Re: Any TCP VTW users?

On Thu, Sep 15, 2022 at 04:33:09PM +0900, Ryota Ozaki wrote: > Hi, > > Are there any users of TCP Vestigial Time-Wait (VTW)? > The feature is disabled by default and we need to explicitly > enable via sysctl to use it. > > I just want to know if we should still maintain it. Have you read the

Re: Any TCP VTW users?

On Fri, Sep 16, 2022 at 10:33:31AM +0900, Ryota Ozaki wrote: > > Thank you for the report! > > Just curious. Does it improve performance? (or reduce CPU/memory usage?) The Coyote Point loadbalancers couldn't survive our load testing (which was modeled on traces of real world workloads) without

Re: regarding the changes to kernel entropy gathering

> and hifn(4) have RNGs; and there are some dedicated RNG devices like > ualea(4). Can we actually use the TPM RNG from in-kernel? Whether we should is a different, interesting question, given how it is typically implemented. -- Thor Lancelot Simon

Re: regarding the changes to kernel entropy gathering

On Tue, Apr 06, 2021 at 10:54:51AM -0700, Greg A. Woods wrote: > At Mon, 5 Apr 2021 23:18:55 -0400, Thor Lancelot Simon wrote: > > > But what you're missing is that neither does what you > > think. When rndctl -L runs after the system comes up multiuser, all > > entrop

Re: regarding the changes to kernel entropy gathering

On Mon, Apr 05, 2021 at 02:13:31PM -0700, Greg A. Woods wrote: > At Mon, 5 Apr 2021 15:37:49 -0400, Thor Lancelot Simon wrote: > Subject: Re: regarding the changes to kernel entropy gathering > > > > On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote: > > &g

Re: regarding the changes to kernel entropy gathering

On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote: > > BTW, to me reusing the same entropy on every reboot seems less secure. Sure. But that's not what the code actually does. Please, read the code in more depth (or in this case, breadth), then argue about it.

Re: regarding the changes to kernel entropy gathering

On Mon, Apr 05, 2021 at 09:30:16AM -0700, Greg A. Woods wrote: > At Mon, 5 Apr 2021 10:46:19 +0200, Manuel Bouyer > wrote: > Subject: Re: regarding the changes to kernel entropy gathering > > > > If I understood it properly, there's no need for such a knob. > > echo

Re: regarding the changes to kernel entropy gathering

On Sun, Apr 04, 2021 at 01:08:20PM -0700, Greg A. Woods wrote: > > I trust the randomness and in-observability and isolation of the > behaviour of my system's fans far more than I would trust Intel's RDRAND > or RDSEED instructions. I do not. However, I do differ with Taylor in that I believe

Re: nothing contributing entropy in Xen domUs? (causing python3.7 rebuild to get stuck in kernel in "entropy" during an "import" statement)

On Wed, Mar 31, 2021 at 11:24:07AM +0200, Manuel Bouyer wrote: > On Tue, Mar 30, 2021 at 10:42:53PM +, Taylor R Campbell wrote: > > > > There are no virtual RNG devices on the system in question, according > > to the quoted `rndctl -l' output. Perhaps the VM host needs to be > > taught to

Re: "wireguard" implementation improperly merged and needs revert

On Sat, Aug 22, 2020 at 08:35:39PM +0200, Jason A. Donenfeld wrote: > > In its current form, there are implementation flaws and violations > that I do not consider acceptable, and deploying this kind of thing is > highly irresponsible and harmful to your users. Can you please explain what these

Re: Status of 8.99.12

On Mon, Feb 12, 2018 at 08:48:32AM +0800, Paul Goyette wrote: > > 1. Starting the gnucash program (from pkgsrc finance/gnucash) now takes >about 3 times as long as before. Even after successfully loading >the image (to get libraries etc into the file system cache) it take >more than

Re: netbsd 8 (beta) failing to load ixg device

On Thu, Nov 09, 2017 at 09:15:53AM -0500, Derrick Lobo wrote: > The daily beta version of nebtsd 8 does not support ixg 5gb NIC's, the > support was enabled in 7.99 That doesn't make sense - if it's in 7.anything, it's in 8. When we cut the 8 branch, we move the version number on HEAD to 8.99.

Re: Running NetBSD in Google Cloud?

On Mon, Nov 06, 2017 at 07:07:26PM +, m...@netbsd.org wrote: > https://github.com/google/netbsd-gce Oh, hey, I can fix one of the bugs they think that stuff has. It's just a quick, nearly trivial command-line change to qemu to make it use a vioscsi disk instead of an IDE disk... Thanks!

Running NetBSD in Google Cloud?

it should currently be possible to run NetBSD VMs in Google Cloud, since they are roughly KVM/QEMU and we support the various virtio devices they provide. Can anyone offer step by step instructions for doing so? Azure looks a little harder. -- Thor Lancelot Simon

Re: Crash related to VLANs in Oct 18th -current

On Mon, Oct 23, 2017 at 12:18:32PM +0100, Roy Marples wrote: > > I don't know anything about 802.1q trunks. > How can I tell that it is one, and why shouldn't it have a local address? Generally speaking, configurations that run tagged ("trunk") and untagged ("native") traffic on the same

Re: HEADS-UP: SATA NCQ support merged (from jdolecek-ncq branch)

On Wed, Oct 11, 2017 at 07:56:04PM -, Michael van Elst wrote: > t...@panix.com (Thor Lancelot Simon) writes: > > >It probably has to do with our small maximum transfer size. The disk is > >probably trying to be safer and *not* caching tagged writes as aggressively, &

Re: HEADS-UP: SATA NCQ support merged (from jdolecek-ncq branch)

On Tue, Oct 10, 2017 at 11:11:54PM +0200, Jarom??r Dole??ek wrote: > I've fixed the compilation for ALL kernels. > > 2017-10-10 17:34 GMT+02:00 Michael : > > I tried sequential reads ( dd if=/dev/rwd0c ... ) and throughput took a > > significant hit. I used to get about

Re: AMD Ryzen and NetBSD?

On Sun, Jul 02, 2017 at 10:57:20PM +0100, Patrick Welche wrote: > On Fri, Jun 30, 2017 at 12:00:45PM -0400, Thor Lancelot Simon wrote: > > I shoved a rather newer ST2000DM001-1CH164 in, which according to its > marketing bumpf can manage "Max SustainableTransfer Rate 210MB/s&

Re: AMD Ryzen and NetBSD?

u specifying block size? dd is terribly slow without it. > > I was using 64k - essentially the example in the "progress" man page. Latency. You want a double-buffered pipeline. -- Thor Lancelot Simont...@panix.com "We ca

Re: NetBSD-current amd64 with dhcpcd connects only partially

On Tue, Jun 13, 2017 at 09:20:24PM +, Thomas Mueller wrote: > > I don't run dhcpcd or anything like that from /etc/rc.conf but ran > dhcpcd -dM re0 : It appears dhcpcd sends DISCOVER messages for a full minute and receives no responses. Are you sure the DHCP server is OK? Thor

Re: disabling mediaopts for if_wm(4)

On Tue, May 09, 2017 at 11:05:19PM -0400, Thor Lancelot Simon wrote: > On Wed, May 10, 2017 at 09:35:44AM +0800, Paul Goyette wrote: > > > > So, what is the magic incantation to set the interface to 100TX FDX, but > > with flow/pause disabled? > > You can't. Or,

Re: disabling mediaopts for if_wm(4)

On Wed, May 10, 2017 at 09:35:44AM +0800, Paul Goyette wrote: > > So, what is the magic incantation to set the interface to 100TX FDX, but > with flow/pause disabled? You can't. Or, more rightly, you can't do it the way you probably want to. If you explicitly set a speed and duplex, you will

Re: rng padlock changes causes NetBSD to crash

On Thu, Feb 16, 2017 at 01:04:33PM +0200, Andrius V wrote: > Hi, > > I have tested the fix. lcr4(rcr4() | CR4_OSFXSR); helps indeed and > system boots but if statement seems to be not correct, at least on > VT-310DP board it ended up in the same error. I checked in an unconditional version of

Re: rng padlock changes causes NetBSD to crash

On Wed, Feb 15, 2017 at 10:25:36AM +0200, Andrius V wrote: > Hello, > > I have recently decided to test changes in this commit > https://mail-archive.com/source-changes@netbsd.org/msg64898.html. > Unfortunately NetBSD (i386) crashes on boot in all systems I have > tried with which includes VIA

Re: rnd entropy estimate running low?

On Tue, Jan 31, 2017 at 05:54:37PM +0100, Martin Husemann wrote: > On Tue, Jan 31, 2017 at 11:45:55AM -0500, Thor Lancelot Simon wrote: > > The only time we've ever really dug into it, I believe, the user decided > > the failures were right around the expected failure rate

Re: rnd entropy estimate running low?

On Tue, Jan 31, 2017 at 05:40:01PM +0100, Martin Husemann wrote: > On Tue, Jan 31, 2017 at 11:38:02AM -0500, Thor Lancelot Simon wrote: > > The statistical failures later in system run might indicate a memory > > integrity issue, a race condition of some kind, or just be the expecte

Re: rnd entropy estimate running low?

On Tue, Jan 31, 2017 at 05:16:33PM +0100, Havard Eidnes wrote: > >> Meanwhile the hardware random generator sits there unused. > > > > Does it sit there completely unused, or did it get used a little at > > boot time? > > It generated some bits at boot time, but apparently not early > enough,

Re: Wapbl correct and stable again?

l stand to have more demanding testing thrown at > > it? Can we simulate unclean shutdown with vn file-based filesystem and run > > aggressive tests on it? -- Thor Lancelot Simont...@panix.com "The dirtiest word in art is the C-word. I can't even say 'craft' without feeling dirty."-Chuck Close

Re: Gumstix Pepper

On Sat, Oct 15, 2016 at 05:02:50PM +, Michael van Elst wrote: > kiyoh...@kk.iij4u.or.jp (KIYOHARA Takashi) writes: > > >By the way, how should I handle a sensor? Is interface of a Linux > >compatible provide so that application of Linux can access? > >Who is doing such work at present? > >

Re: USB serial problems

On Wed, Sep 21, 2016 at 07:56:05AM -0700, John Nemeth wrote: > On Sep 21, 10:30am, Thomas Klausner wrote: > } > } I wanted to look at the serial console of a second machine, so I > } plugged in a USB serial dongle into my NetBSD (7.99.38/amd64): > } > } uftdi0 at uhub4 port 3 > } uftdi0: FTDI

Re: bind -> unbound/nsd

On Sun, Aug 28, 2016 at 06:24:41AM +, David Holland wrote: > > So for what it's worth: I don't see any need to have a DNS server in > base. It may be traditional, but few people use it; the landscape's As a guy who spent the best part of a decade building embedded products out of NetBSD:

Re: bind -> unbound/nsd

On Fri, Aug 19, 2016 at 06:13:13PM +0200, Joerg Sonnenberger wrote: > On Fri, Aug 19, 2016 at 09:55:48AM +0100, Roy Marples wrote: > > For example, I would use nsd on exactly one machine in my environment, > > my public facing DNS server which is exactly where it belongs. > > > > On the other

Re: Building on OS X - how?

On Sat, Aug 13, 2016 at 10:06:35PM +0200, Jarom??r Dole??ek wrote: > FWIW, build of tools for both i386 and sparc64 finished without > problems for me on Mac OS X host (10.11.6), building from clean > sources. The problem is not with the tools build. Thor

New build break on OS X

For the past several days, building on OS X 10.9.5 has failed with what looks like a symptom of host/target confusion that could have more serious consequences (like bad builds on other platforms). This is new. Hubert has also seen it on OS X 10.5. Build command is "build.sh -m amd64 -U -u

Re: Building on OS X - how?

On Thu, Aug 11, 2016 at 04:05:06PM +0100, Robert Swindells wrote: > > >2) /usr/bin/cc: > >Undefined symbols for architecture x86_64: "_iconv" > >in external/gpl3/gcc/usr.bin/backend > > This should be in libc. For what value of "should"? _iconv is in the implementation-defined

Re: Building on OS X - how?

On Thu, Aug 11, 2016 at 09:00:35AM -0700, Michael Plass wrote: > > That sounds like it may be related to a problem I ran into when cross-building > from FreeBSD (11 beta something). With a package for libiconv installed, the > compile > must have found the header in /usr/local/include, but the

Re: Building on OS X - how?

On Thu, Aug 11, 2016 at 04:29:54PM +0200, Hubert Feyrer wrote: > > 2) /usr/bin/cc: >Undefined symbols for architecture x86_64: "_iconv" >in external/gpl3/gcc/usr.bin/backend This bug has appeared within the past few days and breaks my builds on OS X 10.9.5 as well. I'm not having much

Re: Identifying the NetBSD shell

On Mon, Mar 21, 2016 at 02:14:05PM -0400, Greg Troxel wrote: > > I find using 7.99.X awkward, as that's a version that means something > for the kernel (and userland more or less), and this is really something > quite different. I strongly agree. How about just giving it a date rather than a

Re: kqueue: SIGIO?

rly zero-cost "look aside" at some other *properly designed and structured* shared memory source of client requests should be pretty easy. Does the problem actually have to do with the mouse and keyboard? Mouse's idea of having the kernel write a flag word inste

Re: old file system , old partition tables, and some old scsi drive

On Mon, Sep 21, 2015 at 04:33:21AM +, David Holland wrote: > > In any case, there is zero chance that anything from the 80s that has > ffs on it has a MSDOS FDISK partition table. You're better off using > disklabel(8) and hoping you can find a BSD-type disklabel. But we have compatibility

Re: current status of ixg(4)

On Tue, Mar 31, 2015 at 03:38:45PM +0200, 6b...@6bone.informatik.uni-leipzig.de wrote: On Fri, 27 Mar 2015, Masanobu SAITOH wrote: This change have commited now. New patch: http://www.netbsd.org/~msaitoh/ixg-20150327-0.dif I have tested the patch and found no problems. My

Re: language lawyering: ftello/fseek/pread edition

On Mon, Mar 23, 2015 at 04:29:35PM +, David Holland wrote: On Mon, Mar 23, 2015 at 04:55:52PM +0100, Thomas Klausner wrote: Thanks. So if it survives a build, can I commit the attached patch? I question the merits of _LARGEFILE_SOURCE (are we going to start mucking with

Re: DoS attack against TCP services

On Sat, Mar 14, 2015 at 06:53:51AM +0800, Paul Goyette wrote: On Fri, 13 Mar 2015, Christos Zoulas wrote: On Mar 13, 6:32pm, hann...@eis.cs.tu-bs.de (J. Hannken-Illjes) wrote: -- Subject: Re: DoS attack against TCP services | What about the attached diff. It adds a counter of busy items

Re: kernel panic: uvm_fault

On Mon, Jan 26, 2015 at 04:28:22PM +0100, Thomas Klausner wrote: On Mon, Jan 26, 2015 at 10:01:41AM -0500, Thor Lancelot Simon wrote: alloc_bouncebus? On amd64? I think you've got a trashed pointer somewhere. I have makeoptions DEBUG=-g # compile full symbol table # grep -r

Re: Removing openldap?

this would actually reduce maintenance burden. It would reduce attack surface on some systems. -- Thor Lancelot Simon t...@panix.com From the tooth paste you use in the morning to the salt on your evening meal, it's easy to take for granted the many products

Re: a separate build of libc

On Sat, Sep 20, 2014 at 01:03:05PM +0200, u-6...@aetey.se wrote: On Fri, Sep 19, 2014 at 08:10:31PM -0400, Thor Lancelot Simon wrote: On Fri, Sep 19, 2014 at 04:04:34PM +0200, u-6...@aetey.se wrote: Background: building an independent/standalone toolchain able to produce binaries

Re: a separate build of libc

On Fri, Sep 19, 2014 at 04:04:34PM +0200, u-6...@aetey.se wrote: Background: building an independent/standalone toolchain able to produce binaries runnable on NetBSD Why don't you just run build.sh -m machine tools and use the result? Thor

Re: Add MKCTF

On Mon, Mar 24, 2014 at 07:27:33PM +0900, Ryota Ozaki wrote: Hi, I'm adding a new build variable MKCTF, which was discussed on the chat some days ago. Currently CTF tools are built and used to generate and manipulate CTF data of ELF binaries when we build with MKDTRACE=yes.

Re: Build broken with new gcc 4.8.3.

On Sun, Mar 02, 2014 at 03:36:57PM -0500, Christos Zoulas wrote: Anything you compile with -g will now need -gdwarf-2 if you are using ctf{convert,merge} on them because our libdwarf understands dwarf-2, partially dwarf-3 and no dwarf-4 which is the default for gcc-4.8. This looks relevant:

Re: kernel crashes because crypto unloading?

On Sun, Jan 19, 2014 at 07:13:12PM +, David Laight wrote: open/close (well probably the vnode) needs to hold a reference count against the device. This is complicated somewhat because the device clones. Thor