Re: Apache access problem
quite easy: write the error in google and walla: snip from a thread: Whew. I found the reason for the problem. Apache is running as group www and the group file had two groups www with different numerical ids. Must have some historical reason that we use a differing numerical id on a few machines. One of the updates must have either readded the old offending id or changed the way the id is grabbed on daemon startup, so most of the time the wrong numerical id was grabbed, clashing with the numerical id in the file system. http://groups-beta.google.com/group/alt.apache.configuration/browse_thread/thread/71c91167f25ca10d/024e74daa2ceec37?lnk=stq=failed+because+search+permissions+are+missing+on+a+component+of+the+pathrnum=4hl=en#024e74daa2ceec37 cheers Shlomo Solomon wrote: I haven't used Apache much, but quite a while ago, I did set up a (trivial) web page to see how this worked. At the time, I had no real problems. Today, I tried to access that page and got a 403 error. Here's what I've tried so far. 1 - I looked for error messages and found the following in /var/log/httpsd/error_log: [Sun Jul 31 00:03:56 2005] [error] [client 10.200.1.1] (13)Permission denied: access to / failed because search permissions are missing on a component of the path [Sun Jul 31 00:03:56 2005] [error] [client 10.200.1.1] (13)Permission denied: access to / failed because search permissions are missing on a component of the path [Sun Jul 31 00:03:56 2005] [error] [client 10.200.1.1] (13)Permission denied: access to /favicon.ico failed because search permissions are missing on a component of the path [Sun Jul 31 00:03:56 2005] [error] [client 10.200.1.1] (13)Permission denied: access to /favicon.ico failed because search permissions are missing on a component of the path 2 - I then tried apachectl (as root) and got: [EMAIL PROTECTED] solomon]# apachectl extendedstatus Forbidden You don't have permission to access /server-status on this server. ### ### Apache Server Status for shlomo1.solomon Server Version: Apache-AdvancedExtranetServer/1.3.31 (Mandrakelinux/4mdk) mod_auth_external/2.1.18 mod_perl/1.29 Server Built: Jul 13 2004 18:34:47 3 - the following was in /var/log/httpsd/error_log: [Sun Jul 31 00:05:53 2005] [error] [client 127.0.0.1] (13)Permission denied: access to /server-status failed because search permissions are missing on a component of the path 4 - I GOOGLED and learned it's a probably a permission problem. According to http://www.onlamp.com/pub/a/apache/2004/04/22/apacheckbk.html: quote What search permissions are missing on a component of the path means is that somewhere in the directory path leading up to the file in question, there's a search (x) bit missing from one of the directories. You see, Apache needs to be able to look at files, the same as any other application does. And so it needs the search bit (x) set so that it can cd into a directory to get a look around. For directories containing the web content, you need the read and execute permissions to be set. For a directory that Apache will just need to pass through on the way to a content directory, execute (search) permission is sufficient. /quote But, as far as I can see, my permissions are set OK. The page is in the standard location as set up by the Apache installation: [EMAIL PROTECTED] solomon]$ ls -la /var/www/html/index* -rw-rw-r-- 1 root root 1299 Jul 30 21:15 /var/www/html/index.shtml favicon.ico is in the same location: [EMAIL PROTECTED] solomon]$ ls -la /var/www/html/fav* -rw-r--r-- 1 root root 1406 Aug 26 2004 /var/www/html/favicon.ico And here are the permissions of all the directories in the path: [EMAIL PROTECTED] solomon]$ ls -lad /var/www/html drwxr-xr-x 15 apache apache 720 Jul 31 00:07 /var/www/html/ [EMAIL PROTECTED] solomon]$ ls -lad /var/www drwxr-xr-x 11 apache apache 272 Jan 23 2005 /var/www/ [EMAIL PROTECTED] solomon]$ ls -lad /var drwxr-xr-x 27 root root 680 Jan 31 20:09 /var/ Any ideas what's wrong here? TIA -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-4-6991122 Cel: 972-52-8555757 Fax: 972-4-6990098 http://www.canaan.net.il -- = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Telux: Kernel Building by Ori Idan on 7/August
On 7 August 2005, the Tel Aviv Linux Club will meet again to hear Ori Idan's presentation about building and maintaining the Linux kernel. The time of day is 18:30 and the place is Schreiber building, room 007 of Tel Aviv University. More information can be found at the club's site: http://www.cs.tau.ac.il/telux/ Hope to see you there! Regards, Shlomi Fish P.S.: Thanks for all the people who came to Oron Peled's presentation about SELinux. The room was almost full, and it was a very successful presentation. I hope this trend will continue in the near future. - Shlomi Fish [EMAIL PROTECTED] Homepage:http://www.shlomifish.org/ Tcl is LISP on drugs. Using strings instead of S-expressions for closures is Evil with one of those gigantic E's you can find at the beginning of paragraphs. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Need Computer Monitors for APCHII
Hi, For the upcoming August Penguin Hacking Contest (APCHII) we need 6 computer monitors. If you have a computer monitor (17 is preferred) that you can bring with you to the contest (if it's not clear - the monitor will be returned to you afterwards...) please let me know. All monitor contributors will get an APCHII T-shirt :-) - Aviram = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Sendmail performance tuning
Is there a mailing list (other than this list) to post questions about performance tuning of sendmail? Alternatively, is there anyone out there who has significant experience with performance tuning of Sendmail (preferrably on Debian) who might be interested in a few hours of consulting work? Larry To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
restricting memory mapping
Hi list We have some driver that performs zero-copy DMA to userspace allocated buffers. The problem is that the device cannot perform DMA to RAM pages with physical addresses above 4G ( this is heavily memory equipped computer) My question is it somehow possible to restrict memory mapping for shared memory segments ( which are used as DMA destination) to be physically under 4G boundary ? thanks Boris = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: restricting memory mapping
On Sun, Jul 31, 2005 at 02:08:06PM +0300, Boris Zingerman wrote: We have some driver that performs zero-copy DMA to userspace allocated buffers. The problem is that the device cannot perform DMA to RAM pages with physical addresses above 4G ( this is heavily memory equipped computer) My question is it somehow possible to restrict memory mapping for shared memory segments ( which are used as DMA destination) to be physically under 4G boundary ? not from userspace; if, however, your userspace process does mmap(MAP_SHARED...) on a a character device file the driver exports, it can be done inside the driver. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
Gilboa Davara wrote: Muli, I well aware of the controversy surrounding FS access from kernel modules and I accept, that in general, kernel modules should be using the FS for storage. However, in essence, I'm using the *wrong* tool for the right job: I shouldn't be using Linux on a i386/x86-64 in the first place; I should be using a network OS with a network chip. However, Linux/x86 uses (relatively) cheap hardware and has massive driver support and a kernel modules is (again, relatively) easy to write and modify. Oh... and Linux is easy to bend :) After doing some contemplating I decided that I don't really need access to an FS; or actually, all I need a is huge cyclic buffer with fast sequential R/W and force-able sync. If anything the VFS layer will only slow me down. I wonder if the raw character code is code enough to be yanked out and used for this project? Now you're re-inventing RelayFs :-) Gilad -- Gilad Ben-Yossef [EMAIL PROTECTED] Codefidence. A name you can trust(tm) Web: http://codefidence.com | SIP: [EMAIL PROTECTED] IL: +972.9.8650475 ext. 201 | Fax:+972.9.8850643 US: +1.360.2275194 ext. 201 | Cel: +972.52.8260388 I am Jack's Overwritten Stack Pointer -- Hackers Club, the movie = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: restricting memory mapping
Boris Zingerman wrote: We have some driver that performs zero-copy DMA to userspace allocated buffers. The problem is that the device cannot perform DMA to RAM pages with physical addresses above 4G ( this is heavily memory equipped computer) My question is it somehow possible to restrict memory mapping for shared memory segments ( which are used as DMA destination) to be physically under 4G boundary ? The short answer, use either bounce buffer (slow) or pci_set_dma_map. The long answer: http://www.linux.com/howtos/IO-Perf-HOWTO/overview.shtml Gilad -- Gilad Ben-Yossef [EMAIL PROTECTED] Codefidence. A name you can trust(tm) Web: http://codefidence.com | SIP: [EMAIL PROTECTED] IL: +972.9.8650475 ext. 201 | Fax:+972.9.8850643 US: +1.360.2275194 ext. 201 | Cel: +972.52.8260388 I am Jack's Overwritten Stack Pointer -- Hackers Club, the movie = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
Umm... Let me try and further explain what I need. I'm writing a certain software network filter that handles -certain- Ethernet and ATM/POS traffic. Due to obvious performance consideration (Especially when under ATM) the filter runs in kernel space, start to finish. After the traffic is filtered and reassembled, it's being transferred to a certain 3'rd party. If the connection to the dies for any reason (or if the 3'rd party lags under load), I must encrypt the traffic and save it on disk. Once the connection resumes, I begin transmitting the stored traffic, in a FIFO manner. (Which translates to an annoying state while on one end, I'm yanking traffic out of the buffer, while the filter continuously encrypts and writes new traffic on the other hand) Even worse, in a certain filter mode, all data is first committed to disk and then passed to the 3'rd party in-order to ensure 99% delivery. (Even if the machine/kernel/filter dies during processing, at worse, only the current [read: have yet to be processed] Ethernet frames/ATM cells will be lost) As far as I can see, realyfs uses memory buffer for storage, which is major no-no in my case: At 50-200MB/sec I'll deplete the system RAM within minutes (even on AMD64) and as far as I can see, there's no obvious way to commit the buffers into static storage. Current me if I'm wrong, but relayfs was designed for fast Kernel/User transactions and not Kernel/Kernel transactions, right? I'm looking for 50% match open solution that can be bent to suite my rather weird requirements. As the saying goes: Writing you own FS really cuts down on your Doom3 time! :-) Gilboa On Sun, 2005-07-31 at 14:56 +0300, Gilad Ben-Yossef wrote: Gilboa Davara wrote: Muli, I well aware of the controversy surrounding FS access from kernel modules and I accept, that in general, kernel modules should be using the FS for storage. However, in essence, I'm using the *wrong* tool for the right job: I shouldn't be using Linux on a i386/x86-64 in the first place; I should be using a network OS with a network chip. However, Linux/x86 uses (relatively) cheap hardware and has massive driver support and a kernel modules is (again, relatively) easy to write and modify. Oh... and Linux is easy to bend :) After doing some contemplating I decided that I don't really need access to an FS; or actually, all I need a is huge cyclic buffer with fast sequential R/W and force-able sync. If anything the VFS layer will only slow me down. I wonder if the raw character code is code enough to be yanked out and used for this project? Now you're re-inventing RelayFs :-) Gilad = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
Gilboa Davara wrote: Umm... As far as I can see, realyfs uses memory buffer for storage, which is major no-no in my case: At 50-200MB/sec I'll deplete the system RAM within minutes (even on AMD64) and as far as I can see, there's no obvious way to commit the buffers into static storage. Current me if I'm wrong, but relayfs was designed for fast Kernel/User transactions and not Kernel/Kernel transactions, right? I'm looking for 50% match open solution that can be bent to suite my rather weird requirements. As the saying goes: Writing you own FS really cuts down on your Doom3 time! :-) Gilboa, I'm sorry if I seound harsh, but I don't think you udnerstand your own needs. Let's try to analyze them together - you need to store large amount of data from the network for proccessing by a further entity. What that data is exactly doesn't matter, but we will note that you might need to do non trivial handling of the data (encryption). There obviously is no question of delay involved - you're talking about writing to disk, using a FIFO to buffer information etc so obviously there is no serious real time contraints on the data. What you really care about therefore is - *througput*, NOT delay. For this, crossing the kernel/userspace and related context switch is NOT a problem! The solution boils down to this: 1. You need some way to store information temporary in the kernel (because it's getting first to the kernel). 2. You then need to handle it (assembly/encryption) and write it to disk. 3. After the data is on disk, you have a different proccess that sends it to some thrid party, but we really don't care about that. So long as you didn't perform 2, you want the information to wait in a temporary buffer (I first wrote bugger here, which is rather funny ;-) until you're done with it so store the data in a temporary in kernel buffer (or bugger, if you prefer ;-), have a user space proccess read it from there, proccess it, encrypt it, write it to file. Have yet another proccess send it to the thrid party (possibly using the Linux sendfile syscall for efficincy). Now you can write that Temporary buffer layer in kernel that can easily be read by user space: your self but you'll be just wasting DOOM3 cyclesw. This is exactly RelayFS. The rest are simple user space programs (and if you want to see an example on how to use it see Karim's most excellent LTT tool that can use RelayFS: http://www.opersys.com/LTT). Hope this helps, Gilad -- Gilad Ben-Yossef [EMAIL PROTECTED] Codefidence. A name you can trust(tm) Web: http://codefidence.com | SIP: [EMAIL PROTECTED] IL: +972.9.8650475 ext. 201 | Fax:+972.9.8850643 US: +1.360.2275194 ext. 201 | Cel: +972.52.8260388 I am Jack's Overwritten Stack Pointer -- Hackers Club, the movie = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
Gilad Ben-Yossef wrote: So long as you didn't perform 2, you want the information to wait in a temporary buffer (I first wrote bugger here, which is rather funny ;-) A Freudian slip is when you mean one thing but say your mother. Now you can write that Temporary buffer layer in kernel that can easily be read by user space: your self but you'll be just wasting DOOM3 cyclesw. This is exactly RelayFS. The rest are simple user space programs (and if you want to see an example on how to use it see Karim's most excellent LTT tool that can use RelayFS: http://www.opersys.com/LTT). The RelayFS page talks about why they are not the same as netlink, but they don't actually say what the difference is, or why they think it is better. I'd love to hear why you recommend one but not the other - what are the differences? Hope this helps, Gilad Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
Gilad, Umm... Interesting. You might be right... but I'm still not convinced. (Though my project manager will love the general idea. To say the least, she doesn't really fancy the idea of writing our own FS :)) I'm sorry if I seound harsh, but I don't think you udnerstand your own needs. It has been known to happen Let's try to analyze them together - you need to store large amount of data from the network for proccessing by a further entity. What that data is exactly doesn't matter, but we will note that you might need to do non trivial handling of the data (encryption). I should add the encryption optional, depending on load and source. (And more important, how fanatical is the client) (There's no way in hell, I'll be able to process and encrypt two OC48 links in real time...) There obviously is no question of delay involved - you're talking about writing to disk, using a FIFO to buffer information etc so obviously there is no serious real time contraints on the data. As long as the data sequence is maintained, yes. What you really care about therefore is - *througput*, NOT delay. For this, crossing the kernel/userspace and related context switch is NOT a problem! The solution boils down to this: 1. You need some way to store information temporary in the kernel (because it's getting first to the kernel). 2. You then need to handle it (assembly/encryption) and write it to disk. 3. After the data is on disk, you have a different proccess that sends it to some thrid party, but we really don't care about that. No quite: 1. Get data from driver. (Or kernel network stack) 2. (Pre-assemble data), filter data, assemble data. 3. Try sending data to 3'rd party. 4. Optional: encrypt data using a symmetrical encryptions. (Due to performance constrains) 5. Commit data to disk. 6. Read data from disk. 7. Decrypt data. 8. Send data to 3'rd party. So long as you didn't perform 2, you want the information to wait in a temporary buffer (I first wrote bugger here, which is rather funny ;-) until you're done with it so store the data in a temporary in kernel buffer (or bugger, if you prefer ;-), have a user space proccess read it from there, proccess it, encrypt it, write it to file. Have yet another proccess send it to the thrid party (possibly using the Linux sendfile syscall for efficincy). Now you can write that Temporary buffer layer in kernel that can easily be read by user space: your self but you'll be just wasting DOOM3 cyclesw. This is exactly RelayFS. The rest are simple user space programs (and if you want to see an example on how to use it see Karim's most excellent LTT tool that can use RelayFS: http://www.opersys.com/LTT). Hope this helps, Gilad Interesting... that might work. Let me first point out that once the cells/frames have been processed, I don't care much for timing. (Which bodes well on your solution). However, I'm very tight on CPU and memory bandwidth. (Even a dual Opteron machine with two memory banks tends to suffocate at a certain point.) No matter what I do I just can't afford to add memcpy's to my system. Here's how I see it: Kernel 1: Device - SKB - Reassembly - Disk. (I can even save the third memcpy [Reassembly - Disk] I go rewrite the world under me) User: Device - SKB - Reassembly ( - ?) Relayfs - User: write(2) - Kernel: sys_write (copy_from_user) - Disk. Oh... Thanks for the help. I appreciate it. Gilboa = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
On Sun, Jul 31, 2005 at 04:53:21PM +0300, Shachar Shemesh wrote: The RelayFS page talks about why they are not the same as netlink, but they don't actually say what the difference is, or why they think it is better. I'd love to hear why you recommend one but not the other - what are the differences? To sum it up very quickly: netlink - control or small ammounts of data relayfs - bulk quantities of data Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
Muli Ben-Yehuda wrote: On Sun, Jul 31, 2005 at 04:53:21PM +0300, Shachar Shemesh wrote: The RelayFS page talks about why they are not the same as netlink, but they don't actually say what the difference is, or why they think it is better. I'd love to hear why you recommend one but not the other - what are the differences? To sum it up very quickly: netlink - control or small ammounts of data relayfs - bulk quantities of data Cheers, Muli and a device+ioctl? /sys? /proc? Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
Gilboa Davara wrote: Let's try to analyze them together - you need to store large amount of data from the network for proccessing by a further entity. What that data is exactly doesn't matter, but we will note that you might need to do non trivial handling of the data (encryption). I should add the encryption optional, depending on load and source. (And more important, how fanatical is the client) (There's no way in hell, I'll be able to process and encrypt two OC48 links in real time...) I believe you can, but this WILL require much more explanation... So long as you didn't perform 2, you want the information to wait in a temporary buffer (I first wrote bugger here, which is rather funny ;-) until you're done with it so store the data in a temporary in kernel buffer (or bugger, if you prefer ;-), have a user space proccess read it from there, proccess it, encrypt it, write it to file. Have yet another proccess send it to the thrid party (possibly using the Linux sendfile syscall for efficincy). Now you can write that Temporary buffer layer in kernel that can easily be read by user space: your self but you'll be just wasting DOOM3 cyclesw. This is exactly RelayFS. The rest are simple user space programs (and if you want to see an example on how to use it see Karim's most excellent LTT tool that can use RelayFS: http://www.opersys.com/LTT). Interesting... that might work. Let me first point out that once the cells/frames have been processed, I don't care much for timing. (Which bodes well on your solution). However, I'm very tight on CPU and memory bandwidth. (Even a dual Opteron machine with two memory banks tends to suffocate at a certain point.) No matter what I do I just can't afford to add memcpy's to my system. Understandable attitude, but it may be wrong. Take a look at this paper from last year OLS for example: http://www.linuxsymposium.org/proceedings/reprints/Reprint-Ronciak-OLS2004.pdf These guys from Intel thought having a zero copy receive path for network packets where the card will DMA stright into the user space program buffer will be a big win due to saving a memcpy. They implemented and tested. Results? perfomace was *worse* from losing the extra copy, not better. It turned out the extra copy actually pre-loaded the cache and gained more then it costs. Does this fit your scenario? I have no idea. But there is a lesson here: don't assume anything. Build a quick pilot and measure. You may very well find out that your bottle necks are completly different areas (for example - are your network drivers interrupt driven? you might very well find that your system gets into live lock on interrupts before any issues stemming from memcpy of data). As the man said, pre optimization ios the root of all evil. Here's how I see it: Kernel 1: Device - SKB - Reassembly - Disk. (I can even save the third memcpy [Reassembly - Disk] I go rewrite the world under me) User: Device - SKB - Reassembly ( - ?) Relayfs - User: write(2) - Kernel: sys_write (copy_from_user) - Disk. As I already said, you can use Linux sendfile() to avoid the last copy if you're not messing with the data after it reached the disk. Wont help the decryption case, unless you also happen to have a a hardware encryption engine, which is a good idea anyways. Oh... Thanks for the help. I appreciate it. Thanks for the interesting subject :-) Gilad -- Gilad Ben-Yossef [EMAIL PROTECTED] Codefidence. A name you can trust(tm) Web: http://codefidence.com | SIP: [EMAIL PROTECTED] IL: +972.9.8650475 ext. 201 | Fax:+972.9.8850643 US: +1.360.2275194 ext. 201 | Cel: +972.52.8260388 I am Jack's Overwritten Stack Pointer -- Hackers Club, the movie = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
On Sun, Jul 31, 2005 at 05:31:11PM +0300, Shachar Shemesh wrote: and a device+ioctl? deprecated, except in very specific case (only one I can recall in recent memory is the Cell's SPE interface, and that one is not yet decided). /sys? Setting and reading device configuration and attributes. Very little data transfer. /proc? unholy mess. Add nothing new here. There are other options as well - the kevent/uevent mechanism, which works over netlink IIRC - adding your own file system, which is actually the preferred solution in many cases. A private case of that is debugfs. - adding a syscall - think of this as the structured equivalent of a device specific ioctl, for something that is *not* device specific. There are no hard and fast rules about which method to use - it's all a matter of taste, and a favorite subject for endless flamewars. If in doubt, ask... Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Apache access problem
On Sunday 31 July 2005 11:20, Michael Ben-Nes wrote: Whew. I found the reason for the problem. Apache is running as group www and the group file had two groups www with different numerical ids. Must have some historical reason that we use a differing numerical id on a few machines. One of the updates must have either readded the old offending id or changed the way the id is grabbed on daemon startup, so most of the time the wrong numerical id was grabbed, clashing with the numerical id in the file system. That doesn't seem to be the problem: 1 - As far as I know, apache is running as group apache and there's no problem with the group definition (or with any other group definition). [EMAIL PROTECTED] solomon]$ cat /etc/group|grep apache apache:x:78: 2 - I'm talking about one machine here so the possibility for different groups on different machines is not relevant. 3 - Even if there had been a problem as described above, I don't see why it would cause the permission problem since, as I already wrote, all the directories in the path have the search bit (x) set for owner, group and other. [EMAIL PROTECTED] solomon]$ ls -lad /var/www/html drwxr-xr-x 15 apache apache 720 Jul 31 00:07 /var/www/html/ [EMAIL PROTECTED] solomon]$ ls -lad /var/www drwxr-xr-x 11 apache apache 272 Jan 23 2005 /var/www/ [EMAIL PROTECTED] solomon]$ ls -lad /var drwxr-xr-x 27 root root 680 Jan 31 20:09 /var/ -- Shlomo Solomon http://the-solomons.net Sent by KMail 1.7.1 (KDE 3.2.3) on LINUX Mandrake 10.1 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Sendmail performance tuning
Quoting Larry Weisberg, from the post of Sun, 31 Jul: Is there a mailing list (other than this list) to post questions about performance tuning of sendmail? Alternatively, is there anyone out I'd google for it, and try sendmail.org actually... there who has significant experience with performance tuning of Sendmail (preferrably on Debian) who might be interested in a few hours of consulting work? I wouldn't touch it with a long pole, it's an annoying piece of spaghetty. If performance is your main parameter, consider looking at Qmail and other modern options. -- Much ado about nothing Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
NAPI performance ; tg3 and broadcom driver
Hi, NAPI (New API) is a technique to improve network performance on Linux. It is not so new (relatively) - first howto is from 16/2/2002. In a really very brief descriptiom , it uses polling intsead of interrupts in some scenarios. This polling is done for receiving packets (the network card must be able to disbale interrupts). Transmitting packets is done as usual, by asserting interrupts. Polling is usually discouraged in linux device drivers , but there are cases (like when the interrupt rate is very high) in which this technique can improve performance. My question is: 1) does anybody have an experience with this technique ? what is the threshold (of k packets for a second) from which it became efficinet to use NAPI over usual non-NAPI solutions ? (I am talking about Xeon processor ~2.4 Ghz , but also data on other prcoessors can help) 2) Specically regarding NAPI and Broadcom cards: On many distrubutins, the Broadcom BCM5700 family of Network Drivers uses the tg3 driver. ( Tigon3 ethernet driver, in /linux/drivers/net/tg3.c) On broadcom website there is a driver for linux that they wrote for Linux. http://www.broadcom.com/drivers/downloaddrivers.php (the BCM57xx Drivers). Is there any advantage of using the Broadcom drivers to using the tg3 driver ? (and does the kernel version - 2.4 or 2.6 - has any importance in this respect?) Regards, Rami Rosen To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
Gilboa Davara wrote: Here's how I see it: Kernel 1: Device - SKB - Reassembly - Disk. (I can even save the third memcpy [Reassembly - Disk] I go rewrite the world under me) User: Device - SKB - Reassembly ( - ?) Relayfs - User: write(2) - Kernel: sys_write (copy_from_user) - Disk. Note that in the case of relayfs there is no memcpy involved in the kernel-user stage, since relayfs uses mmap to map its buffers to user-mode. At least in later versions. relayfs is also being integrated into the kernel and will be available built-in as of 2.6.13. You can also find patches in their homepage. I've used relayfs for my own needs and it's been very easy to work with them, there is a relayfs-apps layer that makes creating a quick pilot very easy. One possible complication though, relayfs has a buffer per cpu, if your receive path is being handled in two different cpus you'll need to synchronize the data yourself since you'll get it in two different buffers. Baruch = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
On Sun, 2005-07-31 at 17:35 +0300, Gilad Ben-Yossef wrote: I should add the encryption optional, depending on load and source. (And more important, how fanatical is the client) (There's no way in hell, I'll be able to process and encrypt two OC48 links in real time...) I believe you can, but this WILL require much more explanation... I hear hardware assisted (or based) assembly and encryption coming. As I wish to conserve my current work, I rather (strike that: must) stay in software-only-lala-land. Interesting... that might work. Let me first point out that once the cells/frames have been processed, I don't care much for timing. (Which bodes well on your solution). However, I'm very tight on CPU and memory bandwidth. (Even a dual Opteron machine with two memory banks tends to suffocate at a certain point.) No matter what I do I just can't afford to add memcpy's to my system. Understandable attitude, but it may be wrong. Take a look at this paper from last year OLS for example: http://www.linuxsymposium.org/proceedings/reprints/Reprint-Ronciak-OLS2004.pdf These guys from Intel thought having a zero copy receive path for network packets where the card will DMA stright into the user space program buffer will be a big win due to saving a memcpy. They implemented and tested. Results? perfomace was *worse* from losing the extra copy, not better. It turned out the extra copy actually pre-loaded the cache and gained more then it costs. *Very* interesting reading. Nice catch indeed. Never the less I wonder if cache soiling wouldn't be a problem under extra (or extreme) loads. It fairly probable that you'll the have the following scenario: A. IRQ B. Software IRQ. (B1. Possible another IRQ raise here?) C. DMA to SKB. D. SKB to user buffers (L2 preloaded) E. Boom. Hardware IRQ raised. (And the cycle starts over.) F. User mode processing. (L2 contents lost) In this case, by the time the user-space actually gets a hold of the data, the L1/2 contents have been flushed. Don't forget that as the data set and throughput grows the effect of the CPU cache diminishes considerably. (Hence 9MB L3 Titanics and the 8MB L3 Xeon MPs) More-ever people tend to over-look the fact that DMA, even on a fast PCI-X 1.0 / 2.0 bus (PCI in this case) is *pretty* extensive latency wise and limited, bandwidth wise; It is conceivable that the changes they've made to driver to allow for zero-copy DMA added sufficient latency to cancel any positive effects they might have gotten by going zero-copy in the first place. It would have been nice to see the same test running on a Dual Opteron machine (Or Xeon) with 2 x 2 port GbE NICs. A quad machine with two PCI- X bridges is even better. On the other hand, the article was written by someone, that unlike me, knows what he's talking about. So go figure. At least by my experience, once you have multiple GbE or ATM cards, it's all about *pure* memory bandwidth first. (And lots and lots [and lots] of it) and raw CPU power second. Does this fit your scenario? I have no idea. But there is a lesson here: don't assume anything. Build a quick pilot and measure. You may very well find out that your bottle necks are completly different areas (for example - are your network drivers interrupt driven? you might very well find that your system gets into live lock on interrupts before any issues stemming from memcpy of data). Even with a good NAPI Ethernet driver (Like the Intel's e1000) IRQ time is indeed a problem. Combined with the software IRQ part of the driver, I lose at 30-50% CPU time before I even start doing any real work. I'm actually thinking about ways to disable IRQ altogether, manually polling the devices for RX frames periodically. (I don't care much for the extra load when the system is idle.) As the man said, pre optimization ios the root of all evil. Umm... I hear that from my team leader on a daily basis. On the other hand, I doubt that the other extreme (Use C# now, rewrite if we're slower then a dead snail later) is any better... I'm still no convinced that the reduced development time of doing it in user-space, will come even close to rewriting the all package if things don't perform up to par. As I already said, you can use Linux sendfile() to avoid the last copy if you're not messing with the data after it reached the disk. Wont help the decryption case, unless you also happen to have a a hardware encryption engine, which is a good idea anyways. Baaah! They'll deduct the encryption hardware price off my paycheck ;) To be honest, I don't worry much about encryption. I doubt that it'll be used in any real high-bandwidth case. It will be used in cases where security matters most and bandwidth is *very* low to begin with. Oh... Thanks for the help. I appreciate it. Thanks for the interesting subject :-) Hehe... I do my best to serve :-)
Re: File I/O within kernel threads?
On Sun, 31 Jul 2005, Gilboa Davara wrote: On Sun, 2005-07-31 at 17:35 +0300, Gilad Ben-Yossef wrote: Interesting... that might work. Let me first point out that once the cells/frames have been processed, I don't care much for timing. (Which bodes well on your solution). However, I'm very tight on CPU and memory bandwidth. (Even a dual Opteron machine with two memory banks tends to suffocate at a certain point.) No matter what I do I just can't afford to add memcpy's to my system. did you measure this, or are you guessing? Understandable attitude, but it may be wrong. Take a look at this paper from last year OLS for example: http://www.linuxsymposium.org/proceedings/reprints/Reprint-Ronciak-OLS2004.pdf These guys from Intel thought having a zero copy receive path for network packets where the card will DMA stright into the user space program buffer will be a big win due to saving a memcpy. They implemented and tested. Results? perfomace was *worse* from losing the extra copy, not better. It turned out the extra copy actually pre-loaded the cache and gained more then it costs. *Very* interesting reading. Nice catch indeed. Never the less I wonder if cache soiling wouldn't be a problem under extra (or extreme) loads. you're learning the wrong lesson from this. it's not about how to make networking code faster. it's about intuition sometimes leads us the wrong way. now, get your hands off your mail reader, and spend a few days on doing actual measurements and tests. either you'll find that you're right, and you'll have valid info for she who must be obeyed in order to justify what you're doing, or you'll find that your intuition has betrayed you, and you can actually have the performance you wanted without doing extra twists. and gilad was right - when you measure performance, you should check the worst-case scenario (that is, you lost contact with the 3rd-party thingy and then regained it, and you now need to save new data directly to disk at the same time as passing old data from disk to the 3rd party). -- guy For world domination - press 1, or dial 0, and please hold, for the creator. -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
low-level formatting?
Hello, Running badblocks -n on my hard drive I found a couple hundred of bad blocks, apparently pretty well concentrated in two areas. I intend to buy a new drive but still trying to make use of this 80Gb Maxtor drive I googled for low level format (the type that asks the drive itself to map bad blocks without the OS intervention) and found only text like in the old days it was possible, today only the factory can do this. Is this true? Is my only option now is to mkfs which reads the output of badblocks(8)? Thanks, --Amos To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: File I/O within kernel threads?
On 8/1/05, Gilboa Davara [EMAIL PROTECTED] wrote: To be honest, I don't worry much about encryption. I doubt that it'll be used in any real high-bandwidth case. It will be used in cases where security matters most and bandwidth is *very* low to begin with. Use an encrypted filesystem? And as for the don't over optimize before you have a reason - it doesn't mean design for a snail speed, it's another derivative from the general advise of optimize the use of your own time - you might be wasting your time on something which won't gain you much at the end of the project. Take this advise seriously, too many development projects ignore it and fail. Cheers, --Amos To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: NAPI performance ; tg3 and broadcom driver
On 8/1/05, Rami Rosen [EMAIL PROTECTED] wrote: Polling is usually discouraged in linux device drivers , but there are cases (like when the interrupt rate is very high) in which this technique can improve performance. I'm just intrigued by this - how feasable would it be to write a driver (and have support in the device hardware) that uses interrupts but switches to NAPI when the input rate peaks, then switches back to interrupts when the rate drops again? Cheers, --Amos To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Apache access problem
On 8/1/05, Shlomo Solomon [EMAIL PROTECTED] wrote: That doesn't seem to be the problem: I though you settled on the decision that the problem is the size of the file - could you justtry to create a file of just a little less than 2Gb size and fetch it, then icrease the same file to just a little over 2Gb and try to re-fetch it? --Amos To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: NAPI performance ; tg3 and broadcom driver
On Monday 01 August 2005 06:30, Amos Shapira wrote: I'm just intrigued by this - how feasable would it be to write a driver (and have support in the device hardware) that uses interrupts but switches to NAPI when the input rate peaks, then switches back to interrupts when the rate drops again? That's how NAPI is meant to work. The driver notifies the stack via rx_schedule() that it should schedule another poll. When the driver want to return to the normal interrupt-per-packet mode, it should program the hardware accordingly and call rx_complete() instead of rx_schedule(). -- Oron Peled Voice/Fax: +972-4-8228492 [EMAIL PROTECTED] http://www.actcom.co.il/~oron ICQ UIN: 16527398 Microsoft: We make virii work! = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
