Hello,
I'm using FreeBSD-4.4-STABLE and have an OpenBSD-2.9 router to
connect to the internet (via DSL). If i try to do a cvsup
(cvsup.de.freebsd.org, cvsup2.de.freebsd.org, cvsup.freebsd.org)
i'm getting a lot of icmp: Destination unreachable, need to frag
mtu 1488 messages and cvsup fails
On Fri, Jan 04, 2002 at 11:08:06AM +0100, Martin Kaeske wrote:
Hello,
I'm using FreeBSD-4.4-STABLE and have an OpenBSD-2.9 router to
connect to the internet (via DSL). If i try to do a cvsup
(cvsup.de.freebsd.org, cvsup2.de.freebsd.org, cvsup.freebsd.org)
i'm getting a lot of icmp:
--- Peter Pentchev [EMAIL PROTECTED] wrote:
On Fri, Jan 04, 2002 at 11:08:06AM +0100, Martin Kaeske wrote:
Hello,
I'm using FreeBSD-4.4-STABLE and have an OpenBSD-2.9 router to
connect to the internet (via DSL). If i try to do a cvsup
(cvsup.de.freebsd.org, cvsup2.de.freebsd.org,
On 04-Jan-02 Matthew Emmerton wrote:
On 03-Jan-02 David E. Cross wrote:
I'd like to create a /boot.config switch that will have boot1 _not_
read
from
the console; this is for a secure setup. Would others be interested
in
these
patches when I finish them?
Yes. I've seen other
On Friday, January 4, 2002, at 07:45 AM, Kristopher Kublinski wrote:
--- Peter Pentchev [EMAIL PROTECTED] wrote:
On Fri, Jan 04, 2002 at 11:08:06AM +0100, Martin Kaeske wrote:
Hello,
I'm using FreeBSD-4.4-STABLE and have an OpenBSD-2.9 router to
connect to the internet (via DSL). If i try
I want to create a Makefile for a C program that includes some Pentium
II specific inline assembler code. How do I tell the compiler whether
we are compiling on a i686?
For Linux, I can do something like this (for gnu-make)
Arch = $(shell arch)
cc .. -DArch .
and inside the program
* Stephen Montgomery-Smith [EMAIL PROTECTED] [020104 12:02] wrote:
I want to create a Makefile for a C program that includes some Pentium
II specific inline assembler code. How do I tell the compiler whether
we are compiling on a i686?
For Linux, I can do something like this (for gnu-make)
Alfred Perlstein wrote:
* Stephen Montgomery-Smith [EMAIL PROTECTED] [020104 12:02] wrote:
I want to create a Makefile for a C program that includes some Pentium
II specific inline assembler code. How do I tell the compiler whether
we are compiling on a i686?
For Linux, I can do
Stephen Montgomery-Smith [EMAIL PROTECTED] wrote:
What I want is a makefile that automatically detects whether it is on an
i686 or not (not for me to tell it so).
In general, that's not a good idea, IMO.
It should be up to the user to decide which optimizations
he wants and which not, and
On 04-Jan-02 Stephen Montgomery-Smith wrote:
Alfred Perlstein wrote:
* Stephen Montgomery-Smith [EMAIL PROTECTED] [020104 12:02] wrote:
I want to create a Makefile for a C program that includes some Pentium
II specific inline assembler code. How do I tell the compiler whether
we are
On Fri, Jan 04, 2002 at 11:20:55AM -0800, John Baldwin wrote:
On 04-Jan-02 Stephen Montgomery-Smith wrote:
Alfred Perlstein wrote:
* Stephen Montgomery-Smith [EMAIL PROTECTED] [020104 12:02] wrote:
...
But arch doesn't exist on FreeBSD.
Isn't this somewhat trivial?
If you do this, then I beg of you, for the sake of your successor's
sanity...
Comment your makefile ad nauseum and even put in a few echoes to inform
builder what nastiness you enforced.
I spend a lot of my time finding such optimizations in legacy code, well
they were optimizations 5 years
On Fri, Jan 04, 2002 at 02:48:22PM +0200, Peter Pentchev wrote:
You have not, by any chance, firewalled ICMP replies, have you -
either outgoing on the router, or incoming on the FreeBSD box?
No. Since i can see the icmp-messages with tcpdump, i thought
there is a problem with FreeBSD not
auth 9002357b subscribe freebsd-hackers [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message
William Carrel wrote:
Blocking all ICMP is bad m'kay?
First, I agree...
ipfilter with 'keep state' on the connections will automatically allow
back in relevant ICMP messages such as mustfrag.
Heh... I need to try to write a mustfrag daemon, which will
spoof them back whenever it sees
On Fri, Jan 04, 2002 at 07:45:43AM -0800, Kristopher Kublinski wrote:
I have the same setup as Martin but i cant say i have the same problem. I am also
blocking all
incoming icmp traffic - in fact i have explicitly denied almost all incoming traffic
so i do not
thing that is the problem.
auth 07120204 unsubscribe freebsd-hackers [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message
On Friday, January 4, 2002, at 12:46 PM, Terry Lambert wrote:
William Carrel wrote:
ipfilter with 'keep state' on the connections will automatically allow
back in relevant ICMP messages such as mustfrag.
Heh... I need to try to write a mustfrag daemon, which will
spoof them back whenever
On Thu, Jan 03, 2002 at 02:02:09PM +0100, Oliver Fromme wrote:
Jos Backus [EMAIL PROTECTED] wrote:
- Forwarded message from Justin Erenkrantz [EMAIL PROTECTED] -
+1. =) I've talked to the FreeBSD people and they just laugh
maniacally when I ask for a truss that follows
On Fri, Jan 04, 2002 at 12:46:19PM -0800, Terry Lambert wrote:
William Carrel wrote:
Blocking all ICMP is bad m'kay?
First, I agree...
ipfilter with 'keep state' on the connections will automatically allow
back in relevant ICMP messages such as mustfrag.
Heh... I need to try to
One possibility is that the code in icmp_input() processing the
PMTU discovery-induced ICMP message could verify that the returned
header in fact is associated with a connection on the host and
maybe even has sane sequence numbers (for TCP segments). This would
make it more difficult to just
Guido van Rooij wrote:
ipfilter with 'keep state' on the connections will automatically allow
back in relevant ICMP messages such as mustfrag.
Heh... I need to try to write a mustfrag daemon, which will
spoof them back whenever it sees traffic... and see what happens.
The sender
Louis A. Mamakos wrote:
One possibility is that the code in icmp_input() processing the
PMTU discovery-induced ICMP message could verify that the returned
header in fact is associated with a connection on the host and
maybe even has sane sequence numbers (for TCP segments). This would
make
I suppose we'll always get a couple hundred bytes in edgewise anyway, but
it all makes for an interesting exercise. I wonder about the robustness
of other operating systems to such an attack...
I think malicious people will point their ears at this line here ^^
Maybe make the minimum size a
In a message written on Fri, Jan 04, 2002 at 03:35:35PM -0800, Terry Lambert wrote:
Of course, now you've let the dirty little secret out of the
bag: the MTU is on the *route*, which means on the next hop,
so a spoof that got through would frag basically all traffic
out of the victim machine
[reducing CC creep]
On Friday, January 4, 2002, at 03:46 PM, Leo Bicknell wrote:
In a message written on Fri, Jan 04, 2002 at 03:35:35PM -0800, Terry
Lambert wrote:
Of course, now you've let the dirty little secret out of the
bag: the MTU is on the *route*, which means on the next hop,
so
In a message written on Fri, Jan 04, 2002 at 01:26:54PM -0800, William Carrel wrote:
See now you've made me curious, and I ask myself questions like: How
robust is PMTU-D against someone malicious who wants to make us send
tinygrams? Could the connection eventually be forced down to an MTU
snip description=put minimum mtu in tuneable sysctl/
I suppose so, but then you won't be able to connect to machines with
miniscule path MTU's, and that should definately be a warning. But then
it beats Linux which allows the path MTU to be reduced to 69 bytes (ouch!).
Ouch indeed. Well
I don't have the RFC handy, but aren't all Internet connected hosts
required to support a minimum MTU of 576 from end to end with no
fragmentation? Thus if we ever got an MTU less than 576 we should
ignore it. Right?
If we're on the internet yes. If you're in an environment other than one
In a message written on Sat, Jan 05, 2002 at 01:14:45AM +0100, Rogier R. Mulhuijzen
wrote:
If we're on the internet yes. If you're in an environment other than one
connected to the internet (do those even exist grin/) no.
Hence my tuneable sysctl idea.
I'll support a sysctl, however I'll
So, I'm poking at pkg_sign, trying to see what it would take to enable
GPG as well as PGP, and came across something that appears odd. (It
might just be me, mind you.) Pointers to clue would be appreciated,
if it's me.
First, pkg_sign doesn't seem to work at all with PGP. I get no chance
to
On Friday, January 4, 2002, at 03:56 PM, Leo Bicknell wrote:
In a message written on Fri, Jan 04, 2002 at 01:26:54PM -0800, William
Carrel wrote:
See now you've made me curious, and I ask myself questions like: How
robust is PMTU-D against someone malicious who wants to make us send
In a message written on Fri, Jan 04, 2002 at 04:03:35PM -0800, William Carrel wrote:
RFC 879 (http://www.rfc.net/rfc879.html) would tend to disagree...
(10) Gateways must be prepared to fragment datagrams to fit into the
packets of the next network, even if it smaller than 576 octets.
Hmm,
In a message written on Sat, Jan 05, 2002 at 01:14:24AM +0100, Rogier R. Mulhuijzen
wrote:
I suppose so, but then you won't be able to connect to machines with
miniscule path MTU's, and that should definately be a warning. But then
it beats Linux which allows the path MTU to be reduced to
I don't have the RFC handy, but aren't all Internet connected hosts
required to support a minimum MTU of 576 from end to end with no
fragmentation? Thus if we ever got an MTU less than 576 we should
ignore it. Right?
No, all hosts are required to be able to reassemble IP datagram
I dunno if this has come up before or not, but thought I would ask.
I've got one of the litle soekris net4501 boards that I use as a
router/firewall/NAT box, and it works really good. I have a stripped
down FreeBSD system that I run in a 16MB partition on an 32MB Compact
Flash card plugged
Hi all, if I want to change behavior of sessionlimit behavior in
login.conf, where I should look first since I can't find it in
/usr/src/libutil thx before.
Best regards
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message
Apologies if this belongs on -questions. I couldn't find what I needed in
the archives or handbook.
I have a system where I need/want to handle lots of files in a single
directory. Lots as in 100-200K files. ls | wc -l breaks because the
value of ARG_MAX in sys/syslimits.h is too small. If
On Fri, Jan 04, 2002 at 09:50:45PM -0500, David Miller wrote:
Apologies if this belongs on -questions. I couldn't find what I needed in
the archives or handbook.
It almost certaintly did.
I have a system where I need/want to handle lots of files in a single
directory. Lots as in 100-200K
David Miller wrote:
Apologies if this belongs on -questions. I couldn't find what I needed in
the archives or handbook.
I have a system where I need/want to handle lots of files in a single
directory. Lots as in 100-200K files. ls | wc -l breaks because the
value of ARG_MAX in
Brooks Davis wrote:
I have a system where I need/want to handle lots of files in a single
directory. Lots as in 100-200K files. ls | wc -l breaks because the
value of ARG_MAX in sys/syslimits.h is too small. If I change it from
65536 to 4meg and rebuild the world it works fine.
ls |
Howdy,
I have recently acquired a pair of Phobos 4-port NIC's, the P430TX
model. On it, it has 4 Intel 21143TD chips, and one larger Intel
21152AB chip.
The driver (binary only) provided by Phobos is from 1999. Does FreeBSD
have any support for this card? Perhaps by the dc or de drivers? If
On Fri, 4 Jan 2002, Terry Lambert wrote:
David Miller wrote:
Apologies if this belongs on -questions. I couldn't find what I needed in
the archives or handbook.
I have a system where I need/want to handle lots of files in a single
directory. Lots as in 100-200K files. ls | wc -l
I had a similar (if not identical) phobos card. Turned out to be
supported. (Tulip I think) Pop it in a machine and see if it works :)
-Bill
On Fri, Jan 04, 2002 at 07:54:27PM -0800, Eric Busto wrote:
Howdy,
I have recently acquired a pair of Phobos 4-port NIC's, the P430TX
model. On it,
Louis A. Mamakos writes:
I dunno if this has come up before or not, but thought I would ask.
I've got one of the litle soekris net4501 boards that I use as a
router/firewall/NAT box, and it works really good. I have a stripped
down FreeBSD system that I run in a 16MB partition on an 32MB
Whichever hacker,
Upon reading section 3.1 in
ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/4.4-RELEASE/floppies/README.TXT,
I learned that you can always use a helping hand. I, however, do not
know how to program just yet. The project aroused my interest, and I'd
like to help out
On Fri, Jan 04, 2002 at 07:53:52PM -0800, Terry Lambert wrote:
Brooks Davis wrote:
I have a system where I need/want to handle lots of files in a single
directory. Lots as in 100-200K files. ls | wc -l breaks because the
value of ARG_MAX in sys/syslimits.h is too small. If I change
In message: [EMAIL PROTECTED]
Rogier R. Mulhuijzen [EMAIL PROTECTED] writes:
: Out of curiosity, where do MTUs ~512 occur?
Old slip links that used it to reduce latency. I suspect that there
aren't too many of them left in the world.
Warner
To Unsubscribe: send mail to [EMAIL
48 matches
Mail list logo