Routing table for service
Здравствуйте, Questions. Is there any options to set routing table for service? For example: rc.conf named_enable=YES named_fib=2 so it will be run as: setfib 2 /usr/sbin/named -t /var/named -u bind instead of /usr/sbin/named -t /var/named -u bind -- С уважением, KES mailto:kes-...@yandex.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Apache 2 docs question
I'm setting up a new web server on 7.1 using Apache 2. I am reusing an old top level index.html that's from an Apache 1 install. I created a sym link to the Apache docs at /usr/local/share/doc/apache22 to the old manuual name. Here's the snipet from the index.html file thta points at it: hr width=50% size=8 / pThe Apache a href=manual/documentation/a has been included with this distribution./p But I don;t get a useful display, from this. The index.html file that is in this directory does not look like I expect. I suspect that I need to set up something so that the language is defined, right? How can I do this? -- One of the main causes of the fall of the roman empire was that, lacking zero, they had no way to indicate successful termination of their C programs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD kernel Debugging tools for Virtual Memory Module
ddb and kgdb are two useful and often indispensable tools for kernel debugging on FBSD. ddb won't allow you source level debugging, kgdb will, but you'll need an extra machine. If the code you are debugging doesn't depend on specific hardware, one option is to run FreeBSD (with the kernel being debugged) under qemu and run kgdb on the host FreeBSD. Something like In Window1 $ qemu -s freebsd-disk-img ... In Window2 $ cd where the kernel under test was built $ kgdb kernel.debug (gdb) target remote localhost:1234 do your debugging (gdb) detach Ending remote debugging. (gdb) q $ Note: I have not tried this recently but it should work. AFAIK, if you are modifying the kernel source directly there is no option but to recompile all the changed and dependent files. Well... there used to be a debugger called ups with a builtin C interpreter. It allowed you to add code at run time. This was quite handy when you wanted to temporarily patch things up and continue debugging or set conditional breakpoints or insert assertion verification code on the fly. The C interpreter is worth adding to gdb but I am not sure if any of ups code can be reused. See http://ups.sourceforge.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD kernel Debugging tools for Virtual Memory Module
On Thu, Jan 01, 2009 at 06:27:44PM -0800, Kamlesh Patel wrote: I am working on Virtual Memory parts of FreeBSD OS. My Problem is, whenever i modify little code of vmpage.c file i need to build the whole kernel to check the modification and i even am not able to debug the kernel code. Could anyone please inform me kernel Debugging tools for FreeBSD OS? First, you need to recompile source you change for sure :-) But you have not rebuild all other files all the time. You need to add to your /etc/src.conf (or /etc/make.conf for 6.x and earlier): MODULES_WITH_WORLD=yes This will skip rebuilding of all modules during 'make buildkernel' but you MUST to copy all modules from /boot/kernel to /boot/modules (all files other than /boot/kernel/kernel*) if you do this. Otherwise, you'll lose modules and system may not boot due to missing vital modules like acpi.ko Then, if you do not change kernel config file, recompile your changes with command (only second time and then): cd /usr/src; make NO_KERNELDEPEND=yes NO_KERNELCLEAN=yes buildkernel So, your rebuild time changes drastically: no modules rebuild, no other sources rebuild other that you touched last time. It will relink previously compiled object code with your changes only, that's way much quicker. Reinstall kernel and reboot. Second, you should use some kind of virtual machine (like qemu from ports) to speedup your development cycle even more: install the system into virtual machine and you'll need not another box to debug the kernel and need not rebuild your development box. Test your changes with the system installed into VM and reboot it only. Use ddb or kgdb already noted here. Eugene Grosbein ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Suddenly shutdown -p now produces a reboot
I have a Server with Squid, 7.0-RELEASE-p4 FreeBSD, squid-3.0.11, that has been running fine for the last six months, at least. It is shutdown every night at 7 PM via cron. Now suddenly the machine is rebooting instead, and I've made no changes whatsoever. I'm wondering if this is a symptom of a coming hardware failure or if I can do something to get the normal behaviour back. I did have a similar problem when I first put the machine into production, then it was clear from /var/log/messages that squid did not have enough time to shutdown and I solved it by changeing the parameter rcshutdown_timeout=90 i rc.conf. Here's a piece of /var/log/messages --- snip Jan 1 19:05:00 server01 shutdown: power-down by root: Jan 1 19:05:33 server01 squid[823]: Squid Parent: child process 826 exited with status 0 Jan 1 19:05:34 server01 named[718]: stopping command channel on 127.0.0.1#953 Jan 1 19:05:34 server01 named[718]: stopping command channel on ::1#953 Jan 1 19:05:34 server01 named[718]: exiting Jan 1 19:05:36 server01 syslogd: exiting on signal 15 Jan 1 19:07:29 server01 syslogd: kernel boot file is /boot/kernel/kernel Jan 1 19:07:29 server01 kernel: Copyright (c) 1992-2008 The FreeBSD Project. Jan 1 19:07:29 server01 kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1 989, 1991, 1992, 1993, 1994 Jan 1 19:07:29 server01 kernel: The Regents of the University of California. All rights reserved. --- snip Thanks /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: An Apache2 configuration question
On Fri, 2 Jan 2009 02:33:54 -0500 stan st...@panix.com wrote: I'm setting up a 7.1 machine thta will server as, among other things, a web serrver. I've installed Apache2. I have some directores in the Apache documnet directory that I wish to pasword protect. I have added the following clause to /usr/local/etc/apache22/httpd.conf. I have created a Directory /usr/local/www/data Options Indexes FollowSymLinks AllowOverride AuthConfig /Directory In the directories that I want protected, I have created .htaccess files that look like this: AuthName Pictures AuthType Basic AuthUserFile /usr/local/etc/apache22/users2 require valid-user I have used htpasswd to create the users2 file. Ecerything works the way that I want _execpt_ the top level web page directory index, does not display the directories that have .htaccess files in them. What do I need to do to fix this? Have you checked out this URL: http://httpd.apache.org/docs/1.3/howto/auth.html You might also consider posting your question on the Apache list. -- Jerry ges...@yahoo.com There seems no plan because it is all plan. C.S. Lewis signature.asc Description: PGP signature
Re: FreeBSD kernel Debugging tools for Virtual Memory Module
Mehul Chadha wrote: But I am working on a virtual mode freebsd project similar to what UML does in linux. Do you mean like vkernel in DragonFlyBSD? http://leaf.dragonflybsd.org/cgi/web-man/?command=vkernelsection=ANY -- Michel TALON ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD kernel Debugging tools for Virtual Memory Module
Michel Talon Wrote: Do you mean like vkernel in DragonFlyBSD? Yes, UML and vkernel cater to same problem the implementation being the obvious difference between them. We have implemented some part of it and working on the design of the rest. We have been following the vkernel and UML and trying to move away with some of the shortcomings in both. It will be helpful for us if we can have some valuable inputs or any advice from your side. Regards, Mehul On Fri, Jan 2, 2009 at 6:24 PM, Michel Talon ta...@lpthe.jussieu.fr wrote: Mehul Chadha wrote: But I am working on a virtual mode freebsd project similar to what UML does in linux. Do you mean like vkernel in DragonFlyBSD? http://leaf.dragonflybsd.org/cgi/web-man/?command=vkernelsection=ANY -- Michel TALON ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: An Apache2 configuration question
On Fri, Jan 02, 2009 at 07:14:40AM -0500, Jerry wrote: On Fri, 2 Jan 2009 02:33:54 -0500 stan st...@panix.com wrote: I'm setting up a 7.1 machine thta will server as, among other things, a web serrver. I've installed Apache2. I have some directores in the Apache documnet directory that I wish to pasword protect. I have added the following clause to /usr/local/etc/apache22/httpd.conf. I have created a Directory /usr/local/www/data Options Indexes FollowSymLinks AllowOverride AuthConfig /Directory In the directories that I want protected, I have created .htaccess files that look like this: AuthName Pictures AuthType Basic AuthUserFile /usr/local/etc/apache22/users2 require valid-user I have used htpasswd to create the users2 file. Ecerything works the way that I want _execpt_ the top level web page directory index, does not display the directories that have .htaccess files in them. What do I need to do to fix this? Have you checked out this URL: http://httpd.apache.org/docs/1.3/howto/auth.html Thanks for the pointer. I read through it, and it does not discuss the visibility of directoiresm unfortunately. -- One of the main causes of the fall of the roman empire was that, lacking zero, they had no way to indicate successful termination of their C programs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
Hi freebsd-questions, For personal use (photo/video storage), I'm looking into creating a huge single ZFS (raidz) volume that will replace my current collection of drives used as storage. I'm thinking 4*1TB drives in RAID5(z). My question is regarding the flavour of drivers that one can choose from: Desktop class drives, or the so called RAID/Enterprise class drives. The difference between the two being the way such a drive handles the bad-sector/block handling and remapping. I understand that Desktop class drives do all this internally, and this is a process that can take up to 60s (even minutes on some), and during this process the drive is unavailable to the controller. The RAID edition drives all appoach this differently and alot faster, typically before 8 seconds. How does ZFS handle this? Should I be looking for the RAID class drives or can Desktop class drives be used here? My worry is of course that such a drive (destkop class) will be marked defective and thrown out of the raid volume if a remapping of bad sectors occurs and the drive will be unresponsive to the controller/ZFS for 8 seconds. Some drives can be configured in this area, but not all, and there's quite a price difference in the two, the desktop class being up to 50% cheaper in some cases.. Anybody that can shed some light on this? Thanks, -- Frederique ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
Hi freebsd-questions, For personal use (photo/video storage), I'm looking into creating a huge single ZFS (raidz) volume that will replace my current collection of drives used as storage. I'm thinking 4*1TB drives in RAID5(z). think twice before doing. My question is regarding the flavour of drivers that one can choose from: Desktop class drives, or the so called RAID/Enterprise class drives. but cheap drives they are OK. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
HowTo configure WPA[2] ath0 [wlan0] on up to date 8.0-CURRENT
I'm currently using wep at home and in the office configured from rc.conf.
example:
ifconfig_wlan0=DHCP ssid virus wepmode on wepkey 1:0x2373FE9515 weptxkey 1
I'm traveling and haven't been able to connect to hotspots that are
using wpa[2]. The handbook isn't up to date and I have been looking
for over a week unsuccessfully. As far as I know there isn't an X
utility to do this from and I've tried wpa_suplicant.conf with a
router here but since I don't understand it, I'm sure it is incorrect
(plus the important clue that it doesn't work) Hopefully this is an
easier and simpler way to do this.
The wpa_supplicant.conf configuration that I've tested is:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
## eapol_version=1
ap_scan=1
fast_reauth=1
network={
scan_ssid=1
proto=WPA2
ssid=TestRouter
## bssid=[mac address of your access point here]
## key_mgmt=WPA-PSK
## pairwise=TKIP
## psk=[i forgot what this is, presumably the md5 of the passphrase.]
password=Testing123
}
Any suggestions for getting out of this glass of water that I'm
drowning in would be greatly appreciated.
Thanks,
ed
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
MySQL version upgrade
I currently have running: mysql-client-4.0.27 mysql-server-4.0.27, who I would like to upgrade to mysql-client-5.0.75 mysql-server-5.0.75 I can imagine that there is a database issue here as the 4.0 records might differ from the 5.0 ones. Is there a way of upgrading smoothly? I did upgrade my databases in advance. -- best Wishes for 2009 and thank you for your support in the last year. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Memory Usage
Hi all, Does anyone have scripts they may be willing to share the parses any FreeBSD utility (top, w, etc) suitable for using the output to use mrtg to show memory and disk usage? -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
Wojciech Puchar woj...@wojtek.tensor.gdynia.pl writes: Hi, think twice before doing. Could you elaborate please ? Regards Éric Masson -- [Linux] c'est une philosophie un art de vivre, un état intérieur, une sorte de fluide qui nous entoure et nous pénètre. Fais tourner stp ! -+- Guillaume in Guide du linuxien pervers - Tous drogués j'vous dis ! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: MySQL version upgrade
On Fri, Jan 2, 2009 at 10:40 AM, Jos Chrispijn ker...@webrz.net wrote: I currently have running: mysql-client-4.0.27 mysql-server-4.0.27, who I would like to upgrade to mysql-client-5.0.75 mysql-server-5.0.75 I can imagine that there is a database issue here as the 4.0 records might differ from the 5.0 ones. Is there a way of upgrading smoothly? I did upgrade my databases in advance. -- best Wishes for 2009 and thank you for your support in the last year. ___ freebsd-questions@freebsd.org mailing list I'd recommend that you read up on the MySQL documentation on the subject of upgrading. I don't mean to be mean, but it's not exactly a FreeBSD issue :-P http://dev.mysql.com/doc/refman/5.0/en/upgrade.html and http://dev.mysql.com/doc/refman/5.0/en/upgrading-from-4-1.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
On Fri, 02 Jan 2009 16:40:38 +0100 Eric Masson e...@free.fr wrote: Wojciech Puchar woj...@wojtek.tensor.gdynia.pl writes: think twice before doing. Could you elaborate please ? Not again this anti-zfs story please.. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D + http://nagual.nl/ | SunOS sxce snv104 ++ + All that's really worth doing is what we do for others (Lewis Carrol) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Web server password management
On Jan 2, 2009, at 2:36 AM, stan wrote: I am setting up an Aoache2 webserver, and I want to require authenticon for some of it's contents. I am thinking of using htaccess. Is there a package that I can install that will allow users to request that various account management tasks be done. What I have in mind is a page that let's people request accounts, allows me to approve these request, and updates the users for for htpassword? I don't use either of these, but have looked at them in the past. Maybe one will do what you need: http://www.syscp.org/ http://www.webmin.com/ -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Foiling MITM attacks on source and ports trees
Hello, with MITM attacks [1] on the rise, I'm concerned about the integrity of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup (and portsnap) from master or mirror servers. [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack There's already a small protection against MITM on the distfiles in ports: distinfo contain md5 and sha256 digests. This is an excellent idea that could be extended to *all* files in /usr/src, /usr/doc, and /usr/ports. What I'd like to have is a way to check the fetched /usr/src, /usr/doc, and /usr/ports files against a *digitally signed* list of (file, revision, digest) tuples that would be generated on-the-fly and on-demand, so that any modification of the files in transit would be detected (provided the checker program runs on an uncompromised host, of course). This should not only apply to up-to-the-minute current files, but also to files fetched, say, a few weeks or months ago (e.g. because they are deployed in stable production servers). Assuming there's a secure way (which is not affected by MITM) to obtain a master public key (GnuPG key) of the FreeBSD Project, it would be nice to have a mechanism in place that would: 1. create a compressed list of (file, revision, md5/sha1/...digest) tuples for /usr/src, /usr/doc, and /usr/ports trees, 2. sign this list with the master private key of the project and make it available. Because the number of revisions for any specific file can be huge, this list could grow very fast. It may be economical to have the program create only (file, revision, digest) tuples for a limited number of revisions, typically as many as needed between start and end of a typical csup run on slow links, or at most, say, 24h... starting at an arbitrary date in the past. To save CPU cycles, previous computed (file, revision, digest) tuples could be permanently cached in an RDBMS, in Subversion or wherever else that's appropriate. Oh, we could always use SSL between csup and the servers as fallback, but SSL is not without flaws and I doubt that all mirrors would have valid certificates, defeating the whole purpose of foiling MITM attacks. And SSL alone doesn't permit checking after the fact the integrity of an older snapshot. Any idea? Could this be implemented as a plugin to Subversion (since it must access previous revisions of files and previously computed digests)? Given read-only access to the repository, a set of simple Python scripts or C/C++ programs could easily implement the basic functionality and cache the results for fast retrieval by other scripts. But how well will all this scale? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
think twice before doing. Could you elaborate please ? ZFS still doesn't work as described ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
Wojciech Puchar woj...@wojtek.tensor.gdynia.pl writes: think twice before doing. Could you elaborate please ? Not again this anti-zfs story please.. already described it some time ago. it's not my data anyway ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: MySQL version upgrade [SOLVED]
[APseudoUtopia] Uit een eerder bericht van 2-1-2009 17:04 :: I'd recommend that you read up on the MySQL documentation on the subject of upgrading. I don't mean to be mean, but it's not exactly a FreeBSD issue :-P I ofcourse was referring to the ports part of the whole story, sorry for not being clear about this. What I did: - Upgrade the MySQL client port and its dependencies first. - Upgraded mysql-client % portupgrade -o databases/mysql50-client -f mysql-client-\* - Upgrade mysql-server % portupgrade -o databases/mysql50-server -f mysql-server-\* - Recompiled everything else that depends on mysql-client so that they all link against the upgraded shlib: % portupgrade -Nfi -r mysql-client-\* -x mysql-client -x mysql-server - Restarted my mysql-server and ran the mysql-upgrade program: % mysql_upgrade -v -b /usr/local -d /var/db/mysql -u root Then I checked /var/db/mysql/mysite.err to see if there were any obvious problems (...): 090102 17:58:45 [Warning] mysql.user table is not updated to new password format; Disabling new password usage until mysql_fix_privilege_tables is run So I did a fix on my SQL tables: % mysql_fix_privilege_tables --password=my_password mysite.err: 090102 18:07:39 mysqld started 090102 18:07:39 InnoDB: Started; log sequence number 0 2232580 090102 18:07:39 [Note] /usr/local/libexec/mysqld: ready for connections. Version: '5.0.75' socket: '/tmp/mysql.sock' port: 3306 FreeBSD port: mysql-server-5.0.75 After this I tested all mysql client programs and am happy again :-) -- Jos Chrispijn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
cpghost wrote:
Hello,
with MITM attacks [1] on the rise, I'm concerned about the integrity
of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup
(and portsnap) from master or mirror servers.
[1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack
There's already a small protection against MITM on the distfiles in
ports: distinfo contain md5 and sha256 digests. This is an excellent
idea that could be extended to *all* files in /usr/src, /usr/doc, and
/usr/ports.
According to http://www.daemonology.net (the creator of portsnap and
also freebsd-update as well as being the freebsd security officer's
website) and a quick look though the freebsd-update and portsnap
scripts, both portsnap and freebsd update provide reasonable
cryptographic protection from MITHM attacks.
({freebsd-update,portsnap}.conf contains a sha256 hash of the rsa key
used to sign the updates)
Admittedly this doesn't give a file by file checksum but does give
reasonable protection against MITM attacks for updates of the ports tree
and the -RELEASE src trees.
Vince
What I'd like to have is a way to check the fetched /usr/src,
/usr/doc, and /usr/ports files against a *digitally signed* list of
(file, revision, digest) tuples that would be generated on-the-fly and
on-demand, so that any modification of the files in transit would be
detected (provided the checker program runs on an uncompromised host,
of course).
This should not only apply to up-to-the-minute current files, but also
to files fetched, say, a few weeks or months ago (e.g. because they
are deployed in stable production servers).
Assuming there's a secure way (which is not affected by MITM) to
obtain a master public key (GnuPG key) of the FreeBSD Project, it
would be nice to have a mechanism in place that would:
Agreed, a more secure way of getting it than
http://www.freebsd.org/security/so_public_key.asc would be nice, (just
ssl would make me happy.)
1. create a compressed list of (file, revision, md5/sha1/...digest)
tuples for /usr/src, /usr/doc, and /usr/ports trees,
2. sign this list with the master private key of the project and
make it available.
Because the number of revisions for any specific file can be huge,
this list could grow very fast. It may be economical to have the
program create only (file, revision, digest) tuples for a limited
number of revisions, typically as many as needed between start and end
of a typical csup run on slow links, or at most, say, 24h... starting
at an arbitrary date in the past.
To save CPU cycles, previous computed (file, revision, digest)
tuples could be permanently cached in an RDBMS, in Subversion or
wherever else that's appropriate.
Oh, we could always use SSL between csup and the servers as fallback,
but SSL is not without flaws and I doubt that all mirrors would have
valid certificates, defeating the whole purpose of foiling MITM
attacks. And SSL alone doesn't permit checking after the fact
the integrity of an older snapshot.
Any idea? Could this be implemented as a plugin to Subversion (since
it must access previous revisions of files and previously computed
digests)? Given read-only access to the repository, a set of simple
Python scripts or C/C++ programs could easily implement the basic
functionality and cache the results for fast retrieval by other
scripts. But how well will all this scale?
Thanks,
-cpghost.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
On Fri, Jan 2, 2009 at 10:44 AM, cpghost cpgh...@cordula.ws wrote: Hello, with MITM attacks [1] on the rise, I'm concerned about the integrity of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup (and portsnap) from master or mirror servers. [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack There's already a small protection against MITM on the distfiles in ports: distinfo contain md5 and sha256 digests. This is an excellent idea that could be extended to *all* files in /usr/src, /usr/doc, and /usr/ports. Something like this was discussed back in September: http://lists.freebsd.org/pipermail/freebsd-hackers/2008-September/026052.html I haven't tried Max's script yet, but it looks like it should do at least some of what you're looking for. Matt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
On Fri, Jan 02, 2009 at 11:26:45AM -0600, Matt wrote: On Fri, Jan 2, 2009 at 10:44 AM, cpghost cpgh...@cordula.ws wrote: Hello, with MITM attacks [1] on the rise, I'm concerned about the integrity of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup (and portsnap) from master or mirror servers. [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack There's already a small protection against MITM on the distfiles in ports: distinfo contain md5 and sha256 digests. This is an excellent idea that could be extended to *all* files in /usr/src, /usr/doc, and /usr/ports. Something like this was discussed back in September: http://lists.freebsd.org/pipermail/freebsd-hackers/2008-September/026052.html I haven't tried Max's script yet, but it looks like it should do at least some of what you're looking for. It's a beginning for sure. I assume (403 error) Max generates and saves digests on his snapshots and the verification script does the same locally and simply compares both lists. In an extended version, it could grep for the digests in the increasingly big list on Max's site... But that's not ideal because: 1) There's no guarantee that Max's csup has not been MITM-ed itself. 2) Max can't csup EVERY revision to digest it in near real-time. 3) Even with SSL on his site, I'd prefer a digitally signed list. ;) With this version of the script, it's not possible to check the integrity of an arbitrary specific snapshot in time (say, starting with the subversion migration and later). That's why I'm thinking of (file, revision, digest) tuples, and not just (file, digest) tuples that would need to go in that list; and a logic to fetch a subset of the list, based on revision numbers. The main problem I see here with (file, digest) tuples, is how to guess the right revision number of the local file. Unless that is transferred alongside csup (into a metadata directory? /var/db/sup perhaps?), it will be necessary to check a local file against a list of known and good digests -- the list created from the repository out of all revisions that ever existed for that file --. This is good enough against casual MITM, where an attacker creates his own replacement files, but it's not good enough if the attacker merely substitutes a current file with an older (but legitimate) file that contains a vulnerability. That old file would verify OK because it has a valid digest, but it's still not the file that should be in the checkout. See the problem? Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
On Fri, Jan 02, 2009 at 05:30:12PM +, Vincent Hoffman wrote:
cpghost wrote:
Hello,
with MITM attacks [1] on the rise, I'm concerned about the integrity
of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup
(and portsnap) from master or mirror servers.
[1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack
There's already a small protection against MITM on the distfiles in
ports: distinfo contain md5 and sha256 digests. This is an excellent
idea that could be extended to *all* files in /usr/src, /usr/doc, and
/usr/ports.
According to http://www.daemonology.net (the creator of portsnap and
also freebsd-update as well as being the freebsd security officer's
website) and a quick look though the freebsd-update and portsnap
scripts, both portsnap and freebsd update provide reasonable
cryptographic protection from MITHM attacks.
({freebsd-update,portsnap}.conf contains a sha256 hash of the rsa key
used to sign the updates)
Admittedly this doesn't give a file by file checksum but does give
reasonable protection against MITM attacks for updates of the ports tree
and the -RELEASE src trees.
Interesting! As csup user, I'm not using freebsd-update and portsnap
often nor regularly, but will have a look at it. Thanks for the hint.
Assuming there's a secure way (which is not affected by MITM) to
obtain a master public key (GnuPG key) of the FreeBSD Project, it
would be nice to have a mechanism in place that would:
Agreed, a more secure way of getting it than
http://www.freebsd.org/security/so_public_key.asc would be nice, (just
ssl would make me happy.)
Yup. ;)
Regards,
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Memory Usage
Grant Peel wrote: Does anyone have scripts they may be willing to share the parses any FreeBSD utility (top, w, etc) suitable for using the output to use mrtg to show memory and disk usage? net-mgmt/net-snmpd ? Or even, perhaps the base system's bsnmpd (although I'm not sure if this has support for all the OIDs you'ld need to query yet)? I don't know about mrtg, but snmpd+cacti lets me graph the sort of parameters you're interested in pretty simply. I believe mrtg normally does snmp queries to get interface stats -- it shouldn't be too hard to persuade it to make the equivalent queries to get disk or memory usage stats. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
X11 - radeon or radeonhd? (ATI Radeon HD 2400 XT)
Hi, I've got a PC (Dell) that came with a Radeon HD 2400 XT (RV610 chipset). Afaik there isn't 3D support yet with this card, so my primary goal is to get it working as far as 2D and speed is concerned (I don't want to go for vesa if at all possible) Which driver should I use for this card - radeon or radeonhd? Anything to consider besides having either Driver radeon or Driver radeonhd in the xorg.conf in order to get going? Thanks much in advance for any clue, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: X11 - radeon or radeonhd? (ATI Radeon HD 2400 XT)
On Friday 02 January 2009 13:32:57 Ewald Jenisch wrote: Hi, I've got a PC (Dell) that came with a Radeon HD 2400 XT (RV610 chipset). Afaik there isn't 3D support yet with this card, so my primary goal is to get it working as far as 2D and speed is concerned (I don't want to go for vesa if at all possible) Which driver should I use for this card - radeon or radeonhd? Anything to consider besides having either Driver radeon or Driver radeonhd in the xorg.conf in order to get going? Thanks much in advance for any clue, -ewald Either radeon or radeonhd should be fine. Feature-wise, they are at the same level. No other changes are required. Very recently DRM support was added for those cards, giving them much faster 2D acceleration via EXA (without DRM support, only XAA is supported) and Xv support as well. Unfortunately, this is limited to linux at the moment, but I *believe* Robert Noland has begun investigating how to port those changes over. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
It's a beginning for sure. I assume (403 error) Max generates and saves digests on his snapshots and the verification script does the same locally and simply compares both lists. it's plain paranoia. Yes such attacks are possible but usually there 100 other ways to compromise Your systems. if one really care then make your VPN for all your computers, use one that is unknown for others to download portsnap etc. and then use rsync to populate it to other machines. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
On Fri, Jan 02, 2009 at 08:04:10PM +0100, Wojciech Puchar wrote: It's a beginning for sure. I assume (403 error) Max generates and saves digests on his snapshots and the verification script does the same locally and simply compares both lists. it's plain paranoia. Yes such attacks are possible but usually there 100 other ways to compromise Your systems. if one really care then make your VPN for all your computers, use one that is unknown for others to download portsnap etc. and then use rsync to populate it to other machines. I'm already getting the files from one location and disseminate them via rsync-over-SSH-over-VPNs to the server farms. But the problem is the initial download from a cvsup mirror. That's the one I'm really concerned with. Note that I'm not concerned (all too much) with the integrity of the cvsup mirrors themselves (I trust cvsup server admins to take proper precautions against MITM between themselves and the master server, right guys?), but with the integrity of the TCP connection of random clients to those mirrors. That's the weakest link in the security chain, and I hope we can find a way to strenghten it. Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: X11 - radeon or radeonhd? (ATI Radeon HD 2400 XT)
On Fri, Jan 02, 2009 at 01:42:38PM -0500, Adam K Kirchhoff wrote: On Friday 02 January 2009 13:32:57 Ewald Jenisch wrote: Hi, I've got a PC (Dell) that came with a Radeon HD 2400 XT (RV610 chipset). Afaik there isn't 3D support yet with this card, so my primary goal is to get it working as far as 2D and speed is concerned (I don't want to go for vesa if at all possible) Which driver should I use for this card - radeon or radeonhd? Anything to consider besides having either Driver radeon or Driver radeonhd in the xorg.conf in order to get going? Thanks much in advance for any clue, -ewald Either radeon or radeonhd should be fine. Feature-wise, they are at the same level. No other changes are required. Very recently DRM support was added for those cards, giving them much faster 2D acceleration via EXA (without DRM support, only XAA is supported) and Xv support as well. Unfortunately, this is limited to linux at the moment, but I *believe* Robert Noland has begun investigating how to port those changes over. IIRC, it was related to having to use a more recent Xorg and MesaGL for the latest changes to work. As soon as the ports freeze is over, I assume they would get merged in. I'm also hoping to see support for DRI and Xv and even 3D in RV780 chipsets soon, esp. now that AMD has finally decided to release the RV600/700 specs to the public: http://www.phoronix.com/scan.php?page=articleitem=amd_r600_oss_3dnum=1 -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
No disks found on ASUS P5N-D, nForce 750i.
I have an ASUS P5N-D motherboard with an Nvidia nForce 750i chipset, and a Seagate 500GB SATA 3.0Gb/s hard drive. When I try to install FreeBSD 7.0 i386 from the bootonly CD, I get a No disks found! error when it gets to the partitioning section. Also strangely but probably just a coincidence, after I boot from the FreeBSD CD, my Windows XP installation freezes at mup.sys and I need to do a cold boot to fix it. Weird. Can anyone help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
No disks found on ASUS P5N-D, nForce 750i.
I have an ASUS P5N-D motherboard with an Nvidia nForce 750i chipset, and a Seagate 500GB SATA 3.0Gb/s hard drive. When I try to install FreeBSD 7.0 i386 from the bootonly CD, I get a No disks found! error when it gets to the partitioning section. Also strangely but probably just a coincidence, after I boot from the FreeBSD CD, my Windows XP installation freezes at mup.sys and I need to do a cold boot to fix it. Weird. Can anyone help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
On Fri, Jan 02, 2009 at 05:48:27PM +0100, Wojciech Puchar wrote: think twice before doing. Could you elaborate please ? ZFS still doesn't work as described ... Is that comment FreeBSD specifc, or aimed at ZFS in general? -- One of the main causes of the fall of the roman empire was that, lacking zero, they had no way to indicate successful termination of their C programs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: X11 - radeon or radeonhd? (ATI Radeon HD 2400 XT)
On Fri, Jan 02, 2009 at 01:42:38PM -0500, Adam K Kirchhoff wrote: On Friday 02 January 2009 13:32:57 Ewald Jenisch wrote: Hi, I've got a PC (Dell) that came with a Radeon HD 2400 XT (RV610 chipset). Afaik there isn't 3D support yet with this card, so my primary goal is to get it working as far as 2D and speed is concerned (I don't want to go for vesa if at all possible) Which driver should I use for this card - radeon or radeonhd? Anything to consider besides having either Driver radeon or Driver radeonhd in the xorg.conf in order to get going? Thanks much in advance for any clue, -ewald Either radeon or radeonhd should be fine. Feature-wise, they are at the same level. No other changes are required. Very recently DRM support was added for those cards, giving them much faster 2D acceleration via EXA (without DRM support, only XAA is supported) I've tried a HD3450 (RV620 chip) and a X1650Pro (RV535 chip) with both ati and radeonhd drivers. As of radeonhd 1.2.4 the X1650Pro works fine with XAA, to which it defaults. EXA wasn't very fast: (--) Chipset RV535 found (**) RADEONHD(0): Selected XAA 2D acceleration. (**) RADEONHD(0): Option XaaNoOffscreenPixmaps true (II) RADEONHD(0): Using XFree86 Acceleration Architecture (XAA) Screen to screen bit blits Solid filled rectangles 8x8 mono pattern filled rectangles Indirect CPU to Screen color expansion Solid Lines Scanline Image Writes Setting up tile and stipple cache: 32 128x128 slots 28 256x256 slots 16 512x512 slots The HD3450 only worked with shadowfb accelleration: (--) Chipset RV620 found (**) RADEONHD(0): Depth 24, (--) framebuffer bpp 32 (**) RADEONHD(0): Option AccelMethod exa (WW) RADEONHD(0): RV620: HW 2D acceleration is not implemented yet. (**) RADEONHD(0): Selected ShadowFB. (II) RADEONHD(0): Xv: No Textured Video possible without the Command Processor. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpWGjAqcjGxV.pgp Description: PGP signature
Re: X11 - radeon or radeonhd? (ATI Radeon HD 2400 XT)
On Fri, 2 Jan 2009, Ewald Jenisch wrote: I've got a PC (Dell) that came with a Radeon HD 2400 XT (RV610 chipset). Afaik there isn't 3D support yet with this card, so my primary goal is to get it working as far as 2D and speed is concerned (I don't want to go for vesa if at all possible) Which driver should I use for this card - radeon or radeonhd? My impression is that radeon is the more stable and feature-complete at present. I've tested both on a couple of cards and radeonhd had some flaws (which I now can't recall). Probably won't get 2D acceleration on that card yet. Probably not even after 7.1-RELEASE, then xorg-7.4 and Robert Noland's DRM updates. However, AMD just released some stuff and more is on the way. Anything to consider besides having either Driver radeon or Driver radeonhd in the xorg.conf in order to get going? Not that I can recall. -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: X11 - radeon or radeonhd? (ATI Radeon HD 2400 XT)
On Fri, 2009-01-02 at 20:38 +0100, cpghost wrote: On Fri, Jan 02, 2009 at 01:42:38PM -0500, Adam K Kirchhoff wrote: On Friday 02 January 2009 13:32:57 Ewald Jenisch wrote: Hi, I've got a PC (Dell) that came with a Radeon HD 2400 XT (RV610 chipset). Afaik there isn't 3D support yet with this card, so my primary goal is to get it working as far as 2D and speed is concerned (I don't want to go for vesa if at all possible) Which driver should I use for this card - radeon or radeonhd? Anything to consider besides having either Driver radeon or Driver radeonhd in the xorg.conf in order to get going? Thanks much in advance for any clue, -ewald Either radeon or radeonhd should be fine. Feature-wise, they are at the same level. No other changes are required. Very recently DRM support was added for those cards, giving them much faster 2D acceleration via EXA (without DRM support, only XAA is supported) and Xv support as well. Unfortunately, this is limited to linux at the moment, but I *believe* Robert Noland has begun investigating how to port those changes over. IIRC, it was related to having to use a more recent Xorg and MesaGL for the latest changes to work. As soon as the ports freeze is over, I assume they would get merged in. We're talking about the kernel modules here, not Xorg and Mesa. The DRM is necessary for EXA and Xv (as well as an updated DDX). And based on the conversations between Robert and the Linux/ATI folks, it is not as simple as merging the changes in. The new gart support necessary for r600/r700 cards, for example, is completely linux specific, as I understand it. I'm also hoping to see support for DRI and Xv and even 3D in RV780 chipsets soon, esp. now that AMD has finally decided to release the RV600/700 specs to the public: http://www.phoronix.com/scan.php?page=articleitem=amd_r600_oss_3dnum=1 -cpghost. The specs are not yet available. The only thing newly available is the DRM and updated DDX. The specs be available as soon as they finish sanitizing the documents and get approval. This will hopefully be soon. :-) Adam -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: X11 - radeon or radeonhd? (ATI Radeon HD 2400 XT)
On Fri, 2 Jan 2009 21:23:50 +0100 Roland Smith rsm...@xs4all.nl wrote: On Fri, Jan 02, 2009 at 01:42:38PM -0500, Adam K Kirchhoff wrote: On Friday 02 January 2009 13:32:57 Ewald Jenisch wrote: Hi, I've got a PC (Dell) that came with a Radeon HD 2400 XT (RV610 chipset). Afaik there isn't 3D support yet with this card, so my primary goal is to get it working as far as 2D and speed is concerned (I don't want to go for vesa if at all possible) Which driver should I use for this card - radeon or radeonhd? Anything to consider besides having either Driver radeon or Driver radeonhd in the xorg.conf in order to get going? Thanks much in advance for any clue, -ewald Either radeon or radeonhd should be fine. Feature-wise, they are at the same level. No other changes are required. Very recently DRM support was added for those cards, giving them much faster 2D acceleration via EXA (without DRM support, only XAA is supported) I've tried a HD3450 (RV620 chip) and a X1650Pro (RV535 chip) with both ati and radeonhd drivers. As of radeonhd 1.2.4 the X1650Pro works fine with XAA, to which it defaults. EXA wasn't very fast: (--) Chipset RV535 found (**) RADEONHD(0): Selected XAA 2D acceleration. (**) RADEONHD(0): Option XaaNoOffscreenPixmaps true (II) RADEONHD(0): Using XFree86 Acceleration Architecture (XAA) Screen to screen bit blits Solid filled rectangles 8x8 mono pattern filled rectangles Indirect CPU to Screen color expansion Solid Lines Scanline Image Writes Setting up tile and stipple cache: 32 128x128 slots 28 256x256 slots 16 512x512 slots EXA isn't fast (at least on Radeons) without DRM support. This is not available in the FreeBSD source tree, but is available (for FreeBSD) via freedesktop git (for that particular GPU). Adam -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
2009/1/3 Frederique Rijsdijk frederi...@isafeelin.org: Hi freebsd-questions, For personal use (photo/video storage), I'm looking into creating a huge single ZFS (raidz) volume that will replace my current collection of drives used as storage. I'm thinking 4*1TB drives in RAID5(z). My question is regarding the flavour of drivers that one can choose from: Desktop class drives, or the so called RAID/Enterprise class drives. The difference between the two being the way such a drive handles the bad-sector/block handling and remapping. I understand that Desktop class drives do all this internally, and this is a process that can take up to 60s (even minutes on some), and during this process the drive is unavailable to the controller. The RAID edition drives all appoach this differently and alot faster, typically before 8 seconds. How does ZFS handle this? Should I be looking for the RAID class drives or can Desktop class drives be used here? My worry is of course that such a drive (destkop class) will be marked defective and thrown out of the raid volume if a remapping of bad sectors occurs and the drive will be unresponsive to the controller/ZFS for 8 seconds. Some drives can be configured in this area, but not all, and there's quite a price difference in the two, the desktop class being up to 50% cheaper in some cases.. Anybody that can shed some light on this? Thanks, -- Frederique Hi, Before i knew the difference between the two, i got myself a bunch of desktop HDD. From what I've experience, freebsd just drops the drive. (Currently running in a gmirror config). I'm not sure about ZFS, but i would assume it would do the same. All you need to the do reattach the drive and it will sync back up again. I didn't know the reason why it dropped off, but when i checked the SMART, it showed 1 bad sector reallocation. If it happens to a disk with UFS, it crashes and restarts the machine, UFS doesn't like disappearing drives. Regards David N ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
On Fri, 2 Jan 2009 15:17:30 -0500 stan st...@panix.com wrote: On Fri, Jan 02, 2009 at 05:48:27PM +0100, Wojciech Puchar wrote: think twice before doing. Could you elaborate please ? ZFS still doesn't work as described ... Is that comment FreeBSD specifc, or aimed at ZFS in general? Mind you, ZFS on FreeBSD is not the same as on OpenSolaris-2008.11, Nevada or even Solaris 10. On those platforms ZFS generally does what it is supposed to do, other than it's still a developing FS. On *BSD related systems that is not always the case. Do a good readup. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D + http://nagual.nl/ | SunOS sxce snv104 ++ + All that's really worth doing is what we do for others (Lewis Carrol) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel panic
At Thu, 1 Jan 2009 12:05:25 -0800 (PST), Mark Busby wrote: Jan 1 08:56:39 mars savecore: reboot after panic: kmem_malloc(12288): kmem_map too small: 128778240 total allocated as you probably already know this means you ran out of kernel memory. 80211node 8081 21705K - 8081 16,32,512 this is the only thing that catches my eye. but i dunno if 21mb for 80211node is an issue or not. but there is definitely something leaking kernel memory. i would try to run vmstat -z on a regular basis (how often depending on when after a boot the crash happens) to find out what is leaking memory. hth, toni -- Don't forget, there is no security | toni at stderror dot at -- Wulfgar | Toni Schmidbauer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
think twice before doing. Why? I've had better luck with ZFS than I've had with VINUM and GEOM in the past, and I've put my ZFS array through alot of stress. If his data (photo / video storage) is that important, then perhaps he wants to do soemthing else ... but for a cheap way to get tons of storage, ZFS can't be beat. ZFS has got it's caveats and gotchas - you *must* tune your FreeBSD installation to get stability. See here: http://wiki.freebsd.org/ZFSTuningGuide I'm running a fileserver-in-a-closet (patent pending) on FreeBSD 7.0- amd64, with 10x250GB drives in a single RAIDZ2 for my home storage needs. I'm using old Maxtor SATA150 drives, which are desktop class. Several of them have had to remap sectors while being a part of the array, and I've never had ZFS complain, nor had the drive be dropped by the OS. I'd suggest that the OP and yourself do some in-depth reading about ZFS and how it works. The best documentation I've found as yet is here: http://opensolaris.org/os/community/zfs/docs/ondiskformat0822.pdf Charles Richards richar...@gmail.com charlesrichards.net On Jan 2, 2009, at 8:07 AM, Wojciech Puchar wrote: Hi freebsd-questions, For personal use (photo/video storage), I'm looking into creating a huge single ZFS (raidz) volume that will replace my current collection of drives used as storage. I'm thinking 4*1TB drives in RAID5(z). My question is regarding the flavour of drivers that one can choose from: Desktop class drives, or the so called RAID/Enterprise class drives. but cheap drives they are OK. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
other ways to compromise Your systems. if one really care then make your VPN for all your computers, use one that is unknown for others to download portsnap etc. and then use rsync to populate it to other machines. I'm already getting the files from one location and disseminate them via rsync-over-SSH-over-VPNs to the server farms. But the problem is the initial download from a cvsup mirror. That's the one I'm really concerned with. just use widely-unknown computer like your private, even better - something that have dynamic IP :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
ZFS still doesn't work as described ... Is that comment FreeBSD specifc, or aimed at ZFS in general? general. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Suddenly shutdown -p now produces a reboot
Leslie Jensen wrote: I have a Server with Squid, 7.0-RELEASE-p4 FreeBSD, squid-3.0.11, that has been running fine for the last six months, at least. It is shutdown every night at 7 PM via cron. Now suddenly the machine is rebooting instead, and I've made no changes whatsoever. I'm wondering if this is a symptom of a coming hardware failure or if I can do something to get the normal behaviour back. I did have a similar problem when I first put the machine into production, then it was clear from /var/log/messages that squid did not have enough time to shutdown and I solved it by changeing the parameter rcshutdown_timeout=90 i rc.conf. Here's a piece of /var/log/messages --- snip Jan 1 19:05:00 server01 shutdown: power-down by root: Jan 1 19:05:33 server01 squid[823]: Squid Parent: child process 826 exited with status 0 Jan 1 19:05:34 server01 named[718]: stopping command channel on 127.0.0.1#953 Jan 1 19:05:34 server01 named[718]: stopping command channel on ::1#953 Jan 1 19:05:34 server01 named[718]: exiting Jan 1 19:05:36 server01 syslogd: exiting on signal 15 Jan 1 19:07:29 server01 syslogd: kernel boot file is /boot/kernel/kernel Jan 1 19:07:29 server01 kernel: Copyright (c) 1992-2008 The FreeBSD Project. Jan 1 19:07:29 server01 kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1 989, 1991, 1992, 1993, 1994 Jan 1 19:07:29 server01 kernel: The Regents of the University of California. All rights reserved. --- snip Thanks /Leslie Leslie, I've got a gateway (talking pc mfg, not role) that does that. It's always rebooted on a request to shutdown. A fix, if I remember it right, that didn't last long was to go into BIOS and toggle the BIOS power management features. IIRC, it was set to disable, and I enabled it. Since then, i haven't really used that gateway anymore. You have to consider that some PCI devices can power-on a box (think: Remote Wakeup [which is done over the LAN]). The times that it does actually do it, don't bother me, i'll get around to forcing it down with a power button or power cord when it bugs me enough that it's still powered on. :) -- Tim Judd I will top-post when I feel like it. For those who are so demanding everyone bottom-post, You'll just have to forgive others when they choose to top-post. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Urgent help needed please: Gvinum problem
Hi, We had a power lost even though we have ups and generators (still investigating it) and when the machine rebooted one of the disk seems to be failed : The system complains about fsck repaired failed and that I must run it manually. It then boots in single user mode. I entered gvinum and pressed l to see the status of the drive and I get this: My volume is UP My plex is shown as degraded I have 3 of the 4 subdisks shown as UP the 4th is shown as down. Running gvinum /dev/gvinum/RAID5 which is the name of my volume gets me this error: ** /dev/gvinum/RAID5 Cannot find file system superblock Ioctl (GCINFO): Inapropriate ioctl for device fsck_ufs: /dev/gvinum/RAID5: cant read disk label I tried bsdlabel gvinum/RAID5 it tells me there is no valid label found Does anyone knows what I can try to try to put back system online (at least, so I can restore a backup on the disk) Thanks ~~ Ian Lord MSD Informatique 1711 Montée Major Terrebonne (Québec) J7M 1E6 Tél: (514) 776-MSDI - (514) 776-6734 Sans Frais: 1(877) 776-MSDI - 1(877) 776-6734 http://www.msdi.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Urgent help needed please: Gvinum problem
Hi, We had a power lost even though we have ups and generators (still investigating it) and when the machine rebooted one of the disk seems to be failed : The system complains about fsck repaired failed and that I must run it manually. It then boots in single user mode. I entered gvinum and pressed l to see the status of the drive and I get this: My volume is UP My plex is shown as degraded I have 3 of the 4 subdisks shown as UP the 4th is shown as down. Running gvinum /dev/gvinum/RAID5 which is the name of my volume gets me this error: ** /dev/gvinum/RAID5 Cannot find file system superblock Ioctl (GCINFO): Inapropriate ioctl for device fsck_ufs: /dev/gvinum/RAID5: cant read disk label I tried bsdlabel gvinum/RAID5 it tells me there is no valid label found Does anyone knows what I can try to try to put back system online (at least, so I can restore a backup on the disk) Thanks p.s. Please reply to me also as I am a digest member thanks ~~ Ian Lord MSD Informatique 1711 Montée Major Terrebonne (Québec) J7M 1E6 Tél: (514) 776-MSDI - (514) 776-6734 Sans Frais: 1(877) 776-MSDI - 1(877) 776-6734 http://www.msdi.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: HowTo configure WPA[2] ath0 [wlan0] on up to date 8.0-CURRENT
On Fri, Jan 2, 2009 at 10:36 AM, ec...@casasponti.net wrote:
I'm currently using wep at home and in the office configured from rc.conf.
example:
ifconfig_wlan0=DHCP ssid virus wepmode on wepkey 1:0x2373FE9515 weptxkey 1
I'm traveling and haven't been able to connect to hotspots that are using
wpa[2]. The handbook isn't up to date and I have been looking for over a
week unsuccessfully. As far as I know there isn't an X utility to do this
from and I've tried wpa_suplicant.conf with a router here but since I don't
understand it, I'm sure it is incorrect (plus the important clue that it
doesn't work) Hopefully this is an easier and simpler way to do this.
The wpa_supplicant.conf configuration that I've tested is:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
## eapol_version=1
ap_scan=1
fast_reauth=1
network={
scan_ssid=1
proto=WPA2
ssid=TestRouter
## bssid=[mac address of your access point here]
## key_mgmt=WPA-PSK
## pairwise=TKIP
## psk=[i forgot what this is, presumably the md5 of the passphrase.]
password=Testing123
}
Any suggestions for getting out of this glass of water that I'm drowning in
would be greatly appreciated.
Handbook: Section 31
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html#NETWORK-WIRELESS
HTML Manpage for wpa_supplicant.conf:
http://www.freebsd.org/cgi/man.cgi?query=wpa_supplicant.confsektion=5
proto List of acceptable protocols; one or more of: WPA (IEEE
802.11i/D3.0) and RSN (IEEE 802.11i). WPA2 is another name for
RSN. If not set this defaults to WPA RSN.
I have 7.0-RELEASE working perfectly with WPA2/CCMP (using AES), so I
can't imagine that 8 would break it that badly, but I could be wrong..
Here's my (very simple) wpa_supplicant.conf (psk edited, of course):
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
eapol_version=1
ap_scan=1
fast_reauth=1
# Home:
network={
ssid=none
scan_ssid=1
key_mgmt=WPA-PSK
psk=x}]{-9jimCm`6V:LI#HiLa[Q5\jL/b;R:2)/%HU#zW=:?K?PP8mx48`Jvx-K
}
HTH
~MD
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Urgent help needed please: Gvinum problem
Ian Lord wrote: Hi, We had a power lost even though we have ups and generators (still investigating it) and when the machine rebooted one of the disk seems to be failed : The system complains about fsck repaired failed and that I must run it manually. It then boots in single user mode. I entered gvinum and pressed “l” to see the status of the drive and I get this: My volume is UP My plex is shown as degraded I have 3 of the 4 subdisks shown as UP the 4th is shown as down. Running “gvinum /dev/gvinum/RAID5” which is the name of my volume gets me this error: ** /dev/gvinum/RAID5 Cannot find file system superblock Ioctl (GCINFO): Inapropriate ioctl for device fsck_ufs: /dev/gvinum/RAID5: can’t read disk label I tried “bsdlabel gvinum/RAID5” it tells me there is no valid label found Does anyone knows what I can try to try to put back system online (at least, so I can restore a backup on the disk) I'm trying to find my vinum notes, but can't as of yet... What does a: # fsck -y /dev/gvinum/RAID5 ...yield...anything? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Urgent help needed please: Gvinum problem
Hi, We had a power lost even though we have ups and generators (still investigating it) and when the machine rebooted one of the disk seems to be failed : The system complains about fsck repaired failed and that I must run it manually. It then boots in single user mode. I entered gvinum and pressed l to see the status of the drive and I get this: My volume is UP My plex is shown as degraded I have 3 of the 4 subdisks shown as UP the 4th is shown as down. Running gvinum /dev/gvinum/RAID5 which is the name of my volume gets me this error: ** /dev/gvinum/RAID5 Cannot find file system superblock Ioctl (GCINFO): Inapropriate ioctl for device fsck_ufs: /dev/gvinum/RAID5: can't read disk label I tried bsdlabel gvinum/RAID5 it tells me there is no valid label found Does anyone knows what I can try to try to put back system online (at least, so I can restore a backup on the disk) I'm trying to find my vinum notes, but can't as of yet... What does a: # fsck -y /dev/gvinum/RAID5 ...yield...anything? Steve ~ Same :( But thanks all, I just did a newfs and currently restoring backups on it Strange... Last time I will will gvinum, nothing as stable as a hardware controller I guess :( ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
On Fri, Jan 02, 2009 at 10:53:29PM +0100, Wojciech Puchar wrote: other ways to compromise Your systems. if one really care then make your VPN for all your computers, use one that is unknown for others to download portsnap etc. and then use rsync to populate it to other machines. I'm already getting the files from one location and disseminate them via rsync-over-SSH-over-VPNs to the server farms. But the problem is the initial download from a cvsup mirror. That's the one I'm really concerned with. just use widely-unknown computer like your private, even better - something that have dynamic IP :) You wouldn't log in to your bank and rely on the assumption that your connection is NOT being actively monitored and that data could potentially be modified en-route. That's why such connections are always SSL-encoded, and why iTANs and other means are being used: the underlying TCP connection is ASSUMED to be insecure by default, and that is prudent to do. As an example: many UK users were surprised a little while ago to learn that their traffic was potentially being filtered by big transparent proxies, when some watchdog organisation required their ISPs to do so: http://en.wikipedia.org/wiki/Internet_Watch_Foundation_and_Wikipedia If this is technically possible (and it is), then you want a way to know that the sources you've downloaded in your country ARE actually the sources that are on the mirror or master sites, and have not been modified on-the-fly by similar technology. This is important, really important, and not only for individuals, but also for companies that what to avoid industrial espionnage and some such. It's also vital for individuals in countries with repressive regimes that want to routinely spy on their Internet users. That's why signed trusted lists of digests are needed: basically, you can't rely on the ISPs NOT to interfere with your traffic (and it doesn't matter if they're compelled by law to do it, or if they or some interloper did it illegally). It's the matter of being confident that what you've downloaded was actually also what you've asked for. ;) -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Nice web interface or music?
On Fri, Jan 2, 2009 at 2:04 AM, stan st...@panix.com wrote: On Thu, Jan 01, 2009 at 06:15:15PM -0800, George Hartzell wrote: In addition to the java clients, you can also go lower tech. and try this: http://www.ex-parrot.com/~pdw/slimp3slave/ or even the lower tech comment from that web site: [...] to running mpg123 http://slimserver:9000/stream.mp3 I am begining to think, from this and some other replies that I have ecieved, that I was not clear in my original question. Let me clarify. What I am looking for is a package, that will allow remote users to access MP#'s stored on my machine, from a web based interface, that presents the files in an organized fashion. I think that the remote userrs should be able to play these files using the built in capabilites of thier web browser to send the files to an appropriate program running on thier local machine (EG Winamp). In addition, I want these userrs to be able to downlaod the MP3's to thier local machine, so that they can put them on thier local laptop, or Ipod, or whatever. Is this clearer? I've had decent luck with /usr/ports/audio/gnump3d/ Home page: http://www.gnu.org/software/gnump3d/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
high interrupt level
Hello, A Dell Poweregde 1850 constantly spents about one third of its time in interrupt 16. This box has run for a year without this issue. It has an almost generic kernel, only quotas are compiled in. Rebooting (without ipmi) does not help nor updating; the issue was already present before updating to 6.4 p1, but persists. The software hardly changes, except that ipmitool is recently installed to monitor temperatures. I tried to replicate the issue by loading / unloading the ipmi kernel module on a similiar box, but running 7.0-RELEASE-p7 . This does not lead to any problem however. Any pointers would be appreciated. It might not at all be related to ipmi, but I suspect it to be cause since it is the only change and I loaded a kernel module for it. Jeroen Hofstee last pid: 12675; load averages: 1.27, 0.75, 0.65 up 6+05:56:47 23:50:57 85 processes: 1 running, 84 sleeping CPU: 0.3% user, 0.0% nice, 0.3% system, 33.8% interrupt, 65.5% idle Mem: 174M Active, 1514M Inact, 209M Wired, 88M Cache, 112M Buf, 14M Free Swap: 2048M Total, 28K Used, 2048M Free FreeBSD vh3.virtualhost.nl 6.4-RELEASE-p1 FreeBSD 6.4-RELEASE-p1 #2: Tue Dec 23 23:50:15 CET 2008 vmstat -i interrupt total rate irq14: ata0 47 0 irq16: uhci0 313487360578 irq18: uhci2 16 0 irq23: ehci0 3 0 irq34: mpt0 16 0 irq37: amr0 8894886 16 irq64: em0 54502901100 cpu0: timer904348488 1669 cpu1: timer1 0 cpu2: timer 1058243496 1953 cpu3: timer1 0 Total 2339477215 4317 vh3# kldstat Id Refs AddressSize Name 17 0xc040 7dbd28 kernel 22 0xc0bdc000 5c838acpi.ko 31 0xc6d1 d000 ipfw.ko 41 0xc6f0b000 2000 accf_http.ko 51 0xcc472000 a000 ipmi.ko 61 0xcc47c000 2000 smbus.ko Copyright (c) 1992-2008 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.4-RELEASE-p1 #2: Tue Dec 23 23:50:15 CET 2008 r...@vh3.virtualhost.nl:/usr/obj/usr/src/sys/VIRTUALHOST Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.70-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf43 Stepping = 3 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x641dSSE3,RSVD2,MON,DS_CPL,CNXT-ID,CX16,xTPR AMD Features=0x2010NX,LM Logical CPUs per core: 2 real memory = 2147221504 (2047 MB) avail memory = 2091900928 (1994 MB) ACPI APIC Table: DELL PE BKC FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 6 cpu3 (AP): APIC ID: 7 ioapic0: Changing APIC ID to 8 ioapic1: Changing APIC ID to 9 ioapic2: Changing APIC ID to 10 ioapic0 Version 2.0 irqs 0-23 on motherboard ioapic1 Version 2.0 irqs 32-55 on motherboard ioapic2 Version 2.0 irqs 64-87 on motherboard kbd1 at kbdmux0 ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) hptrr: HPT RocketRAID controller driver v1.1 (Dec 23 2008 23:49:48) acpi0: DELL PE BKC on motherboard acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 acpi_hpet0: High Precision Event Timer iomem 0xfed0-0xfed003ff on acpi0 Timecounter HPET frequency 14318180 Hz quality 900 cpu0: ACPI CPU on acpi0 cpu1: ACPI CPU on acpi0 cpu2: ACPI CPU on acpi0 cpu3: ACPI CPU on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib1: ACPI PCI-PCI bridge at device 2.0 on pci0 pci1: ACPI PCI bus on pcib1 pcib2: ACPI PCI-PCI bridge at device 0.0 on pci1 pci2: ACPI PCI bus on pcib2 mpt0: LSILogic 1030 Ultra4 Adapter port 0xec00-0xecff mem 0xdfdf-0xdfdf,0xdfde-0xdfde irq 34 at device 5.0 on pci2 mpt0: [GIANT-LOCKED] mpt0: MPI Version=1.2.12.0 pcib3: ACPI PCI-PCI bridge at device 0.2 on pci1 pci3: ACPI PCI bus on pcib3 amr0: LSILogic MegaRAID 1.53 mem 0xd8ff-0xd8ff irq 37 at device 11.0 on pci3 amr0: delete logical drives supported by controller amr0: LSILogic PERC 4/SC Firmware 350O, BIOS 1.09, 64MB RAM pcib4: ACPI PCI-PCI bridge at device 4.0 on pci0 pci4: ACPI PCI bus on pcib4 pcib5: ACPI PCI-PCI bridge at device 5.0 on pci0 pci5: ACPI PCI bus on pcib5 pcib6: ACPI PCI-PCI bridge at device 0.0 on pci5 pci6: ACPI PCI bus on pcib6 em0: Intel(R)
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
dick hoogendijk wrote: On Fri, 2 Jan 2009 15:17:30 -0500 stan st...@panix.com wrote: On Fri, Jan 02, 2009 at 05:48:27PM +0100, Wojciech Puchar wrote: think twice before doing. Could you elaborate please ? ZFS still doesn't work as described ... Is that comment FreeBSD specifc, or aimed at ZFS in general? Mind you, ZFS on FreeBSD is not the same as on OpenSolaris-2008.11, Nevada or even Solaris 10. On those platforms ZFS generally does what it is supposed to do, other than it's still a developing FS. On *BSD related systems that is not always the case. Do a good readup. I had problems with ZFS about a year ago (or so). Since then, for me, ZFS has been quite reliable: amanda# zpool list NAMESIZEUSED AVAILCAP HEALTH ALTROOT storage1.82T 1.21T623G66% ONLINE - amanda# zpool status NAMESTATE READ WRITE CKSUM storage ONLINE 0 0 0 raidz1ONLINE 0 0 0 ad0 ONLINE 0 0 0 ad2 ONLINE 0 0 0 ad4 ONLINE 2 0 0 ad6 ONLINE 0 1 0 ...with four drives as such (I'd call them 'resi' or 'home-user' quality: ad2: 476940MB WDC WD5000AAKS-00A7B0 01.03B01 at ata1-master SATA300 This machine, which runs AMANDA backup archiver, backing up ~8 FreeBSD servers at about 120Mbps network every night is: amanda# uname -a FreeBSD amanda.x 7.0-STABLE FreeBSD 7.0-STABLE #0: Thu Jul 17 15:24:40 UTC 2008 st...@x:/usr/obj/usr/src/sys/GENERIC i386 I've pushed the machine to 686Mbps network @225kpps, including FBSD SCP and Windows NetBIOS clients while running iperf on other boxen and was still able to write/read to the storage. Instead of this one-liner crap 'don't do it' information to the users of this list, lets begin explaining *why* its not working, and start providing coherent solutions as to how the OP can work around the issue, huh? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
high interrupt level
Hello, A Dell Poweregde 1850 constantly spents about one third of its time in interrupt 16. This box has run for a year without this issue. It has an almost generic kernel, only quotas are compiled in. Rebooting (without ipmi) does not help nor updating; the issue was already present before updating to 6.4 p1, but persists. The software hardly changes, except that ipmitool is recently installed to monitor temperatures. I tried to replicate the issue by loading / unloading the ipmi kernel module on a similiar box, but running 7.0-RELEASE-p7 . This does not lead to any problem however. Any pointers would be appreciated. It might not at all be related to ipmi, but I suspect it to be cause since it is the only change and I loaded a kernel module for it. Jeroen Hofstee last pid: 12675; load averages: 1.27, 0.75, 0.65 up 6+05:56:47 23:50:57 85 processes: 1 running, 84 sleeping CPU: 0.3% user, 0.0% nice, 0.3% system, 33.8% interrupt, 65.5% idle Mem: 174M Active, 1514M Inact, 209M Wired, 88M Cache, 112M Buf, 14M Free Swap: 2048M Total, 28K Used, 2048M Free FreeBSD vh3.virtualhost.nl 6.4-RELEASE-p1 FreeBSD 6.4-RELEASE-p1 #2: Tue Dec 23 23:50:15 CET 2008 vmstat -i interrupt total rate irq14: ata0 47 0 irq16: uhci0 313487360578 irq18: uhci2 16 0 irq23: ehci0 3 0 irq34: mpt0 16 0 irq37: amr0 8894886 16 irq64: em0 54502901100 cpu0: timer904348488 1669 cpu1: timer1 0 cpu2: timer 1058243496 1953 cpu3: timer1 0 Total 2339477215 4317 vh3# kldstat Id Refs AddressSize Name 17 0xc040 7dbd28 kernel 22 0xc0bdc000 5c838acpi.ko 31 0xc6d1 d000 ipfw.ko 41 0xc6f0b000 2000 accf_http.ko 51 0xcc472000 a000 ipmi.ko 61 0xcc47c000 2000 smbus.ko Copyright (c) 1992-2008 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 6.4-RELEASE-p1 #2: Tue Dec 23 23:50:15 CET 2008 r...@vh3.virtualhost.nl:/usr/obj/usr/src/sys/VIRTUALHOST Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.70-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf43 Stepping = 3 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE Features2=0x641dSSE3,RSVD2,MON,DS_CPL,CNXT-ID,CX16,xTPR AMD Features=0x2010NX,LM Logical CPUs per core: 2 real memory = 2147221504 (2047 MB) avail memory = 2091900928 (1994 MB) ACPI APIC Table: DELL PE BKC FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 6 cpu3 (AP): APIC ID: 7 ioapic0: Changing APIC ID to 8 ioapic1: Changing APIC ID to 9 ioapic2: Changing APIC ID to 10 ioapic0 Version 2.0 irqs 0-23 on motherboard ioapic1 Version 2.0 irqs 32-55 on motherboard ioapic2 Version 2.0 irqs 64-87 on motherboard kbd1 at kbdmux0 ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) hptrr: HPT RocketRAID controller driver v1.1 (Dec 23 2008 23:49:48) acpi0: DELL PE BKC on motherboard acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x808-0x80b on acpi0 acpi_hpet0: High Precision Event Timer iomem 0xfed0-0xfed003ff on acpi0 Timecounter HPET frequency 14318180 Hz quality 900 cpu0: ACPI CPU on acpi0 cpu1: ACPI CPU on acpi0 cpu2: ACPI CPU on acpi0 cpu3: ACPI CPU on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 pcib1: ACPI PCI-PCI bridge at device 2.0 on pci0 pci1: ACPI PCI bus on pcib1 pcib2: ACPI PCI-PCI bridge at device 0.0 on pci1 pci2: ACPI PCI bus on pcib2 mpt0: LSILogic 1030 Ultra4 Adapter port 0xec00-0xecff mem 0xdfdf-0xdfdf,0xdfde-0xdfde irq 34 at device 5.0 on pci2 mpt0: [GIANT-LOCKED] mpt0: MPI Version=1.2.12.0 pcib3: ACPI PCI-PCI bridge at device 0.2 on pci1 pci3: ACPI PCI bus on pcib3 amr0: LSILogic MegaRAID 1.53 mem 0xd8ff-0xd8ff irq 37 at device 11.0 on pci3 amr0: delete logical drives supported by controller amr0: LSILogic PERC 4/SC Firmware 350O, BIOS 1.09, 64MB RAM pcib4: ACPI PCI-PCI bridge at device 4.0 on pci0 pci4: ACPI PCI bus on pcib4 pcib5: ACPI PCI-PCI bridge at device 5.0 on pci0 pci5: ACPI PCI bus on pcib5 pcib6: ACPI PCI-PCI bridge at device 0.0 on pci5 pci6: ACPI PCI bus on pcib6 em0: Intel(R) PRO/1000
Re: Using HDD's for ZFS: 'desktop' vs 'raid / enterprise' -edition drives?
Steve Bertrand wrote: dick hoogendijk wrote: On Fri, 2 Jan 2009 15:17:30 -0500 stan st...@panix.com wrote: On Fri, Jan 02, 2009 at 05:48:27PM +0100, Wojciech Puchar wrote: think twice before doing. Could you elaborate please ? ZFS still doesn't work as described ... Is that comment FreeBSD specifc, or aimed at ZFS in general? Mind you, ZFS on FreeBSD is not the same as on OpenSolaris-2008.11, Nevada or even Solaris 10. On those platforms ZFS generally does what it is supposed to do, other than it's still a developing FS. On *BSD related systems that is not always the case. Do a good readup. I had problems with ZFS about a year ago (or so). Since then, for me, ZFS has been quite reliable: I forgot to mention... the Since then should have also included that at the time of unreliability, I was testing a new NVidia motherboard. Since then, I've swapped out the board to an Intel hardware platform. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
two ethernet cards
hi i have two ethernet cards on my box uname -a FreeBSD dexter 7.0-RELEASE Freebsd 7.0-RELEASE #5: Fri Jan 2 21:25:21 CET 2009 r...@dexter:/usr/obj/usr/src/sys/DEXTER i386 ifconfig rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8VLAN_MTU ether XX:XX:XX:XX:XX:XX inet 192.168.0.177 netmask 0xff00 broadcast 192.168.0.255 media: Ethernet 100baseTX status: active sk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM,TXCSUM,VLAN_MTU ether XX:XX:XX:XX:XX:XX inet 192.168.0.176 netmask 0xff00 broadcast 192.168.0.255 media: Ethernet 100baseTX (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 when I want to ping sk0 from eth0 on linux box, ping is ok, but this message appears to me in freebsd console Jan 3 01:07:39 dexter kernel: arp: 192.168.0.2 is on rl0 but got reply from XX:XX:XX:XX:XX:XX on sk0 linux command ping -I eth0 192.168.0.176 linux ifconfig eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20a:e4ff:fef3:abb6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:88 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:180 (180.0 B) TX bytes:11542 (11.2 KB) Interrupt:22 Base address:0x3000 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:416 errors:0 dropped:0 overruns:0 frame:0 TX packets:416 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:25130 (24.5 KB) TX bytes:25130 (24.5 KB) wlan0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:192.168.0.173 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::214:a4ff:fe79:3cbc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:30030 errors:0 dropped:0 overruns:0 frame:0 TX packets:25399 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:32882410 (31.3 MB) TX bytes:3522346 (3.3 MB) mac adres from eth0 on linux machine is same as from the error output on bsd thank you a lot stewe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: two ethernet cards
Stefan Miklosovic wrote: hi i have two ethernet cards on my box uname -a FreeBSD dexter 7.0-RELEASE Freebsd 7.0-RELEASE #5: Fri Jan 2 21:25:21 CET 2009 r...@dexter:/usr/obj/usr/src/sys/DEXTER i386 ifconfig rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8VLAN_MTU ether XX:XX:XX:XX:XX:XX inet 192.168.0.177 netmask 0xff00 broadcast 192.168.0.255 media: Ethernet 100baseTX status: active sk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=bRXCSUM,TXCSUM,VLAN_MTU ether XX:XX:XX:XX:XX:XX inet 192.168.0.176 netmask 0xff00 broadcast 192.168.0.255 media: Ethernet 100baseTX (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 when I want to ping sk0 from eth0 on linux box, ping is ok, but this message appears to me in freebsd console Jan 3 01:07:39 dexter kernel: arp: 192.168.0.2 is on rl0 but got reply from XX:XX:XX:XX:XX:XX on sk0 linux command ping -I eth0 192.168.0.176 linux ifconfig eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20a:e4ff:fef3:abb6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:88 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:180 (180.0 B) TX bytes:11542 (11.2 KB) Interrupt:22 Base address:0x3000 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:416 errors:0 dropped:0 overruns:0 frame:0 TX packets:416 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:25130 (24.5 KB) TX bytes:25130 (24.5 KB) wlan0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX inet addr:192.168.0.173 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::214:a4ff:fe79:3cbc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:30030 errors:0 dropped:0 overruns:0 frame:0 TX packets:25399 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:32882410 (31.3 MB) TX bytes:3522346 (3.3 MB) mac adres from eth0 on linux machine is same as from the error output on bsd thank you a lot In each of the above [linux and freebsd] you have two NICs in the same subnet. In each, move one to another subnet such as 192.168.1.x /24. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Foiling MITM attacks on source and ports trees
On Fri, 02 Jan 2009 17:30:12 + Vincent Hoffman vi...@unsane.co.uk wrote: Admittedly this doesn't give a file by file checksum That's not really a problem, it's no easier to create a collision in a .gz file than a patch file. The more substantial weakness is that the key is verified against a hash stored on the original installation media. If someone went to the trouble of diverting dns or routing to create a fake FreeBSD site they would presumably make it self-consistent down to the ISO checksums. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Tool for traffic measure?
Hello, I got a subnet with 5 machines and a cablemodem who provides 5 public ips All is conected to a switch. One of the machines is not ours and we want to check it is not abuseing our internet link, so we want to know if there is any way to monitor bandwich usage from one of the other machines in the subnet with no need to modify the foreing machine config. Something like use tcpdump in promiscuos mode or something like that, we doesnt matter the content, we just need a bandwich conssumption meassure. Thanks for any ideas. Sdav ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ktorrent-3.1.5 pkg file
Does anyone have the pkg file for ktorrent-3.1.5 for a AMD64 bit system as im having a lot of troubles wqith my QT4 version so can only upgrade via the pkg add an using the -r dosent fetch 3.1.5 version. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Tool for traffic measure?
On Fri, Jan 2, 2009 at 9:21 PM, Sdävtaker sdavta...@gmail.com wrote: Hello, I got a subnet with 5 machines and a cablemodem who provides 5 public ips All is conected to a switch. One of the machines is not ours and we want to check it is not abuseing our internet link, so we want to know if there is any way to monitor bandwich usage from one of the other machines in the subnet with no need to modify the foreing machine config. Something like use tcpdump in promiscuos mode or something like that, we doesnt matter the content, we just need a bandwich conssumption meassure. Thanks for any ideas. Sdav You have several options: 1) If the switch has some intelligence, you can monitor it to measure bandwidth consumption. There are two ways to do this: a) if the switch implements SNMP, you can use mrtg (simple) or cacti (not so simple) to graph bandwidth on the switch by port and in total b) if the switch can mirror all of the data going across the switch to a port on the switch, you can use ntop to graph traffic. It only shows the top three bandwidth consumers at any given time, but i) it does have very nice graphing, and if the machine you are concerned about is consuming more than its fair share it will show, and ii) you can use standard bpf filters to capture utilization for just that box. 2) if you have a spare machine, you can put two NICs in it, and use it as a bridge between the switch and the router. This is a bit more complicated, but it allows you to implement either option 1a or 1b above. Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Tool for traffic measure?
On Jan 2, 2009, at 11:21 PM, Sdävtaker wrote: Hello, I got a subnet with 5 machines and a cablemodem who provides 5 public ips All is conected to a switch. One of the machines is not ours and we want to check it is not abuseing our internet link, so we want to know if there is any way to monitor bandwich usage from one of the other machines in the subnet with no need to modify the foreing machine config. Something like use tcpdump in promiscuos mode or something like that, we doesnt matter the content, we just need a bandwich conssumption meassure. Thanks for any ideas. Buy a smarter switch and do the traffic counts in the switch. As things stand the switch is isolating all 5 machines from each other, none hear what the others have to say to the cable modem, so there is no way you can sniff the other's traffic. If instead of a switch you had a dumb hub then all machines would hear what all the other machines were saying to each other and the cable modem. Is very hard to buy a dumb hub these days. Is easier to buy a smarter switch. A configurable smart switch can deliver the questionable machine's traffic to both the cable modem and to one of your machines but there is no point unless you want/need to see the contents of the packets. A switch that smart should also be able to count packets and tally total byte counts. If I understand correctly that is all you want. -- David Kelly N4HHE, dke...@hiwaay.net Whom computers would destroy, they must first drive mad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
