had no problems, so it seems most likely that I did something wrong the first time around. Hmph. Well, I'm mostly interested in guys testing the new IPFW2 tables feature. It otherwise won't affect anything if not used. ;) Well, certainly I understand that you would like people to test the new tables feature, and I will play with them shortly, when I get a bit more spare time. In the meantime, you still deserve a lollypop for writing the changes so that they don't break existing code. :-) -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
P4 (4.10) kernel build performance with/without SMP/APIC_IO/hyperthreading
Re an earlier em thread, HTTP and SMP April 2004, I decided to test my out-of-the-box P4 (2.8E) HT threading enabled with SATA HD. Test was to build identical kernels using FreeBSD 4.10 taking note of the compile times. Then reboot with: SMP, APIC_IO in kernel, and machdep.hlt_logical_cpus: 0. In all cases CPU_ENABLE_SSE was also enabled. Summary for two clean kernel builds, using csh time --- Kernel build without SMP, APIC_IO, (no variable machdep.hlt_logical_cpus) 1) 143.612u 23.095s 2:52.19 96.8% 1487+2195k 1872+2748io 0pf+0w 2) 143.831u 22.830s 2:55.61 94.9% 1488+2194k 3249+2747io 130pf+0w Kernel build with SMP, APIC_IO, machdep.hlt_logical_cpus=0 3) 145.106u 33.345s 2:57.38 100.5% 1451+2093k 3205+2746io 128pf+0w 4) 146.284u 32.481s 2:50.61 104.7% 1446+2093k 207+2745io 0pf+0w An interesting result - the run (3) time was reproduced and revealed that files were being deleted via softupdate, and should be discarded. Experimental error on my part. This didn't affect runs 1 2. I repeated run 4 redirecting io to a file to reduce screen delays, but with little difference. # cd ..; rm -R TEST3; cd /sys/i386/conf; config TEST3; cd ../../compile/TEST3; # time make depend all /tmp/build.lis 146.155u 32.623s 2:50.59 104.7% 1447+2090k 185+2755io 0pf+0w In this test of kernel builds, you'll save around 1.1% of your time using SMP with logical HT CPU's on FreeBSd 4.10. Regards, Dewayne. PS: Of course I attempted to make -j2 depend all but this failed as a previous module hadn't completed when needed. e.g. bioscall.s Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
