Re: Question about a possible missing line/entry for file UPDATING (from http://svnweb.freebsd.org) - 8.4-RELEASE plus branches
Note that, as opposed to you, I'm tracking 8-STABLE and not 8.4-RELEASE ! UPDATING: $FreeBSD: src/UPDATING,v 1.632.2.39 2013/08/23 15:21:39 svnexp Exp $ newvers.sh: # $FreeBSD: src/sys/conf/newvers.sh,v 1.83.2.25 2013/08/07 08:26:07 svnexp Exp $ I'll check our clusters of firewalls to see if I've got any 8.4-RELEASE box lying around, but don't hold your breath, we almost universally track 8-STABLE... On 4 September 2013 00:49, Pablo Carboni pcarb...@gmail.com wrote: Hello Damien, (First at all, thanks for your response). I do not want to insist too much with this silly thing, but(just in case) I've updated my sources today from svn0.us-west.freebsd.org(base/releng/8.4), - previously to my first e-mail - and: (Argentina's current TZ is GMT-3) -rw-r--r-- 1 root wheel 74967 Sep 3 12:11 /usr/src/UPDATING The 'grepped' lines, shows me: 8.3-RELEASE [...] 8.0-RELEASE (But 8.4 still doesn't appear). (However, while grepping first lines in /usr/src/sys/conf/newvers.sh shows me: # $FreeBSD: releng/8.4/sys/conf/newvers.sh 254632 2013-08-22 00:51:56Z delphij $ TYPE=FreeBSD REVISION=8.4 BRANCH=RELEASE-p3 (Same svn id for UPDATING/newvers.sh). Any clues? (What's your svn $Id for UPDATING? - I mean, the whole line, the last) Thanks a lot! Regards, Pablo Carboni. P.S.: The same happens for svn0.us-east.freebsd.org/base/releng/8.4/UPDATING. http://svn0.us-east.freebsd.org/base/releng/8.4/UPDATING (Maybe I'm afraid for local syncing problems on my fbsd server) On Tue, Sep 3, 2013 at 7:13 PM, Damien Fleuriot m...@my.gd wrote: From: -rw-r--r-- 1 root wheel 75631 Aug 27 12:46 /usr/src/UPDATING 20130607: 8.4-RELEASE. On 3 September 2013 18:16, Pablo Carboni pcarb...@gmail.com wrote: Dear Sirs, Just for curious, today I was looking for the date/entry that belongs to FreeBSD 8.4-RELEASE inside UPDATING file, with no luck. Maybe I've made a mistake and I was looking inside a wrong file/url? It doesn't appear, neither http://svnweb.freebsd.org/base/release/8.4.0/UPDATING?revision=251259view=markup (RELEASE branch) nor http://svnweb.freebsd.org/base/releng/8.4/UPDATING?view=markuppathrev=254632 (RELENG branch, currently last revision). (This 'little detail' includes sources for 8.4-RELEASE and branch 8.4-RELEASE-p3, which I've downloaded recently). A quick dirty search I've did on a 8.4-RELEASE-p3 box: grep 8\..*-RELEASE /usr/src/UPDATING (There is no reference for '8.4') Thanks in advance! Regards, Pablo Carboni ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Question about a possible missing line/entry for file UPDATING (from http://svnweb.freebsd.org) - 8.4-RELEASE plus branches
However minor the issue seems, I think it warrants a PR, if at least so the entry is added for the next revision of 8.4-RELEASE. Regarding -STABLE, while I respect your decision to be conservative and run -RELEASE, I'd like to point out we've not run into any problem here, in over 3 years with ~40 firewall boxes. On 4 September 2013 17:48, Pablo Carboni pcarb...@gmail.com wrote: Dear Damien, I use to install and update 'Releng' releases (plus patches, but not stable releases) in our production servers (Ok, I agree stable is fine, but my main reason is to be conservative under some circunstances). (BTW, You're right, on 8-STABLE branch, it appears the 'missing' line I was looking for) Just as a last comment, I've found this 'normal line' on stable branch (but not on release/releng): http://svnweb.freebsd.org/base/stable/8/UPDATING?view=log Revision *251500*http://svnweb.freebsd.org/base?view=revisionrevision=251500 - (viewhttp://svnweb.freebsd.org/base/stable/8/UPDATING?revision=251500view=markup) (downloadhttp://svnweb.freebsd.org/base/stable/8/UPDATING?revision=251500view=co) (annotatehttp://svnweb.freebsd.org/base/stable/8/UPDATING?annotate=251500) - [select for diffs]http://svnweb.freebsd.org/base/stable/8/UPDATING?view=logr1=251500log_pagestart=0 Modified *Fri Jun 7 15:52:33 2013 UTC* (2 months, 4 weeks ago) by *pluknet * File length: 74494 byte(s) Diff to previous 251026http://svnweb.freebsd.org/base/stable/8/UPDATING?r1=251026r2=251500 Add the entry for 8.4-RELEASE. (I think it should be added by someone to 8.4 releng branch). If this is the case, shouldn't be sent this 'missing entry' to anyone by the means of 'PR' ? Thank you very much for your patience :) Regards, Pablo. On Wed, Sep 4, 2013 at 6:51 AM, Damien Fleuriot m...@my.gd wrote: Note that, as opposed to you, I'm tracking 8-STABLE and not 8.4-RELEASE ! UPDATING: $FreeBSD: src/UPDATING,v 1.632.2.39 2013/08/23 15:21:39 svnexp Exp $ newvers.sh: # $FreeBSD: src/sys/conf/newvers.sh,v 1.83.2.25 2013/08/07 08:26:07 svnexp Exp $ I'll check our clusters of firewalls to see if I've got any 8.4-RELEASE box lying around, but don't hold your breath, we almost universally track 8-STABLE... On 4 September 2013 00:49, Pablo Carboni pcarb...@gmail.com wrote: Hello Damien, (First at all, thanks for your response). I do not want to insist too much with this silly thing, but(just in case) I've updated my sources today from svn0.us-west.freebsd.org(base/releng/8.4), - previously to my first e-mail - and: (Argentina's current TZ is GMT-3) -rw-r--r-- 1 root wheel 74967 Sep 3 12:11 /usr/src/UPDATING The 'grepped' lines, shows me: 8.3-RELEASE [...] 8.0-RELEASE (But 8.4 still doesn't appear). (However, while grepping first lines in /usr/src/sys/conf/newvers.sh shows me: # $FreeBSD: releng/8.4/sys/conf/newvers.sh 254632 2013-08-22 00:51:56Z delphij $ TYPE=FreeBSD REVISION=8.4 BRANCH=RELEASE-p3 (Same svn id for UPDATING/newvers.sh). Any clues? (What's your svn $Id for UPDATING? - I mean, the whole line, the last) Thanks a lot! Regards, Pablo Carboni. P.S.: The same happens for svn0.us-east.freebsd.org/base/releng/8.4/UPDATING. http://svn0.us-east.freebsd.org/base/releng/8.4/UPDATING (Maybe I'm afraid for local syncing problems on my fbsd server) On Tue, Sep 3, 2013 at 7:13 PM, Damien Fleuriot m...@my.gd wrote: From: -rw-r--r-- 1 root wheel 75631 Aug 27 12:46 /usr/src/UPDATING 20130607: 8.4-RELEASE. On 3 September 2013 18:16, Pablo Carboni pcarb...@gmail.com wrote: Dear Sirs, Just for curious, today I was looking for the date/entry that belongs to FreeBSD 8.4-RELEASE inside UPDATING file, with no luck. Maybe I've made a mistake and I was looking inside a wrong file/url? It doesn't appear, neither http://svnweb.freebsd.org/base/release/8.4.0/UPDATING?revision=251259view=markup (RELEASE branch) nor http://svnweb.freebsd.org/base/releng/8.4/UPDATING?view=markuppathrev=254632 (RELENG branch, currently last revision). (This 'little detail' includes sources for 8.4-RELEASE and branch 8.4-RELEASE-p3, which I've downloaded recently). A quick dirty search I've did on a 8.4-RELEASE-p3 box: grep 8\..*-RELEASE /usr/src/UPDATING (There is no reference for '8.4') Thanks in advance! Regards, Pablo Carboni ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Question about a possible missing line/entry for file UPDATING (from http://svnweb.freebsd.org) - 8.4-RELEASE plus branches
From: -rw-r--r-- 1 root wheel 75631 Aug 27 12:46 /usr/src/UPDATING 20130607: 8.4-RELEASE. On 3 September 2013 18:16, Pablo Carboni pcarb...@gmail.com wrote: Dear Sirs, Just for curious, today I was looking for the date/entry that belongs to FreeBSD 8.4-RELEASE inside UPDATING file, with no luck. Maybe I've made a mistake and I was looking inside a wrong file/url? It doesn't appear, neither http://svnweb.freebsd.org/base/release/8.4.0/UPDATING?revision=251259view=markup (RELEASE branch) nor http://svnweb.freebsd.org/base/releng/8.4/UPDATING?view=markuppathrev=254632 (RELENG branch, currently last revision). (This 'little detail' includes sources for 8.4-RELEASE and branch 8.4-RELEASE-p3, which I've downloaded recently). A quick dirty search I've did on a 8.4-RELEASE-p3 box: grep 8\..*-RELEASE /usr/src/UPDATING (There is no reference for '8.4') Thanks in advance! Regards, Pablo Carboni ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Possibly OT: NFS vs SMB performance
On 6 Jul 2013, at 21:34, Martin Alejandro Paredes Sanchez mapsw...@prodigy.net.mx wrote: On Saturday 06 July 2013 01:55:31 Andrea Venturoli wrote: On 07/05/13 20:42, Terje Elde wrote: On 5. juli 2013, at 18:18, Andrea Venturoli m...@netfence.it wrote: Is this normal in your experience? Did you do them in that order, or did you do the smb (slow) one first? If the slow was first, I'm thinking caching on the server could be a major factor. Yesterday I did four test: _ SMB find resulting in over 10 minutes first time; _ SMB find resulting in nearly 10 minutes second time; _ NFS find resulting in a little over 1 minute first time; _ NFS find resulting in a little less than 1 minute second time. Today I tried again in reverse order: _ NFS find took 3 minutes; _ NFS find again took 21 seconds; _ SMB find took over 9 minutes; _ SMB find again took again over 9 minutes. So, while caching plays a role, it just isn't it. The server was possibly doing other things, so the above figures might not be that correct; however a difference in the magnitude order is just too big (and deterministic) to be considered random noise. the problem may be high log level for Samba You should read this http://www.hob-techtalk.com/2009/03/09/nfs-vs-cifs-aka-smb Wow wow wow, their numbers with SMB seem super low. They claim to get 80Mb/s NFS vs 7Mb SMB. I'm getting 80-100Mbs with samba here with a core i3, 4gb of RAM and a 12tb raidz2 pool on GREEN drives, which are definitely not server grade (replacing them with WD reds, btw). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: HP ILO FreeBSD 8.3 Installation problem
On 5 Jul 2013, at 00:01, bw.mail.lists bw.mail.li...@gmail.com wrote: On 7/4/2013 4:59 PM, Emre Çamalan wrote: Hi, I'm trying to install FreeBSD with an HP ILO 4 advanced, web interface. I tried to install FreeBSD 8.2, FreeBSD 8.3 and FreeBSD 8.4. I tried to use acd0 and cd0 as media. I got the same result. ERROR: I'm trying to add freebsd8.3iso from ILO such as virtual drive not from cd or dvd. We had a similar experience with Dell's DRAC and FreeBSD 9.1, after initial boot and kernel load it wasn't able to mount / from (virtual) cd. We ended up using an mfsBSD iso ( http://mfsbsd.vx.sk/ ), which doesn't mount from cd, but uses an .img loaded as memory disk. Didn't try the official bootonly iso or the USB image. Same here, boot from MFS, gpart manually, install manually, works like a charm. I actually do it for all our installs now, the procedure is quite scriptable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFS install on a partition
On 18 May 2013, at 01:15, Joshua Isom jri...@gmail.com wrote: Your hardware raid should be faster than ZFS raid. Don't use zfs raid because there will be no benefit. Self healing much ? I wouldn't dream of dropping it for a 20mb/s performance increase from a HW controller. What if the controller derps and writes bad data ? You'll get the performance of software raid using CPU time, along with lost space for already backed up data. ZFS should work fine. A lot of the tuning on the wiki page isn't needed anymore, so it's not too bad. The biggest thing to be careful with is upgrading your zpool, every so often your boot blocks may need updated and if you forget, you can't boot. You won't upgrade your pool often of course. Reliability shouldn't be an issue, it's FreeBSD. ZFS will make it easier to play around with jails, have fun and create a 1000 node beowulf on one system. On 5/17/2013 5:24 PM, b...@todoo.biz wrote: Hi, I have a question regarding ZFS install on a system setup using an Intel Modular. This system runs various flavor of FreeBSD and Linux using a shared pool (LUNs). These LUNs have been configured in RAID 6 using the internal controller (LSI logic). So from the OS point of view there is just a volume available. I know I should install a system using HBA and JBOD configuration - but unfortunately this is not an option for this server. What would you advise ? 1. Can I use an existing partition and setup ZFS on this partition using a standard Zpool (no RAID). 2. Should I use any other solution in order to setup this (like full ZFS install on disk using the entire pool with ZFS). 3. Should I avoid using ZFS since my system is not well tuned and It would be asking for trouble to use ZFS in these conditions. P.S. Stability is a must for this system - so I won't die if you answer 3 and tell me to keep on using UFS. Thanks. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ BSD - BSD - BSD - BSD - BSD - BSD - BSD - BSD - «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ PGP ID -- 0x1BA3C2FD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: external hdd
On 29 March 2013 18:06, Chuck Swiger cswi...@mac.com wrote: On Mar 28, 2013, at 2:10 PM, Laszlo Danielisz wrote: If I'm sharing an external 1TB HDD with FreeBSD and OS-X (I wan to use Time Machine), what is the best file system to use? Time Machine is only supported on top of journaled HFS+; I'm not sure how fusefs-hfs is doing on FreeBSD, though. Or you could setup multiple partitions and have an exFAT partition for data interchange between other OSes. Regards, -- -Chuck Now, unless I got things wrong, I believe you're mistaken. I, for instance, have a Time Machine server running on top of 10.0-CURRENT with ZFS. http://www.area536.com/projects/ironclad-time-machine-backups-on-freebsd/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: external hdd
On 30 March 2013 02:14, Shane Ambler free...@shaneware.biz wrote: On 30/03/2013 09:43, Chuck Swiger wrote: Hi-- On Mar 29, 2013, at 3:52 PM, Damien Fleuriot wrote: On 29 March 2013 18:06, Chuck Swiger cswi...@mac.com wrote: Time Machine is only supported on top of journaled HFS+; I'm not sure how fusefs-hfs is doing on FreeBSD, though. Or you could setup multiple partitions and have an exFAT partition for data interchange between other OSes. Now, unless I got things wrong, I believe you're mistaken. The key word above which folks might not be paying enough attention towards-- particularly in the context of a backup solution-- is supported. I, for instance, have a Time Machine server running on top of 10.0-CURRENT with ZFS. http://www.area536.com/**projects/ironclad-time-** machine-backups-on-freebsd/http://www.area536.com/projects/ironclad-time-machine-backups-on-freebsd/ Indeed. As one might note on that page: defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolume **s 1 ^^^ The real point to notice is that the mentioned zfs storage is accessed over the network not over a local usb/sata cable. The freebsd server reads/writes to zfs the remote mac only talks afp over tcp seeing it as another network fileserver. While 10.5 included a zfs read-only kext apple removed it in 10.6 or 10.7. There is an oss version of zfs started that appears to have been revived - maczfs.com. There is also a commercial package for osx zfs - zevo. I'm not vouching for either of these just mentioning that they exist. Aye, I know that. My point is, perhaps that'd be his best bet then ? Attach the USB device to the FreeBSD box, export it over afp. I know that's not really ideal, that's a given. However, this is a solution that allows him to use the disk on fbsd, and still be able to export TM backups. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Proper way to update ports with svn
On 29 March 2013 22:29, Andre Goree an...@drenet.info wrote: I seem to have to run 'make index' in /usr/ports after I've run 'svn up /usr/ports' in order to see which ports need to be updated using 'portversion'. This doesn't seem correct...and if so portsnap would seem like a much better tool. Perhaps I should be running 'make fetchindex' instead? I'm sure I've read about the correct way to do so, but it doesn't appear to be here: https://wiki.freebsd.org/PortsSubversionPrimer Thanks in advance for any advice. 'make index' looks good to me, it's the right way to do things imo. What bothers you, following 'make index', pkg version output seems dodgy ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Current Way To Update Sources Rebuild World/Kernel?
On Mar 17, 2013 11:07 PM, Drew Tomlinson d...@mykitchentable.net wrote: I've been away for a while. In the past, the proper way to update a system was to grab current sources via cvsup and then rebuild world and kernel. But now I see cvsup is no longer supported. The handbook talks about freebsd-update. I do not want binary upgrades but is this the tool to replace cvsup to update sources? How do I use it to replace the old way that went something like this: cvsup sources make buildworld make buildkernel make installkernel mergemaster make installworld (I'm not sure I have that in the exact proper order but it was something like that). So is freebsd-update what I need? Is there a page that describes the steps to accomplish this? Thanks, Drew http://www.wonkity.com/~wblock/docs/html/stable.html Buildworld Buildkernel Installkernel Reboot Mergemaster -p Installworld Mergemaster Rebuild ports Delete-old Delete-old-libs Delete-old-dirs Less /usr/src/Makefile ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
8.4-RELEASE (was Re: svn new pkg system)
On 14 Mar 2013, at 23:47, Michael Ross g...@ross.cx wrote: On Sun, 10 Mar 2013 00:57:25 +0100, Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Sat, 09 Mar 2013 18:25:22 -0500, Fbsd8 fb...@a1poweruser.com wrote: Is svn going to become part of the base system in 9.2-RELEASE? No. I'd like to reference a thread on the @stable list here: http://lists.freebsd.org/pipermail/freebsd-stable/2013-March/072765.html svnup is a lightweight, dependency-free, BSD licensed program to pull source files from a Subversion server. Regards, Michael Speaking of 9.2, are there any plans for a 8.4 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Installing 9.1 without re-partitioning hard drive
On Mar 15, 2013 12:48 AM, leeoliveshackelf...@surewest.net wrote: Good afternoon, FreeBSD enthusiasts. I am attempting to install FreeBSD 9.1 on a dual-boot configuration with Windows XP. I am using bsdinstall. I do not wish for the partition table to be changed. How do I instruct bsdinstall to skip the re-partitioning step? It gives an error message that it cannot write a certain file because the medium is write-only. Any suggestions would be appreciated. Yours truly, Newby Lee You're trying to install to your windows partition, that won't work. You need free space on the drive which implies shrinking your existing partition. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Issue with building custom kernel
On 13 Mar 2013, at 22:26, Andre Goree an...@drenet.info wrote: I seem to be having trouble building my custom kernel. I've removed several things that I believe were unnecessary, and added Linux support, but I don't think I'm missing anything that is very important. Here is the last few lines of the build: === zlib (all) /usr/local/libexec/ccache/world/cc -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE -nostdinc -DHAVE_KERNEL_OPTION_HEADERS -include /usr/obj/usr/src/sys/BUILD130313/opt_global.h -I. -I@ -I@/contrib/altq -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -fno-common -g -fno-omit-frame-pointer -I/usr/obj/usr/src/sys/BUILD130313 -mcmodel=kernel -mno-red-zone -mno-mmx -mno-sse -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector -std=iso9899:1999 -fstack-protector -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -c /usr/src/sys/modules/zlib/../../net/zlib.c ld -d -warn-common -r -d -o zlib.ko.debug zlib.o : export_syms awk -f /usr/src/sys/conf/kmod_syms.awk zlib.ko.debug export_syms | xargs -J% objcopy % zlib.ko.debug objcopy --only-keep-debug zlib.ko.debug zlib.ko.symbols objcopy --strip-debug --add-gnu-debuglink=zlib.ko.symbols zlib.ko.debug zlib.ko 1 error *** [buildkernel] Error code 2 1 error *** [buildkernel] Error code 2 1 error Here is my KERNCONF: http://www.drenet.net/BUILD130313 I've also created a diff of what's missing from my configuration compared to GENERIC: http://www.drenet.net/kern_diff.txt Thanks in advance for any guidance you can provide! -- Andre Goree an...@drenet.info ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Nothing in your diff shocks me. Wanna re SVN up your sources, rebuild your kernel-toolchain and try again ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Grepping though a disk
On 4 Mar 2013, at 01:36, Polytropon free...@edvax.de wrote: Due to a fsck file system repair I lost the content of a file I consider important, but it hasn't been backed up yet. The file name is still present, but no blocks are associated (file size is zero). I hope the data blocks (which are now probably marked unused) are still intact, so I thought I'd search for them because I can remember specific text that should have been in that file. As I don't need any fancy stuff like a progress bar, I decided to write a simple command, and I quickly got something up and running which I _assume_ will do what I need. This is the command I've been running interactively in bash: $ N=0; while true; do echo ${N}; dd if=/dev/ad6 of=/dev/stdout bs=10240 count=1 skip=${N} 2/dev/null | grep PATTERN; if [ $? -eq 0 ]; then break; fi; N=`expr ${N} + 1`; done To make it look a bit better and illustrate the simple logic behind my idea: N=0 while true; do echo ${N} dd if=/dev/ad6 of=/dev/stdout bs=10240 count=1 skip=${N} \ 2/dev/null | grep PATTERN if [ $? -eq 0 ]; then break fi N=`expr ${N} + 1` done Here PATTERN refers to the text. It's only a small, but very distinctive portion. I'm searching in blocks of 10 kB so it's easier to continue in case something has been found. I plan to output the resulting block (it's not a real disk block, I know, it's simply a unit of 10 kB disk space) and maybe the previous and next one (in case the file, the _real_ block containing the data, has been split across more than one of those units. I will then clean the garbage (maybe from other files) because I can easily determine the beginning and the end of the file. Needless to say, it's a _text_ file. I understand that grep operates on text files, but it will also happily return 0 if the text to search for will appear in a binary file, and possibly return the whole file as a search result (in case there are no newlines in it). My questions: 1. Is this the proper way of stupidly searching a disk? 2. Is the block size (bs= parameter to dd) good, or should I use a different value for better performance? 3. Is there a program known that already implements the functionality I need in terms of data recovery? Results so far: The disk in question is a 1 TB SATA disk. The command has been running for more than 12 hours now and returned one false-positive result, so basically it seems to work, but maybe I can do better? I can always continue search by adding 1 to ${N}, set it as start value, and re-run the command. Any suggestion is welcome! Hey that's actually a pretty creative way of doing things ;) Just to make sure, you've stopped daemons and all the stuff that could potentially write to the drive and nuke your blocks right ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Ports Packages [Stable] in sync
On 16 Feb 2013, at 16:56, Jeff Tipton jef...@mail.com wrote: Hi, I upgraded 9.0 - 9.1 on my netbook and only then found out that there are no packages for 9.1-RELEASE. On my desktops, I keep ports and packages at the RELEASE versions, so I only have to compile when I need non-default options or when there are no packages. Would it be possible to get the ports snapshot that was used to compile the 9-STABLE packages? I think I could use subversion but then I need to know the revision number of that snapshot. What do you suggest? Thanks, Jeff Hi Jeff, I think you might be confused here. It is my understanding that there are ports for: - HEAD - x.y-RELEASE I don't think you're going to be able to get a snapshot from 9-STABLE, because -STABLE is a continuing work. What version do you consider to be 9-STABLE ? Every time there's a new commit you get a new 9-STABLE. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 3 TB disk troubles
On 14 Feb 2013, at 17:01, Warren Block wbl...@wonkity.com wrote: On Thu, 14 Feb 2013, Scott Bennett wrote: The confusing thing is that the kernel says it's a 3 TB device, but the utility programs say otherwise. There are more than a few SATA to USB adapters that are not capable of dealing with larger devices. I've seen at least one that could not handle a 1T drive. Now that larger drives are becoming more common, the limits are often shown on the device box or description. The kernel may still identify the device correctly, possibly with different capacity detection. As mentioned, ESATA or just bypassing the SATA/USB/Firewire adapter and connecting directly to the drive should give the full capacity. I might be completely off here but, what about trying it over FireWire on a x64 box, as opposed to his 32bit 8.2 ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: uname -r output values?
On 21 Dec 2012, at 18:51, Fbsd8 fb...@a1poweruser.com wrote: Fleuriot Damien wrote: On Dec 21, 2012, at 2:36 PM, Fbsd8 fb...@a1poweruser.com wrote: When issuing the uname -r command what are the different values possible to expect? So far I have this list. Where X.X = major release . Sub release numbers Where y = number 1 through 9 X.X-BETAy X.X-RCy X.X-RELEASE X.X-RELEASE-py X.X-PRERELEASE X.X-CURRENT mybsd dam ~ $ uname -r 8.2-STABLE How did you create this 8.2-STABLE system? I don't see any .iso file for Instructions given already by Devin. Basically, STABLE is a good compromise between running the latest version (10-CURRENT if you're on 9, or 9.x if you're on 8), and running a RELEASE that gets updated very slowly. I've never had bad surprises with STABLE and encourage running it instead of RELEASE if you want the latest patches. Note that on occasion, STABLE will be replaced by BETA or RC. For example 8.2-STABLE became 8.3-RC1 at some point, then 8.3-RC1 ceased to exist altogether and was renamed to 8.3-STABLE (discounting any other release candidates here). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to configure host login account to use jail?
On 23 Dec 2012, at 03:43, Fbsd8 fb...@a1poweruser.com wrote: Have jails up and running on host with ip address of 10.0.10.10 10.0.10.11 10.0.10.12 10.0.10.13 10.0.10.14 The host rc.conf has ifconfig_xl0=DHCP # nix connected to isp ifconfig_rl0=inet 10.0.10.2 #lan nic I want lan users to login to their jail by ip address using ssh. How do I setup host user accounts so they login to their associated jail? Is this something I code in the host user account or is it done by the remote ssh login command? How do other jail users do this? I assign public IPs to my jails and let people SSH to them. Alternatively you could use non-22 ports and have PF rdr to your jail's internal IP. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 8 Dec 2012, at 03:13, Devin Teske devin.te...@fisglobal.com wrote: On Dec 7, 2012, at 5:22 PM, Paul Schmehl wrote: --On December 7, 2012 10:23:56 AM +0100 Fleuriot Damien m...@my.gd wrote: On Dec 6, 2012, at 9:20 PM, Paul Schmehl pschmehl_li...@tx.rr.com wrote: --On December 6, 2012 1:19:00 PM -0600 Tim Daneliuk tun...@tundraware.com wrote: I understand this. Even the organization in question understands this. They are not trying to *prevent* any kind of access. All they're trying to do *log* it. Why? To meet some obscure compliance requirement they have to adhere to in order to remain in business. rant I know all of this is silly but that's our future when you let Our Fine Government regulate pretty much anything. /rant I sent this last night, but for some reason it never showed up. /usr/ports/security/sudoscript I believe this will meet your requirements. I'm sorry to say it won't. Nothing will prevent a user from removing sudoscript's FIFO once he gets root privileges. Well, sure, but, if someone logs in and sudos to root, that will be logged by sudoscript. If the logging then ceases, that would be cause for disciplinary action up to and including dismissal. What about the case of: sudo vim or sudo vim file Surely that wouldn't raise an eyebrow, but… Then execute within vim: :sh or ^_^ -- Devin … and another gem … sr env HOME=$HOME vim then :E My point exactly, such levels of protection can't be reached on our day to day OSes. The only thing that can be done is trying to approach the expected level of scrutiny and security. The audit framework is a viable solution IMO, as long as it has limited protection against kills (restart it, send a SMS alert...) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 6 Dec 2012, at 20:19, Tim Daneliuk tun...@tundraware.com wrote: On 12/06/2012 12:55 PM, n j wrote: On Thu, Dec 6, 2012 at 12:47 AM, Tim Daneliuk tun...@tundraware.com wrote: ... Well ... does auditd provide a record of every command issued within a script? I was under the impression (and I may well be wrong) that it noted only the name of the script being executed. Even if you configured auditd to record every command issued within a script, you'd still have a problem if a malicious user put the same commands inside a binary. As some people already pointed out, there is practically no way to control users once you give them root privileges. I understand this. Even the organization in question understands this. They are not trying to *prevent* any kind of access. All they're trying to do *log* it. Why? To meet some obscure compliance requirement they have to adhere to in order to remain in business. rant I know all of this is silly but that's our future when you let Our Fine Government regulate pretty much anything. /rant This sounds awfully similar to PCI DSS requirements to me. Nothing to do with .gov then ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Somewhat OT: Is Full Command Logging Possible?
On 6 Dec 2012, at 00:19, Tim Daneliuk tun...@tundraware.com wrote: sudo chown root:wheel my_naughty_script sudo chmod 700 my_naughty script sudo ./my_naughty_script The sudo log will note that I ran the script, but not what it did. wow, way to complicate matters. sudo csh So Gentle Geniuses, is there prior art here that could be applied to give me full coverage logging of every action taken by any person or thing running with effective or actual root? P.S. I do not believe Now would be a good time to start, then. The only things you need to ensure are: - auditd cannot be killed off (this is an interesting bit actually, anyone knows how to do that ?) - the audit trail files can only be appended to ; man chflags An alternative would be lshell, however you'll have to whitelist commands people can execute. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using squid and pf?
On 30 Nov 2012, at 08:30, Leslie Jensen les...@eskk.nu wrote: Damien Fleuriot skrev 2012-11-29 00:28: On 27 November 2012 22:01, Leslie Jensen les...@eskk.nu wrote: Well, that depends on what you want to do. If you want FTP traffic to go to ftp-proxy running on the firewall, then redirect to 8021. If you want it to go to your squid proxy, then send it to port 8080 on $proxy. Let's redo your redirects correctly. I'll expand upon Volodymyr's idea of not confusing normal rules with ones matching a packet that was redirected, through the use of tags. # 1/ redirect web traffic to the proxy $proxy on port $proxyport rdr in on $int_if inet proto tcp from !$proxy to any port 80 - $proxy port $proxyport tag rdr_proxy # 2/ redirect FTP traffic to the ftp-proxy running on the local machine on port 8021 rdr in on $int_if inet proto tcp from $int_if:network to any port 21 - 127.0.0.1 port 8021 tag rdr_ftp # 3/ access rule to allow traffic from the local net to your proxy pass in quick on $int_if inet proto tcp flags S/SAFR tagged rdr_proxy # 4/ access rule to allow traffic from the local net to your FTP proxy pass in quick on $int_if inet proto tcp flags S/SAFR tagged rdr_ftp # 5/ access rule to allow your proxy to do whatever it wants in a very limited fashion pass in quick on $int_if inet proto tcp from $proxy to any port { 80 443 } flags S/SAFR I liked Volodymyr's original intent behind the rdr pass, the use of tags here allows you to setup actual pass/block rules and still match packets coming from a redirect. This has many advantages, including: - quick keyword - flags matching - use of labels to keep stats, if you'd like to Well basically it only has advantages. Let me know if that helped. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Thank you Damien. I'll try out your suggestions and report back. Thanks :-) /Leslie The rdr rules should read: Rdr in on $int_if from !$proxy to any port 80 tag rdr_proxy - $proxy port $proxyport Notice the packet gets tagged before the - destination syntax. Otherwise, should be just fine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: denyhosts, fail2ban, or something else?
On 27 November 2012 23:25, Aleksandr Miroslav alexmiros...@gmail.com wrote: Finally got sick of seeing tons of ssh break-in attempts in my logs. Am considering using denyhosts, or fail2ban. Anyone have any experience with these? I'm already using the AllowUsers facility of ssh to only allow specific users in, so I'm not overly concerned about the attempts. This is for a FreeBSD 8.x box running pf, btw. Since nobody has mentioned it, I'll point you to sshguard. It integrates with PF or IPFW and does the job. As for AllowUsers, that's a good thing, I'm going that as well. Some might argue that it's overkill, well let me tell you, virtually nothing is overkill when it aims at preventing unauthorized SSH access to your box. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using squid and pf?
On 27 November 2012 22:01, Leslie Jensen les...@eskk.nu wrote: Volodymyr Kostyrko skrev 2012-11-26 21:50: 26.11.2012 20:40, Leslie Jensen: Rules from pf.conf # macros ext_if=xl0 int_if=bge0 tcp_services={ 22, 993, 5910:5917 } tcp_priv_services={ 389, 443 } proxy_services = { 21, 80 } icmp_types={ echoreq unreach squench timex } internal_net = 172.18.0.0/16 proxy = 172.18.0.1 proxyport=8021 # tables table goodguys persist table sshguard persist # options set block-policy return # ports are closed but can be seen set loginterface $ext_if set skip on lo0 # scrub scrub in rdr pass proto tcp from any to any port ftp - 127.0.0.1 port 8021 # redirect www trafic to proxy rdr on $int_if inet proto tcp from $internal_net to any port $proxy_services - $proxy port 8080 I could be wrong here but I think you have a loop. You are redirecting from local interface to local interface i.e. the result of redirect is still subject for redirect. Could you try one of the following: 1. Make this a `rdr in on $int_if`. 2. Make this a `rdr pass ... - 127.0.0.1 port 8080`. I prefer this way so port for transparent forwarding is unreachable except when explicitly redirecting to it. Personally I newer allow such ambiguity in my configs. #1 gives a syntax error when I try to load it. #2 My intention is to redirect only ftp traffic with this rule so that's why I use port 8021. Do you mean that I should redirect even ftp traffic to port 8080? Thanks! /Leslie Well, that depends on what you want to do. If you want FTP traffic to go to ftp-proxy running on the firewall, then redirect to 8021. If you want it to go to your squid proxy, then send it to port 8080 on $proxy. Let's redo your redirects correctly. I'll expand upon Volodymyr's idea of not confusing normal rules with ones matching a packet that was redirected, through the use of tags. # 1/ redirect web traffic to the proxy $proxy on port $proxyport rdr in on $int_if inet proto tcp from !$proxy to any port 80 - $proxy port $proxyport tag rdr_proxy # 2/ redirect FTP traffic to the ftp-proxy running on the local machine on port 8021 rdr in on $int_if inet proto tcp from $int_if:network to any port 21 - 127.0.0.1 port 8021 tag rdr_ftp # 3/ access rule to allow traffic from the local net to your proxy pass in quick on $int_if inet proto tcp flags S/SAFR tagged rdr_proxy # 4/ access rule to allow traffic from the local net to your FTP proxy pass in quick on $int_if inet proto tcp flags S/SAFR tagged rdr_ftp # 5/ access rule to allow your proxy to do whatever it wants in a very limited fashion pass in quick on $int_if inet proto tcp from $proxy to any port { 80 443 } flags S/SAFR I liked Volodymyr's original intent behind the rdr pass, the use of tags here allows you to setup actual pass/block rules and still match packets coming from a redirect. This has many advantages, including: - quick keyword - flags matching - use of labels to keep stats, if you'd like to Well basically it only has advantages. Let me know if that helped. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: When Is The Ports Tree Going To Be Updated?
On 26 November 2012 21:15, jb jb.1234a...@gmail.com wrote: Tim Daneliuk tundra at tundraware.com writes: ... One wonders if using svn to keep the ports tree up-to-date might not be simpler, and perhaps, more reliable ... As managed by portsnap: $ du -hs /usr/ports/ 850M/usr/ports/ As managed by svn (it took much longer to checkout/download it by comparison): $ du -hs /usr/local/ports/ 1.4G/usr/local/ports/ $ du -hs /usr/local/ports/.svn/ 702M/usr/local/ports/.svn/ One thing about svn is that it is a developer's tool, with its own commands set (that should never be mixed with UNIX commands w/r to dir/file manipulation), and that should not be expected to be learned by non-devs. For that reasons alone the portsnap-managed ports repo is more generic, flexible to be handled by user and add-on apps/utilities, looks like more efficient without that svn overhead resulting from its requirements and characteristics as a source control system. But, svn offers to a user a unique view into ports repo, e.g. history, logs, info, attributes, etc. jb While we're on the binary vs SVN topic, I'd like to point out I'm *actually running out of inodes* on a virtualized machine (we use these a lot for our dev and preproduction environments) with 5gb of space, when checking out the ports tree. Of course 5gb is quite small but then, this was installed a while back. The transition to SVN means I'm going to have to reinstall these firewalls. There are a lot of them it's going to be a major pain. idk, I'm loathe to use portsnap, I liked CSup just fine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Multi-boot Linux + FreeBSD
While no expert, I would advise against running the kernel directly. The loader allows you to boot in single user which may come handy at times. On 24 Nov 2012, at 18:08, Lucas B. Cohen l...@bnrlabs.com wrote: Hi Ralf, On 2012.11.24 17:06, Ralf Mardorf wrote: Perhaps later today I'll install 9.0 amd64. If possible I'll keep my Linux GRUB legacy. Can I use my menu.lst [1] and add a chainloader or something similar to boot FreeBSD from /dev/sda1? I don't know if GRUB v1 allows that, on a multiboot system I use GRUB 2 to either load FreeBSD's loader(8) : menuentry FreeBSD (Loader) { insmod part_bsd set root='hd0,msdos2,bsd1' echo Loading FreeBSD loader kfreebsd /boot/loader echo Starting FreeBSD loader } or to run its kernel directly, after having passed it optional device hints: menuentry FreeBSD (Direct Boot) { insmod ufs2 set root='hd0,msdos2,bsd1' echo Loading FreeBSD kernel kfreebsd /boot/kernel/kernel echo Loading FreeBSD environment kfreebsd_loadenv /boot/device.hints set kfreebsd.vfs.root.mountfrom=ufs:/dev/ada0s2 echo Booting FreeBSD } I'm not saying it's impossible, but I'm unable to chainload to the loader code on my system with this: menuentry FreeBSD (Chainload) { insmod chain set root='hd0,msdos2' chainloader +1 } FWIW I made backups of my HDD's MBRs. I wonder if the installer will overwrite the MBR? Always a good thing to have backups. From what I've experienced and read, 9.0-RELEASE's installer is not always predictable in that regard, it's probably safer to assume it'll won't do what you want, and just restore your MBR after the installation, to go back to using GRUB for dual-booting. Here's the pitfall, though: the MBR also holds the partition table. So make a fresh backup after you've created/reorganized the primary partitions (slices) on your disk using a tool you're familiar with. (Logical partitions and BSD partitions are stored differently, so they will survive an MBR restore, provided it doesn't modify the primary partition they're contained in.) I also would like to know, if there's a way to recover the partition table, including a primary FreeBSD partition/slice, if this ever should get broken and there should be no backup of the partition table be available. The partition table is held alongside the MBR, in the first logical sector of your disk. Restoring one will restore the other. For extra safety, you can save the output of partitioning tools like fdisk or GNU parted expressed in sectors. Hope this helps, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: high performance server design approach
That's a shame, nginx is definitely a robust and fast server, it's well maintained, it's patched quickly... If you need proof of its prowess to convince your upstream managers, I'd be inclined to provide you with a diagram of our architecture for this particular project, as well as the graphs (network traffic, server loads, requests/sec...) On 13 November 2012 12:03, Friedrich Locke friedrich.lo...@gmail.com wrote: Mark, when i say high performance, i am looking something at least as fast as the fastest performing http server on the market for a given set of requests on the same pool of static files. I am aware og ngnix, but i have to write my own http server. Using someone else solution is not an option. On Tue, Nov 13, 2012 at 8:57 AM, Fleuriot Damien m...@my.gd wrote: Define high performance , what are your expectations in terms of concurrent connections, requests/second and all ? Allow me to shed some measure of light here, we're running 16x web servers with nginx doing *permanent* (as in, for all requests) URL rewriting and serving 500 req/s each. These servers admittedly running debian are behind 4x freebsd boxes using a combination of PF, CARP and relayd on 8.3-STABLE. The web servers deliver 200mb/second worth of *small* files (roughly 1kb javascripts). They hardly ever reach 0.25 load average, on 8 cores + hyperthreading. What I'm getting at here is, nginx *totally rapes* performance-wise, at least for our own needs. If it is able to deliver 500 req/s (for each server) of small files, surely it can handle the load you're planning on throwing at it ? On Nov 13, 2012, at 11:28 AM, Friedrich Locke friedrich.lo...@gmail.com wrote: Thank you Mark for suggestion, but my doubt still remains. Regards. On Tue, Nov 13, 2012 at 8:26 AM, Mark Blackman m...@exonetric.com wrote: On 13 Nov 2012, at 10:23, Friedrich Locke friedrich.lo...@gmail.com wrote: Hi list members, i would like to be an http server for static content only. Due to this [snip] What you have to say benchmark nginx to see if it does the job already. - Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: lagg interface not created at reboot ( 9.0 )
On 2 Nov 2012, at 10:56, Frank Bonnet f.bon...@esiee.fr wrote: hello I use the lagg feature on a server and it seems the lagg pseudo interface is not created when the machine reboots , the server runs 9.0-p3 here is the incriminated part of the /etc/rc.conf file ifconfig_bce2=up ifconfig_bce3=up cloned_interface=lagg0 ifconfig_lagg0= laggproto lacp laggport bce2 laggport bce3 ipv4_addrs_lagg0= xxx.xxx.xxx.xxx/24 defaultrouter=xxx.xxx.xxx.xxx Note : if I create manually the lagg0 interface everything starts well ... thanks for any info cloned_interfaces , notice the plural. You're using cloned_interface, you're missing the S. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: py-bittornado gone
On 26 Oct 2012, at 19:05, Artifex Maximus artife...@gmail.com wrote: Hello! py-bittornado gone and I accidentally delete with portmanager at upgrade. cfv uses and I use cfv for testing torrent so I need py-bittornado (or py-bittorrent). How can I restore that package? Bye, a How about getting the original source and building from there, or a package for pkg_add ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
BIND - slaving the root zone and signature expired
Hello list, Anyone else experienced this problem today ? We slave the root zone and have received signature expired errors. We slave the root zone like so: zone . { type slave; file /etc/namedb/slave/root.slave; masters { 192.5.5.241;// F.ROOT-SERVERS.NET. }; notify no; }; zone arpa { type slave; file /etc/namedb/slave/arpa.slave; masters { 192.5.5.241;// F.ROOT-SERVERS.NET. }; notify no; }; And got the following errors: messages.2:Oct 25 08:25:46 pf1 named[23251]: starting BIND 9.6.-ESV-R7 -t /var/named -u bind messages.2:Oct 25 08:25:46 pf1 named[23251]: built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' messages.2:Oct 25 08:25:46 pf1 named[23251]: messages.2:Oct 25 08:25:46 pf1 named[23251]: BIND 9 is maintained by Internet Systems Consortium, messages.2:Oct 25 08:25:46 pf1 named[23251]: Inc. (ISC), a non-profit 501(c)(3) public-benefit messages.2:Oct 25 08:25:46 pf1 named[23251]: corporation. Support and training for BIND 9 are messages.2:Oct 25 08:25:46 pf1 named[23251]: available at https://www.isc.org/support messages.2:Oct 25 08:25:46 pf1 named[23251]: messages.2:Oct 25 08:25:46 pf1 named[23251]: command channel listening on 127.0.0.1#953 messages.2:Oct 25 08:25:46 pf1 named[23251]: command channel listening on ::1#953 messages.2:Oct 25 08:25:46 pf1 named[23251]: /etc/namedb/slave/root.slave:10: signature has expired messages.2:Oct 25 08:25:46 pf1 named[23251]: /etc/namedb/slave/arpa.slave:10: signature has expired messages.2:Oct 25 08:25:46 pf1 named[23251]: running messages.2:Oct 25 08:25:46 pf1 named[23251]: zone ./IN: expired messages.2:Oct 25 08:25:46 pf1 named[23251]: zone arpa/IN: expired messages.2:Oct 25 08:27:16 pf1 named[23251]: transfer of 'arpa/IN' from 192.5.5.241#53: failed while receiving responses: connection reset messages.2:Oct 25 08:27:17 pf1 named[23251]: transfer of './IN' from 192.5.5.241#53: failed while receiving responses: connection reset messages.2:Oct 25 08:28:47 pf1 named[23251]: transfer of './IN' from 192.5.5.241#53: failed while receiving responses: connection reset messages.2:Oct 25 08:28:47 pf1 named[23251]: transfer of 'arpa/IN' from 192.5.5.241#53: failed while receiving responses: connection reset messages.2:Oct 25 08:30:37 pf1 named[23251]: transfer of 'arpa/IN' from 192.5.5.241#53: failed while receiving responses: connection reset messages.2:Oct 25 08:30:42 pf1 named[23251]: transfer of './IN' from 192.5.5.241#53: failed while receiving responses: connection reset messages.2:Oct 25 08:32:47 pf1 named[23251]: stopping command channel on 127.0.0.1#953 messages.2:Oct 25 08:32:47 pf1 named[23251]: stopping command channel on ::1#953 messages.2:Oct 25 08:32:47 pf1 named[23251]: exiting ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: BIND - slaving the root zone and signature expired
On 25 October 2012 18:33, Warren Block wbl...@wonkity.com wrote: On Thu, 25 Oct 2012, Damien Fleuriot wrote: Anyone else experienced this problem today ? We slave the root zone and have received signature expired errors. Found this: https://lists.dns-oarc.net/pipermail/dns-operations/2011-March/007116.html which leads to this: http://in-addr-transition.icann.org/ Hi Warren and thanks for your reply, I've dug around some more and identified the problem we've been having. Apparently, from a given netblock, we can't AXFR the . and arpa zones anymore with F.ROOT-SERVERS.NET. We can from some other boxes. I suspect we might have been firewalled or something, although we don't query them very often , but that's beyond the point. I've now transitioned all our PF boxes to slave from xfr.lax.dns.icann.org and xfr.cjr.dns.icann.org as per the documentation found in /etc/namedb/named.conf What bothers me is that the commented lines from named.conf say to use the ICANN XFR servers, while the actual commented configuration uses F.ROOT-SERVERS.NET See below a freshly SVNup'd copy on 10.0: % svn info named.conf Path: named.conf Name: named.conf Working Copy Root Path: /data/freebsd/src/head URL: svn://svn.freebsd.org/base/head/etc/namedb/named.conf Repository Root: svn://svn.freebsd.org/base Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 242082 Node Kind: file Schedule: normal Last Changed Author: uqs Last Changed Rev: 229783 Last Changed Date: 2012-01-07 16:10:32 + (Sat, 07 Jan 2012) Text Last Updated: 2012-09-01 11:43:31 + (Sat, 01 Sep 2012) Checksum: 598add209c192aac1dc4d973ce31922dff8b93c9 I SVNup'd it just today, and yet: === As documented at http://dns.icann.org/services/axfr/ these zones: . (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET are available for AXFR from these servers on IPv4 and IPv6: xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org */ /* zone . { type slave; file /etc/namedb/slave/root.slave; masters { 192.5.5.241;// F.ROOT-SERVERS.NET. }; notify no; }; === I'm going to file a PR with a small diff to use the ICANN's XFR servers instead of F. Thanks for your feedback regardless :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: BIND - slaving the root zone and signature expired
On 25 October 2012 18:55, Damien Fleuriot m...@my.gd wrote: On 25 October 2012 18:33, Warren Block wbl...@wonkity.com wrote: On Thu, 25 Oct 2012, Damien Fleuriot wrote: Anyone else experienced this problem today ? We slave the root zone and have received signature expired errors. Found this: https://lists.dns-oarc.net/pipermail/dns-operations/2011-March/007116.html which leads to this: http://in-addr-transition.icann.org/ Hi Warren and thanks for your reply, I've dug around some more and identified the problem we've been having. Apparently, from a given netblock, we can't AXFR the . and arpa zones anymore with F.ROOT-SERVERS.NET. We can from some other boxes. I suspect we might have been firewalled or something, although we don't query them very often , but that's beyond the point. I've now transitioned all our PF boxes to slave from xfr.lax.dns.icann.org and xfr.cjr.dns.icann.org as per the documentation found in /etc/namedb/named.conf What bothers me is that the commented lines from named.conf say to use the ICANN XFR servers, while the actual commented configuration uses F.ROOT-SERVERS.NET See below a freshly SVNup'd copy on 10.0: % svn info named.conf Path: named.conf Name: named.conf Working Copy Root Path: /data/freebsd/src/head URL: svn://svn.freebsd.org/base/head/etc/namedb/named.conf Repository Root: svn://svn.freebsd.org/base Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 242082 Node Kind: file Schedule: normal Last Changed Author: uqs Last Changed Rev: 229783 Last Changed Date: 2012-01-07 16:10:32 + (Sat, 07 Jan 2012) Text Last Updated: 2012-09-01 11:43:31 + (Sat, 01 Sep 2012) Checksum: 598add209c192aac1dc4d973ce31922dff8b93c9 I SVNup'd it just today, and yet: === As documented at http://dns.icann.org/services/axfr/ these zones: . (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET are available for AXFR from these servers on IPv4 and IPv6: xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org */ /* zone . { type slave; file /etc/namedb/slave/root.slave; masters { 192.5.5.241;// F.ROOT-SERVERS.NET. }; notify no; }; === I'm going to file a PR with a small diff to use the ICANN's XFR servers instead of F. Thanks for your feedback regardless :) If anyone cares to take it, filed as conf/173077 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8-STABLE base BIND version number typo ?
On 27 August 2012 10:11, Damien Fleuriot m...@my.gd wrote: Hello list, We're currently running Nessus PCI DSS scans on our infrastructure to eliminate known vulnerabilities and problems. The scan reports that my version of BIND is vulnerable to exploits I *know* it isn't. The problem, to me, seems to be with the version number as reported by named -V : BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' (notice the .- notation) This is the base's BIND running on 8.3-STABLE 64 bits compiled and built on 22/08/12 : FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 10:41:47 CEST 2012 I have verified that building the exact same version from the ports, at /usr/ports/dns/bind96 yields the correct version number and the vulnerabilities are no longer reported by the scan, which uses BIND's version number as a reference. Has anyone else noticed the same oddity, that I might fill a PR ? Hello list, I seem to have seen no replies. Would anyone kindly confirm they've got the same problem so we can get a PR filled ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
8-STABLE base BIND version number typo ?
Hello list, We're currently running Nessus PCI DSS scans on our infrastructure to eliminate known vulnerabilities and problems. The scan reports that my version of BIND is vulnerable to exploits I *know* it isn't. The problem, to me, seems to be with the version number as reported by named -V : BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' (notice the .- notation) This is the base's BIND running on 8.3-STABLE 64 bits compiled and built on 22/08/12 : FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 10:41:47 CEST 2012 I have verified that building the exact same version from the ports, at /usr/ports/dns/bind96 yields the correct version number and the vulnerabilities are no longer reported by the scan, which uses BIND's version number as a reference. Has anyone else noticed the same oddity, that I might fill a PR ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: implications of adding root to a group
On 23 Aug 2012, at 17:26, Steve O'Hara-Smith st...@sohara.org wrote: On Thu, 23 Aug 2012 07:51:10 -0700 Krims G krimskr...@gmail.com wrote: Hello, I've been looking at the /etc/group and have noticed that some groups have root included in them, for example operator. Is it not implied that root has access to all things and groups? What is the purpose of adding root to a group? If I add root to some new arbitrary group, what does it result in differently than if I do not add root to that group? The root user has the ability to ignore file permissions, but not the ability to subvert group membership tests in scripts or programs. -- Steve O'Hara-Smith | While I can compute what you wrote, I fail to see the implications. Would you kindly explain in layman's terms ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD on SSD
On 28 Jul 2012, at 11:58, Erich Dollansky erichfreebsdl...@ovitrap.com wrote: Hi, On Sat, 28 Jul 2012 12:44:35 +0300 Vladimir Videscu vladimir.vide...@gmail.com wrote: Good day. I have recently bought a Seagate Momentus XT for my laptop. The specs for the drive are : RPM : 7200 Buffer : 32 MB HDD Memory : 750 GB SSD Memory : 8 GB I wish to install FreeBSD on it, but I wanted to ask this beforehand : Would it would be possible to install it on the 8 GB SSD sector ? Would it work, and how would FreeBSD generally handle the SSD share of the memory ? isn't the SSD part 100% hidden? Doesn't the SSD work as a plain read cache for the disk? Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Vladimir, Erich has the right of it. You have not bought a real SSD but rather a hdd with built-in SSD-backed cache. I don't think there is a way for you to install the OS specifically to the SSD part of the drive.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: On-access AV scanning
On 7/27/12 1:47 PM, Daniel Bye wrote: On Fri, Jul 27, 2012 at 07:19:45AM -0400, Daniel Feenberg wrote: On Fri, 27 Jul 2012, Daniel Bye wrote: On Fri, Jul 27, 2012 at 12:51:04PM +0200, Wojciech Puchar wrote: Are there any current options available to support on-access antivirus scanning on FreeBSD? FreeBSD doesn't need this as there are no viruses on that system. Well, thanks. And yes, I know that neither FreeBSD nor Solaris are renowned for their sickly vulnerability to viruses, but we operate in a mixed environment, with a lot of Windows machines and ZFS file systems exported by SMB/CIFS, so we need the AV to ensure any viruses are stopped before they infect a susceptible machine. It seems a small price to pay to finally get a decent workstation! No idea - YOU will not spread wiruses, and viruses from other winstations will not affect you. so just install antivirus software on winstations. Or finally educate users as it is really simple to avoid viruses even with windows I refer you to the part where I specifically talk about our corporate IT policy. All desktops/workstations (that is, all of them, every single one), must have AV software running on them. There will be no exceptions, on pain Well, there is AV software for FreeBSD - we use Kaspersky on our FreeBSD based mailserver, but the viruses it looks for are Windows viruses. I don't know if that will satisfy your IT policy. Maybe you should be looking at Cygwin? Or, can FreeBSD run under HyperV? Thanks, Daniel. I have looked at Kaspersky, and various others, but the main sticking point, as I see it, is that there is no on-access scanning capability in any of the AV packages available for FreeBSD. It's not essential to build my case, but it would certainly strengthen it. I use ClamAV on my home mail server, and it works well. I have also tested it out on a desktop machine to run on-demand scans, and it works just fine, and doesn't impose so much of a load as to be a nuisance. We have had a couple of virus outbreaks recently, so this is quite a high profile concern around here at the moment. The CIO is from a technical background, so I might well be able to convince him of FreeBSD's strengths as a very secure system, but I will still need to accede to the IT policy, sadly - no way around it. Dan FUSE ClamFS But then, FUSE... ew... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Security - logging of user commands
On 7/25/12 6:15 PM, jb wrote: Damien Fleuriot ml at my.gd writes: ... From my syslog.conf: auth.info;authpriv.info /var/log/auth.log Yet I'm seeing not a trail in /var/log/auth.log , or messages, or even in secure ... # less /var/log/auth.log Feb 22 21:13:56 localhost newsyslog[1503]: logfile first created Feb 22 21:14:07 localhost login: login on ttyv0 as jb Feb 22 21:14:15 localhost su: jb to root on /dev/ttyv0 ... Jul 25 15:23:48 localhost su: jb to root on /dev/pts/3 Jul 25 17:25:05 localhost snoopy[50059]: [uid:0 sid:45449 tty:/dev/pts/2 cwd:/usr/ports/security/snoopy filename:/usr/bin/touch]: touch /etc/ld.so.preload Jul 25 17:25:05 localhost snoopy[50060]: [uid:0 sid:45449 tty:/dev/pts/2 cwd:/usr/ports/security/snoopy filename:/usr/bin/grep]: grep -c ^/usr/local/lib//snoopy.so /etc/ld.so.preload Jul 25 17:52:29 localhost snoopy[50145]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log Jul 25 17:54:03 localhost snoopy[50148]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/touch]: touch test1 Jul 25 17:54:08 localhost snoopy[50149]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log [root@localhost /home/jb]# jb Well, after some digging I am sorry to report that security/snoopy/ is, imho, quite bugged on 8-STABLE and 9-STABLE alike. Let's take the example of logging the current working directory: Below is the statement from ./configure --help : Optional Features: [snip] --disable-cwd-logging disable logging of Current Working Directory [default=enabled] From config.h:66 /* Enable logging of Current Working Directory */ /* #undef SNOOPY_CWD_LOGGING */ From configure:4298 #define SNOOPY_CWD_LOGGING 1 From snoopy.c:127 /* Create logMessage */ #if defined(SNOOPY_CWD_LOGGING) Small edits to snoopy.c to check if current working directory logging is really enabled: --- snoopy.c.orig 2012-07-26 10:16:06.0 + +++ snoopy.c2012-07-26 10:18:05.0 + @@ -123,12 +123,18 @@ logString[logStringSize-1] = '\0'; +/* Check wether SNOOPY_CWD_LOGGING is _really_ defined or not */ +int cwdlog=0; +#if defined(SNOOPY_CWD_LOGGING) +cwdlog=1; +#endif + /* Create logMessage */ #if defined(SNOOPY_CWD_LOGGING) getCwdRet = getcwd(cwd, PATH_MAX+1); - sprintf(logMessage, [uid:%d sid:%d tty:%s cwd:%s filename:%s]: %s, getuid(), getsid(0), ttyPath, cwd, filename, logString); + sprintf(logMessage, [uid:%d sid:%d tty:%s cwd:%s filename:%s]: %s, getuid(), getsid(0), ttyPath, cwd, filename, logString); #else - sprintf(logMessage, [uid:%d sid:%d tty:%s filename:%s]: %s, getuid(), getsid(0), ttyPath, filename, logString); + sprintf(logMessage, cwdlog: %d - [uid:%d sid:%d tty:%s filename:%s]: %s, cwdlog, getuid(), getsid(0), ttyPath, filename, logString); #endif And the result: gmake snoopy.so setenv LD_PRELOAD /usr/ports/security/snoopy/work/snoopy-1.8.0/snoopy.so /etc/rc.d/named status Yields, amongst others: Jul 26 10:19:00 pf1 snoopy[96561]: cwdlog: 0 - [uid:0 sid:92850 tty:/dev/pts/0 filename:/bin/ps]: /bin/ps -ww -o pid= -o jid= -o command= -p 1073 Notice how cwdlog is set to 0 which means we don't want to log the CWD, although configure reports SNOOPY_CWD_LOGGING 1 I think that might not be the only bug, seeing only root actions seem to be logged although the default should be to log every user. I'd like to point out that apart from these edits for my tests this is a *vanilla* install of snoopy. Might anyone confirm the issue ? The above is true for 8.1-RELEASE, 8-STABLE , 9-STABLE with snoopy being at version 1.8.0 on all of them. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Freebsd build problem
On 7/26/12 12:48 PM, Venkat Duvvuru wrote: Hi, I'm unable to compile the kernel code (for that matter any kernel module also). The following is the error. My guess is that it is trying to compile the code for x86 instead of amd64 as you can a symbolic link create for x86 includes. Please suggest the change to be done inorder to compile it for amd64. Uname -a of the system FreeBsd 9.0-RELEASE-p3 FreeBSD 9.0-RELEASE-p3 #0: Tue Jun 12 02:52:29 UTC 2012 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 -- stage 3.1: making dependencies -- cd /usr/obj/usr/src/sys/MYKERNEL; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=amd64 MACHINE=amd64 CPUTYPE= GROFF_BIN_PATH=/usr/obj/usr/src/tmp/legacy/usr/bin GROFF_FONT_PATH=/usr/obj/usr/src/tmp/legacy/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/src/tmp/legacy/usr/share/tmac _SHLIBDIRPREFIX=/usr/obj/usr/src/tmp VERSION=FreeBSD 9.0-RELEASE-p3 amd64 900044 INSTALL=sh /usr/src/tools/install.sh PATH=/usr/obj/usr/src/tmp/legacy/usr/sbin:/usr/obj/usr/src/tmp/legacy/usr/bin:/usr/obj/usr/src/tmp/legacy/usr/games:/usr/obj/usr/src/tmp/usr/sbin:/usr/obj/usr/src/tmp/usr/bin:/usr/obj/usr/src/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin NO_CTF=1 make KERNEL=kernel depend -DNO_MODULES_OBJ machine - /usr/src/sys/amd64/include x86 - /usr/src/sys/x86/include cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -std=c99 -g -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -nostdinc -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/pf -I/usr/src/sys/dev/ath -I/usr/src/sys/dev/ath/ath_hal -I/usr/src/sys/contrib/ngatm -I/usr/src/sys/dev/twa -I/usr/src/sys/gnu/fs/xfs/FreeBSD -I/usr/src/sys/gnu/fs/xfs/FreeBSD/support -I/usr/src/sys/gnu/fs/xfs -I/usr/src/sys/dev/cxgb -I/usr/src/sys/dev/cxgbe -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -fno-omit-frame-pointer -mno-sse -mcmodel=kernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector /usr/src/sys/amd64/amd64/genassym.c In file included from ./x86/_align.h:6, from ./x86/_align.h:6, from ./x86/_align.h:6, from ./x86/_align.h:6, from ./x86/_align.h:6, from ./machine/_align.h:6, from ./machine/param.h:46, from /usr/src/sys/sys/param.h:115, from /usr/src/sys/amd64/amd64/genassym.c:42: ./x86/_align.h:6:24: error: #include nested too deeply In file included from ./x86/_align.h:6, from ./x86/_align.h:6, from ./x86/_align.h:6, from ./machine/_align.h:6, from /usr/src/sys/sys/socket.h:39, from /usr/src/sys/amd64/amd64/genassym.c:54: ./x86/_align.h:6:24: error: #include nested too deeply /usr/src/sys/amd64/amd64/genassym.c:69:25: error: x86/apicreg.h: No such file or directory /usr/src/sys/amd64/amd64/genassym.c:230: error: invalid use of undefined type 'struct LAPIC' *** Error code 1 Stop in /usr/obj/usr/src/sys/MYKERNEL. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. The first question that comes to mind is, do you manage to compile a GENERIC kernel ? cd /usr/src make clean make buildkernel KERNCONF=GENERIC The second question that comes to mind is, have you rebuilt the world prior to trying your kernel compilation ? I notice you're on 9.0-RELEASE from june, when did you last update your sources ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Freebsd build problem
On 7/26/12 2:08 PM, Venkat Duvvuru wrote: Hi, Please find my repsonses in line. On Thu, Jul 26, 2012 at 4:57 PM, Damien Fleuriot m...@my.gd mailto:m...@my.gd wrote: On 7/26/12 12:48 PM, Venkat Duvvuru wrote: Hi, I'm unable to compile the kernel code (for that matter any kernel module also). The following is the error. My guess is that it is trying to compile the code for x86 instead of amd64 as you can a symbolic link create for x86 includes. Please suggest the change to be done inorder to compile it for amd64. Uname -a of the system FreeBsd 9.0-RELEASE-p3 FreeBSD 9.0-RELEASE-p3 #0: Tue Jun 12 02:52:29 UTC 2012 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 -- stage 3.1: making dependencies -- cd /usr/obj/usr/src/sys/MYKERNEL; MAKEOBJDIRPREFIX=/usr/obj MACHINE_ARCH=amd64 MACHINE=amd64 CPUTYPE= GROFF_BIN_PATH=/usr/obj/usr/src/tmp/legacy/usr/bin GROFF_FONT_PATH=/usr/obj/usr/src/tmp/legacy/usr/share/groff_font GROFF_TMAC_PATH=/usr/obj/usr/src/tmp/legacy/usr/share/tmac _SHLIBDIRPREFIX=/usr/obj/usr/src/tmp VERSION=FreeBSD 9.0-RELEASE-p3 amd64 900044 INSTALL=sh /usr/src/tools/install.sh PATH=/usr/obj/usr/src/tmp/legacy/usr/sbin:/usr/obj/usr/src/tmp/legacy/usr/bin:/usr/obj/usr/src/tmp/legacy/usr/games:/usr/obj/usr/src/tmp/usr/sbin:/usr/obj/usr/src/tmp/usr/bin:/usr/obj/usr/src/tmp/usr/games:/sbin:/bin:/usr/sbin:/usr/bin NO_CTF=1 make KERNEL=kernel depend -DNO_MODULES_OBJ machine - /usr/src/sys/amd64/include x86 - /usr/src/sys/x86/include cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -std=c99 -g -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef -Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs -fdiagnostics-show-option -nostdinc -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/pf -I/usr/src/sys/dev/ath -I/usr/src/sys/dev/ath/ath_hal -I/usr/src/sys/contrib/ngatm -I/usr/src/sys/dev/twa -I/usr/src/sys/gnu/fs/xfs/FreeBSD -I/usr/src/sys/gnu/fs/xfs/FreeBSD/support -I/usr/src/sys/gnu/fs/xfs -I/usr/src/sys/dev/cxgb -I/usr/src/sys/dev/cxgbe -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -fno-omit-frame-pointer -mno-sse -mcmodel=kernel -mno-red-zone -mno-mmx -msoft-float -fno-asynchronous-unwind-tables -ffreestanding -fstack-protector /usr/src/sys/amd64/amd64/genassym.c In file included from ./x86/_align.h:6, from ./x86/_align.h:6, from ./x86/_align.h:6, from ./x86/_align.h:6, from ./x86/_align.h:6, from ./machine/_align.h:6, from ./machine/param.h:46, from /usr/src/sys/sys/param.h:115, from /usr/src/sys/amd64/amd64/genassym.c:42: ./x86/_align.h:6:24: error: #include nested too deeply In file included from ./x86/_align.h:6, from ./x86/_align.h:6, from ./x86/_align.h:6, from ./machine/_align.h:6, from /usr/src/sys/sys/socket.h:39, from /usr/src/sys/amd64/amd64/genassym.c:54: ./x86/_align.h:6:24: error: #include nested too deeply /usr/src/sys/amd64/amd64/genassym.c:69:25: error: x86/apicreg.h: No such file or directory /usr/src/sys/amd64/amd64/genassym.c:230: error: invalid use of undefined type 'struct LAPIC' *** Error code 1 Stop in /usr/obj/usr/src/sys/MYKERNEL. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. The first question that comes to mind is, do you manage to compile a GENERIC kernel ? cd /usr/src make clean make buildkernel KERNCONF=GENERIC == Yes, all was well with compiling generic, proprietary kernels before it stopped working a couple of days back. I had been compiling, installing kernel on this machine many times. The second question that comes to mind is, have you
Re: Support
Wow wait a sec here ... You've installed a boot loader but no the OS itself and then shut down the computer ? Have you tried booting from the CD again ? On 7/26/12 4:10 PM, Andy Recker wrote: yes i booted from a cd the fist time and i almost had it installed but then i turned my computer off because i was having some problems and i turned it back on and it is un responsivr and showed only a white screen and thanks for the help. On Wed, Jul 25, 2012 at 9:41 AM, Lowell Gilbert freebsd-questions-lo...@be-well.ilk.org wrote: Andy reckingbal...@gmail.com writes: I was trying to install the free bsd to my mac computer its an ibook g3 with a 20gb hard dive i was using the powerpc version and it was working fine then i got to the part were you have to set up the hard drive i got some kind of err so i turned off my computer when i turned it back on it only boots to a white screen idk what to do please help Are you booting from a CD for the install? Does anything at all show up on the screen? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Stable production version.
On 7/25/12 1:13 PM, Marwan Sultan wrote: Hello all and Good Morning, Afternoon or evening :) I finally decided to take off my FreeBSD 7.2 server which is onlin esince 2009. I will go for a new FreeBSD version and will move out all data. My Server is mainly is a MAIL server, sendmail. and ofcourse few websites, data.etc.. Which version do you recommend? Shall I go for 9 ? or 8.3 is still more fit for a production and bsns server ? I'd say it's a matter of personal preference. We're mostly running 8.3 in production here. I've recently installed 9-STABLE servers to try them out and fill PRs if I get problems. I would encourage you to use 9-STABLE so that you may do the same and ensure the stability of future releases. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Securituy - logging of user commands
Hello list, We're currently working towards the PCI DSS certification (Payment Card Industry) for a project at work. One of the prerequisites is that all user commands be logged. We're currently using a very bad hack that takes the last command from a user's history and sends it to a log server. This of course is unreliable as a user may entirely disable their history, or just use another shell to bypass the csh function or whatever. My colleagues installed Snoopy on debian and it seems to work wonders as a module which is LD preloaded. I notice it also exists on FreeBSD as /usr/ports/security/snoopy . However I face several problems with it, mainly it doesn't seem to log anything. As per the README, I have added /usr/local/lib/snoopy.so to /etc/ld.so.preload I'm not even sure this file is used on BSD ? As per the man page for ld.so there's no such file: http://www.freebsd.org/cgi/man.cgi?query=ld.so Neither libmap.conf nor ldconfig(8) seem to be the answer either. I've googled for ld.so.conf and found the following 2 posts which seem to indicate it isn't used either: http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001746.html http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001747.html The posts mention -current but date back from 2003. Lastly, I have also noticed that the port installs /usr/local/bin/detect which I executed and would always reply something's fishy. By looking at the (very short) source I noticed the program merely loads /lib/libc.so.6 , and it wouldn't find it on my system (8.3-STABLE with /lib/libc.so.7). Adjusting and recompiling lets the program correctly print secure but it does nothing else. I have checked that the output /usr/local/lib/snoopy.so module is linked against libc.so.7 , and it is. Has anyone ever got Snoopy to work on BSD ? Might I need to install linux emulation ? Is there any other port that might do the job and which I could use ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Securituy - logging of user commands
No I haven't. That's a good suggestion, I'll look into it and see if it fits the purpose :) On 7/25/12 2:04 PM, Peter Boosten wrote: Have you ever considered the audit function of FreeBSD? Peter Boosten On 25 jul. 2012, at 13:47, Damien Fleuriot m...@my.gd wrote: Hello list, We're currently working towards the PCI DSS certification (Payment Card Industry) for a project at work. One of the prerequisites is that all user commands be logged. We're currently using a very bad hack that takes the last command from a user's history and sends it to a log server. This of course is unreliable as a user may entirely disable their history, or just use another shell to bypass the csh function or whatever. My colleagues installed Snoopy on debian and it seems to work wonders as a module which is LD preloaded. I notice it also exists on FreeBSD as /usr/ports/security/snoopy . However I face several problems with it, mainly it doesn't seem to log anything. As per the README, I have added /usr/local/lib/snoopy.so to /etc/ld.so.preload I'm not even sure this file is used on BSD ? As per the man page for ld.so there's no such file: http://www.freebsd.org/cgi/man.cgi?query=ld.so Neither libmap.conf nor ldconfig(8) seem to be the answer either. I've googled for ld.so.conf and found the following 2 posts which seem to indicate it isn't used either: http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001746.html http://lists.freebsd.org/pipermail/freebsd-hackers/2003-June/001747.html The posts mention -current but date back from 2003. Lastly, I have also noticed that the port installs /usr/local/bin/detect which I executed and would always reply something's fishy. By looking at the (very short) source I noticed the program merely loads /lib/libc.so.6 , and it wouldn't find it on my system (8.3-STABLE with /lib/libc.so.7). Adjusting and recompiling lets the program correctly print secure but it does nothing else. I have checked that the output /usr/local/lib/snoopy.so module is linked against libc.so.7 , and it is. Has anyone ever got Snoopy to work on BSD ? Might I need to install linux emulation ? Is there any other port that might do the job and which I could use ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Stable production version.
While I participate in this philosophy, a very good point was made on this list that if everyone waits for x.1 , then x.1 will just be riddled with all the bugs that nobody (or only a select few) found in x.0 That is the point that decided me to get 9-STABLE for 2 of our new firewall boxes. On 7/25/12 2:24 PM, Marwan Sultan wrote: Well, I also like your philosophy of waiting x.1 ! its a very good point. Maybe 8.3-R would be the best. I will wait to hear more comments. Date: Wed, 25 Jul 2012 08:13:28 -0400 From: je...@seibercom.net To: freebsd-questions@freebsd.org Subject: Re: FreeBSD Stable production version. On Wed, 25 Jul 2012 13:19:53 +0200 Damien Fleuriot articulated: I'd say it's a matter of personal preference. We're mostly running 8.3 in production here. I've recently installed 9-STABLE servers to try them out and fill PRs if I get problems. I would encourage you to use 9-STABLE so that you may do the same and ensure the stability of future releases. I would agree with that philosophy up to a point. It is definitely a matter of personal preference; however, for myself, I NEVER install version X.0 of any software if said software is to be used in a mission critical situation. I always wait until X.1 is released. If possible in your case, would it be feasible to wait until 9.1 is released? You can gather some info on it here: http://www.freebsd.org/releases/9.1R/schedule.html. As usual, any correlation between the expected release date and the actual date is purely coincidental. Just my 2¢ on the matter. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ If you steal from one author it's plagiarism; if you steal from many it's research. Wilson Mizner ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Securituy - logging of user commands
On 7/25/12 2:42 PM, jb wrote: Damien Fleuriot ml at my.gd writes: ... I notice it also exists on FreeBSD as /usr/ports/security/snoopy . However I face several problems with it, mainly it doesn't seem to log anything. As per the README, I have added /usr/local/lib/snoopy.so to /etc/ld.so.preload I'm not even sure this file is used on BSD ? ... /usr/ports/security/snoopy]# make clean; make ... # ls work/snoopy-1.8.0/ ... enable.sh ... jb Well that's my problem exactly, really. 1/ the enable script won't work and will always return an error, requiring a manual activation 2/ even once enabled, snoopy doesn't get loaded because /etc/ld.so.preload is not used on FBSD apparently 3/ even when enabled with setenv LD_PRELOAD /usr/local/lib/snoopy.so, snoopy won't return any log From config.h: /* Syslog facility to use */ #define SNOOPY_SYSLOG_FACILITY LOG_AUTHPRIV /* Syslog level to use */ #define SNOOPY_SYSLOG_LEVEL LOG_INFO From my syslog.conf: auth.info;authpriv.info /var/log/auth.log Yet I'm seeing not a trail in /var/log/auth.log , or messages, or even in secure I have however validated that snoopy.so is called, as per the following: # truss ls /dev/null [snip] open(/usr/local/lib/snoopy.so,O_RDONLY,031)= 2 (0x2) fstat(2,{ mode=-r-xr-xr-x ,inode=548761,size=6952,blksize=16384 }) = 0 (0x0) fstatfs(0x2,0x7fffe220,0x19,0x0,0x80080053a068,0x0) = 0 (0x0) pread(0x2,0x80063e2a0,0x1000,0x0,0x80080053a068,0x0) = 4096 (0x1000) mmap(0x0,1056768,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34366341120 (0x80064c000) mmap(0x80064c000,8192,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE,2,0x0) = 34366341120 (0x80064c000) mmap(0x80074d000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED,2,0x1000) = 34367393792 (0x80074d000) close(2) = 0 (0x0) And still no logs... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Securituy - logging of user commands
On 25 Jul 2012, at 18:15, jb jb.1234a...@gmail.com wrote: Damien Fleuriot ml at my.gd writes: ... From my syslog.conf: auth.info;authpriv.info /var/log/auth.log Yet I'm seeing not a trail in /var/log/auth.log , or messages, or even in secure ... # less /var/log/auth.log Feb 22 21:13:56 localhost newsyslog[1503]: logfile first created Feb 22 21:14:07 localhost login: login on ttyv0 as jb Feb 22 21:14:15 localhost su: jb to root on /dev/ttyv0 ... Jul 25 15:23:48 localhost su: jb to root on /dev/pts/3 Jul 25 17:25:05 localhost snoopy[50059]: [uid:0 sid:45449 tty:/dev/pts/2 cwd:/usr/ports/security/snoopy filename:/usr/bin/touch]: touch /etc/ld.so.preload Jul 25 17:25:05 localhost snoopy[50060]: [uid:0 sid:45449 tty:/dev/pts/2 cwd:/usr/ports/security/snoopy filename:/usr/bin/grep]: grep -c ^/usr/local/lib//snoopy.so /etc/ld.so.preload Jul 25 17:52:29 localhost snoopy[50145]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log Jul 25 17:54:03 localhost snoopy[50148]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/touch]: touch test1 Jul 25 17:54:08 localhost snoopy[50149]: [uid:0 sid:46687 tty:/dev/pts/3 cwd:/usr/home/jb filename:/usr/bin/less]: less /var/log/auth.log [root@localhost /home/jb]# jb Thanks for taking the time to show me it works, at least for you. What fbsd and snoopy version might these be ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Apache vs. nginx
On 7/17/12 4:40 PM, Paul Schmehl wrote: I'm the admin for a small hobby website (Stovebolt.com - about 7 million hits/mo). We're fixin to buy a new server, and since I have to start from scratch (install FreeBSD and all the needed ports), I'm wondering if anyone on this list has switched from Apache to nginx. If you have, what has your experience been like? Was the change relatively easy? (I'm not intimidated by technical details. I've been running FreeBSD on these servers for about 12 years now.) Was the performance better? (We've not been having any problems with Apache to this point.) Is there sufficient support from addon apps to run a site with a php-driven forum? I have. 1/ regarding the difficulty of the switch It depends on whether or not you're running code parsing programs like CGI and PHP. It also depends on whether or not you're using apache rewrite rules. 2/ regarding performance I'm much more satisfied by nginx than I was by apache. I find it runs smoother, it's not vulnerable to slowloris... 3/ regarding functionality In constrast with Wojciech Puchar's email, I'd like to point out that while nginx doesn't support .htaccess files, you can still customize your vhosts to add authentication and such. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Messages not reaching the lists
On 6/29/12 6:40 AM, Conrad J. Sabatier wrote: Lately I've been noticing that almost without fail, any messages I send to the FreeBSD mailing lists never actually appear on the list. Just wondering if maybe my ISP (cox.net) has been flagged as a known spam source, or what? This is very strange! I'm still subscribed to all of the same lists I've been on for quite some time, and am receiving the lists' mail just fine. It's just my own messages that never show up here. We'll see if this one shows up. :-) I've been experiencing the same issue for a long time. My messages are sent, people seem to actually receive them, but I don't, although my subscription options state that I should receive copies of my own messages. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portupgrade -- is there a way to only build and update ports that actually NEED it?
On 6/25/12 9:53 AM, Dan Mahoney, System Admin wrote: Hey there, I'm presently in the process of trying to do a portupgrade from rt-3.8.8 to 3.8.13. By all estimations, this is a minor bump. Already, I've encountered several annoyances due to ABI changes, such as the libtool2.4 fun. With normal portupgrade, this forces you to go fix the dependent port. Finally, I just applied -r, which should update all dependent packages, but it seems to upgrade them unconditionally. Ergo, I've since built a new version of perl, a new verion of python, rebuilt every perl module on the system, am presently rebuilding apache22, and I'm sure the system will turn around and require me to rebuild postgres real soon. You would think there's an option to portupgrade that says don't upgrade every single package I've got, but if somewhere in the dependency chain I need a newer version of a thing, then do it. Am I just missing it in the manpages, or does such a thing really not exist? -Dan We've been happily using portmanager for ages, it does just that :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: question about prblem with raid 1 for freeBSD
On 6/22/12 11:11 AM, dude golden wrote: HI there, hope my email find you well, i recently order a server with below configuration INTEL 1x Quad-Core i5-2500 3.3GHz, 6M Cache 16GB DDR3 2x 500GB SATAII then ask from my COLOCATION to install FreeBSD 8.2 or 8.3 with RAID 1, after many times of fail in installation from colocation they said that we have problem with RAID 1.we suggest them to play with different kind of RAID like RAID 5 and they said as our requested server only have 2 HDD, its not possible to set up RAID 5. now they said us that the only way for having backup of DATA in this condition is set up a scheduled task to put back up of data in the second HDD . now i really need to know if there is a only way for having data back up in this condition or you have better idea according to your experience.also if its the only way , would it be a good level of data security ? looking forward to hear from your side soon. Regards, Smartelcom Team Hi, Your colleagues are correct about the RAID levels, you can only do RAID5 with a minimum of 3 disks. Your available options with 2 disks are JBOD, RAID0 or RAID1. You obviously want RAID1. How have they tried to install the server ? I've had no problems ever installing 8.2 or 8.3 as a RAID using either gmirror, or hardware RAID. Does the server have a hardware RAID controller or are you trying software RAID ? Do you have remote console access to the server ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Intel X520-DA2 Supported in stable/8?
On 22 Jun 2012, at 22:02, Rick Miller vmil...@hostileadmin.com wrote: On Fri, Jun 22, 2012 at 3:54 PM, Andrew Boyer abo...@averesystems.com wrote: The ixgbe driver creates devices named ix0, etc. I believe you need to run 'ifconfig ix0 up' before it will attempt to get link. Thanks for clarifying that tidbit. At least I know the driver loading is the correct driver :) I did try ifup'ing the interface...it shows the interface up, status is still no carrier. I've had confirmation that the cable itself is good. I wonder if it matters that the upstream switch has VLAN tagging enabled? Nope, having a link is layer 1, VLAN tagging happens at layer 3 iirc. If you're unsure, you can always create a VLAN interface bound to your NIC. I suppose you've tried reversing the fibre pair.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: apache PHP suhosin load
On 21 Jun 2012, at 08:34, n dhert ndhert...@gmail.com wrote: On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for compatibility with existing applications, but the most recent version in the php52 branch $ php --version PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May 7 2012 08:45:58) From time to time, I notice in a top output, that a huge number of httpd daemons are being started, making the load rapidly increase to levels of 5, 10, 15, ... and very slow interactive respons ... Stopping apache makes the load rapidly decrease to a normal level. I noticed at the console, at stopping apache, several messages such as Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT - canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR not set', file '/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php', line 654) (the file value differs, but it's always suhosin .. canany mismatch - heap overflow detected) My PHP has following options set # cd /usr/ports/lang/php52 My PHP has following options set # cd /usr/ports/lang/php52 # make showconfig === The following configuration options are available for php52-5.2.17_8: CLI=on: Build CLI version CGI=on: Build CGI version APACHE=on: Build Apache module DEBUG=off: Enable debug SUHOSIN=on: Enable Suhosin protection system (not for jails) MULTIBYTE=off: Enable zend multibyte support IPV6=on: Enable ipv6 support MAILHEAD=off: Enable mail header patch REDIRECT=off: Enable force-cgi-redirect support (CGI only) DISCARD=off: Enable discard-path support (CGI only) FASTCGI=on: Enable fastcgi support (CGI only) FPM=off: Enable fastcgi process manager (CGI only) PATHINFO=on: Enable path-info-check support (CGI only) LINKTHR=off: Link thread lib (for threaded extensions) Is that heap overlow causing the trouble? Has suhosin to do something with it? How to solve? For starters, I would suggest moving away from apace and towards nginx + fastcgi php. A friend had a small dedicated server with a vbulletin forum overloaded with addons, and apache/php were bringing the server to high load levels, 10-20ish. I've moved him to nginx and the server hardly ever goes above 1 now. Additionally, nginx is immune to Slowloris attacks, while apache is not. Only after migrating to nginx would I investigate of the suhosin problem still exists.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: seems i cannot fully understand {/,/usr/local/}/etc/rc.d/*
On 6/20/12 11:09 AM, Matthew Seaman wrote: On 20/06/2012 09:51, Wojciech Puchar wrote: Create a new file in /usr/local/etc/rc.d/precedence with the following contents: #!/bin/sh # # Persuade vboxheadless to start before samba. # PROVIDE: precedence # REQUIRE: vboxheadless # BEFORE: samba : Make it executable. Note -- the ':' does seem to be necessary. thank you for help. I will test it when being on place and could reboot. But still - do you know why it is necessary? cannot i just add BEFORE: samba in vboxheadless? Yes, that should work too. However any time you update vboxheadless you'll have to remember to add that modification back to the rc script. Using a separate file stops that being a problem. If you want to test that your changes are having the desired effect without having to reboot: # rcorder /etc/rc.d/* /usr/local/etc/rc.d/* which will print out the order all the rc-scripts would be run. (It includes all the scripts, not just the ones enabled in /etc/rc.conf, but that shouldn't matter.) Cheers, Matthew A very helpful post, adding to favorites. Might that, possibly, warrant a handbook entry ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
rm returns 0 although directory didn't exist and wasn't deleted ?
I've stumbled upon this *so weird* behaviour. # ls -la /var/tmp/stunnel/ ls: /var/tmp/stunnel/: No such file or directory # rm -Rf /var/tmp/stunnel/ # echo $? 0 Anyone knows if that's intended ? FreeBSD pf2.[snip].com 8.3-STABLE FreeBSD 8.3-STABLE #0: Tue Jun 19 10:45:31 CEST 2012 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: rm returns 0 although directory didn't exist and wasn't deleted ?
I always assumed -f would only force removal, not modify the exit code. No bug then, working as intended, all good. Cheers On 6/19/12 3:43 PM, Fred Morcos wrote: You used -f which means rm will not complain if a file or directory cannot be deleted (or does not exist in the first place). On Tue, Jun 19, 2012 at 3:37 PM, Damien Fleuriot m...@my.gd wrote: I've stumbled upon this *so weird* behaviour. # ls -la /var/tmp/stunnel/ ls: /var/tmp/stunnel/: No such file or directory # rm -Rf /var/tmp/stunnel/ # echo $? 0 Anyone knows if that's intended ? FreeBSD pf2.[snip].com 8.3-STABLE FreeBSD 8.3-STABLE #0: Tue Jun 19 10:45:31 CEST 2012 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Trigger action on link state change
On 6/15/12 12:32 PM, Michael Ross wrote: Hi all, i was wondering if there is any ready-made method to trigger an action as soon as a link changes state. Along the lines of onifdown_em0=/run/this/script in rc.conf Background: Discussing physical data security with a client yesterday: The machine has to run 24/7. The filesystem is encrypted on boot, but this doesn't help a lot if anybody brings an AC generator to steal the machine *AND* the UPS. Best point in time to lock the machine I could think of was when somebody pulls the NIC cable. Regards, Michael Aside from Matthias' suggestion of devd, you may want to also look up ifstated. We actually use it in production to send nagios passive alerts on CARP status change and LAGG interface loss of fault tolerance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
rc.conf ifconfig ipv6 address fails at boot
Hello questions, I can't figure out what I'm doing wrong here. Trying to get a static IPv6 on a server at boot time from rc.conf, and that fails. Notice I haven't set ipv6_network_interfaces , so it defaults to auto. = ipv6_enable=YES ipv6_defaultrouter=2a01:e35:2f1b:e2a0::1 # VLAN 99 = WAN / CISCO INTERCONNECTION ifconfig_vlan99=vlan 99 vlandev re0 up ipv4_addrs_vlan99=192.168.99.3/24 ipv6_addrs_vlan99=2a01:e35:2f1b:e2a0::dead:beef/64 = I resorted to adding the IPv6 and default gateway via a @reboot line in /etc/crontab , but this is really not right... The machine is running 8.3-PRERELEASE from february. Should I instead try the following ? ifconfig_vlan99=inet 192.168.99.3/24 vlan 99 vlandev re0 up ipv6_ifconfig_vlan99=2a01:e35:2f1b:e2a0::dead:beef/64 I'm not really at liberty to reboot the server to test during work time ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 9 Jun 2012, at 18:48, Chad Perrin per...@apotheon.com wrote: On Wed, Jun 06, 2012 at 11:42:37PM +0200, Damien Fleuriot wrote: On 6 Jun 2012, at 21:52, Dave U. Random anonym...@anonymitaet-im-inter.net wrote: Polytropon free...@edvax.de wrote: On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD, NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's an overgrown ugly mess. We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware and run a free (or in the case of Linux apparently free) OS on free hardware. There are increasing numbers of SBCs and plenty of used servers on Ebay. They're all built better than commodity Intel mafiaware. Good riddance! You have no idea what you're talking about. This kind of religious propaganda post is neither constructive nor helpful. It should be noted that your tone is neither constructive nor helpful, to say nothing of your contentless response. Do you have anything useful to say in response to what Dave U. Random contributed -- perhaps a thoughtful refutation of some specific point(s)? I hope you have more of value to contribute than your obvious disdain for people who disagree with you about something (without even specifying on what points you disagree). -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] If you had bothered to read all the other mails I've posted on this very specific thread, you wouldn't need to ask the question. If you're going to participate in the Linux zealots' propaganda that makes OSS defenders sound so ridiculous and delusional, so be it. Fact is, if Microsoft didn't deliver acceptable products, people wouldn't use them. Calling them a mafia is neither constructive (I invite you to look up the word mafia in a thesaurus), nor backed up by actual facts. OP is just going on a rampage about MS and intel. You want to follow his advice and advocate the exclusive use of alpha machines ? I guess we'll have to agree to disagree here. No, I'm not gonna use alphas. And no, I'm not going to let a random person (hey, choice words !) call intel or MS a mafia just because he's on a zealot crusade. You might want to take a minute to consider the contributions of both to computing. Without MS (and IBM amongst others) it's possible that computing would never have reached such an audience as it has. So I'm going with the (possibly false) assumption that without MS and other major actors, not many people would use computers nowadays. All this magnificent OSS wouldn't be of much use then. After all, who would need FreeBSD servers to host web sites that had neither visitors nor purpose ? One might see MS as the ultimate evil, yet they're strongly implemented in corporate IT. One might wonder why, before engaging in a crusade, and brandishing empty words as their weapons. I invite you to re-read OP's post and highlight what in mafiaware, wintel and microshaft you find constructive. I also invite you to read all his points about why exactly intel is an overgrown ugly mess. I regret to report I have found none, might you point them out for me ? Now, I shall leave you to read my other posts on this secure boot topic, that you might quit claiming I have nothing to contribute.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 7 Jun 2012, at 01:54, Robert Bonomi bon...@mail.r-bonomi.com wrote: From owner-freebsd-questi...@freebsd.org Wed Jun 6 18:13:09 2012 Date: Thu, 07 Jun 2012 00:09:54 +0100 From: Bruce Cran br...@cran.org.uk To: Robert Bonomi bon...@mail.r-bonomi.com Cc: freebsd-questions@freebsd.org Subject: Re: Is this something we (as consumers of FreeBSD) need to be aware of? On 06/06/2012 20:27, Robert Bonomi wrote: Suppose I put up a web app that takes an executable as input, signs it with my key, and returns the signed filt to the submitter. I don't divulge the key to anyone, just use it on 'anything'. Anybody attempting to revoke on _that_ basis is asking for a lawsuit. To me it would be perfectly reasonable to revoke the key as soon as you signed the first piece of malware. It may seem reasonable to you, but is there -legal- basis to do so? 'signing' only provides assurance of the identity of the signer. I did sign it. The key has not been compromised. The software in question is tracable to the signer, but the signer never claimed it was 'error free', what conract or statute did they breach by doing the signing? Signing anything and everything defeats the purpose the key and this whole charade are implemented for. Under the contract's undoubtedly carefully penned clauses, this would allow for a key revocation. Make no mistake, they'll go over that contract for several weeks, giving themselves as much manoeuvring room as possible.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 9:43 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Damien Fleuriot wrote: On 6/6/12 6:45 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg Oh god... Please realize that once the key is divulged, it gets revoked at the BIOS' next update. But my point is that MS doesn't issue the updates, they have to ask the BIOS vendors to do so, and then the MB vendors have to take the update, and then the users have to install the update. The incentive at each level is generally very small. It does create some confusion, but is hardly an enforcement mechanism. It would disable older versions of FreeBSD on newer hardware, but not much else. A previous poster has pointed out that MS can't revoke a certificate belonging to RH, but I suppose the could ask the BIOS vendors to treat it as revoked. I don't know what the response would be. Daniel Feenberg That is indeed the case. This is akin to, for example, Sony's race against Homebrewers on the good ol' PSP. When hackers found a hardware flaw that enabled them to install custom firmware, Sony had to release new versions of the consoles with fixed hardware. The old ones were still exploitable but the new ones weren't. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On 6/5/12 10:19 PM, Colin Barnabas wrote: On Tue, Jun 05, 2012 at 11:19:26AM -0700, Kurt Buff wrote: UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ This would seem to make compiling from source difficult. Kurt History show us that _everything_ will eventually run *nix. Take a look at the Sony PS3 debacle. After Sony yanked support for installing other OS's, the community ripped apart their hypervisor in a matter of months. If these boot keys do gain any momentum, sooner than later the community with poke holes in the system. This, however, raises the problem of the legality of it. George HOTZ was sued by Sony for releasing the master key. While Anonymous responded very aggressively (and while I do not generally condone their actions, this one I can both understand and support), in the end the consensus reached was that Geohotz agreed to not work on bypassing the PS3's protections anymore. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?]
On 6/6/12 9:55 PM, Robert Simmons wrote: On Wed, Jun 6, 2012 at 3:05 PM, Jerry je...@seibercom.net wrote: On Wed, 06 Jun 2012 12:49:53 -0400 Daniel Staal articulated: On 2012-06-05 17:20, Jerry wrote: The question that I have not seen answered in this thread is what FreeBSD intents to do. From what I have seen, most FreeBSD users do not use the latest versions of most hardware, so it may be a while before its user base is even effected. I don't believe at this point FreeBSD has any intent one way or another, really. It's not an immediate problem for any platform supported by the FreeBSD project, at least for a technically-inclined user who's willing to check out their BIOS. (Even if they are using the latest hardware, the x86-derived platforms aren't going to require this code signing yet.) So it'll probably be a 'wait and see if it's something the FreeBSD community needs a solution for' at this point. But this is just my impression. I totally agree with you. Unfortunately that speaks to the sad state of affairs that FreeBSD appears to be in. When it comes to supporting the latest technologies, it tends to be behind the curve when compared to other operating systems. Wireless networking and USB support are only a few examples. I don't know of any user personally who purchased a new PC and then threw FreeBSD on it. Most users that I have come into contact with use 2+ year old units that have been replaced by shiny new Windows units. I don't see that changing anytime soon. I would have to disagree with you there. I know of quite a few users who happen to run one of the world's largest content distribution networks (accounting for about one third of the internet's traffic; up there with pornography). They purchased more than just a handful of new computers and threw FreeBSD on them: http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068129.html You're talking about servers here, I think Jerry was speaking more generally, about a lambda user buying a computer and *definitely* not installing FBSD (or anything else) on it. The typical users just wants to buy internet and emails without a care in the world about the OS. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/7/12 3:43 PM, Nomen Nescio wrote: But my point is that MS doesn't issue the updates, they have to ask the BIOS vendors to do so, and then the MB vendors have to take the update, and then the users have to install the update. The incentive at each level is generally very small. It does create some confusion, but is hardly an enforcement mechanism. It would disable older versions of FreeBSD on newer hardware, but not much else. This can be automated. Many mobo manufacturers have software that searches for new BIOS and flashes it for you. All they have to do is get on board and make this automatic like Windows Updates. Don't think they haven't thought this far ahead. I believe some offer this now. A previous poster has pointed out that MS can't revoke a certificate belonging to RH, but I suppose the could ask the BIOS vendors to treat it as revoked. I don't know what the response would be. MS and Intel are running this. If Verisign is just a trusted 3rd party (without administrative duties) they can well defer to the Microshaft Mafia and do as they're told. It wouldn't be the first time. For example, did everybody already forget the Microshaft Mafias' initiation of the FBI server raids on the botnet? Many innocent companies and peoples hosting got screwed during this takeover. But it was all in the name of justice. If we can get a few Russian hackers then it's well worth damaging your business and property. We're from Microshaft Mafia and the FBI and we're here to help. This is akin to, for example, Sony's race against Homebrewers on the good ol' PSP. When hackers found a hardware flaw that enabled them to install custom firmware, Sony had to release new versions of the consoles with fixed hardware. The old ones were still exploitable but the new ones weren't. That is a little different, possibly. For one thing, Sony detected whether you had the updates they wanted you to install and if you don't have them installed you can't play on their PlayStation network. For 99.99% of PlayStation users this is the whole point of buying their console. So if you don't upgrade all you have is a box for playing local games which most people don't seem to want to do. Totally off-topic, but I actually used mine to run gameboy and gameboy advance emulators ^^' All the Intel and Microshaft Mafia have to do is a similar thing, and make your PC or Windows stop working unless you install their updates, or tell the FBI your PC is possibly infected and part of a Russian botnet etc. and you won't be allowed on the internet until you upgrade your system to a safe level to avoid these horrible threats. This idea was floated publicly even unrelated to so-called secure boot. I refer you to the years old threads about Palladium and the TCPA that Microsoft dreamed back in the days. Windows activation can check the firmware level and Intel's management BIOS is connected to the net even when your new PC is shut off (as long as it is plugged in). If you go along with this they can do whatever you want. You're submitting to true remote management/control over YOUR hardware and life. Well, I don't know about that... how do you suggest the BIOS gets its IP ? The 8-STABLE box that acts as my router is not going to serve one over DHCP or BOOTP any time soon. As for sniffing the network to guess the router + DNS servers, that one might be a bit far-fetched. This is the beginning of a lot of bad Big Brother stuff and if people accept it now they get what they deserve tomorrow. Say NO to the Intel/Microshaft Mafia. Say NO to Secure boot. Run MIPS and Alpha hardware if you have to, just DUMP INTEL AND THE MICROSHAFT MAFIA. Seriously you need to stop with the wintel, microshaft, mafia and all the stuff. We get it, you don't like them. However, there are literally thousands of people reading this list and just because they do not share your ideals doesn't necessarily make them advocates of this so-called mafia, or blind sheep. Finally, I can't come up with a scenario where my CEO is going to okay alpha boxes for our regular web servers and such. Our x86 servers run just fine and are roughly 12.000% cheaper. We need to distance ourselves from Intel, apparently they run their business like darned brigands is not going to cut it. Things aren't that easy in a corporate world, you get a volume contract with a supplier, Dell for example, and purchase your hardware from them. I can hardly see Dell shipping x86 servers with locked-in Windows installs, that just won't do for their business. I have to admit I'd love to see it though, I've always wanted us to try Cisco or IBM's blade servers in lieu of Dell's. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 1:36 PM, Jerry wrote: On Wed, 06 Jun 2012 11:47:11 +0100 Matthew Seaman articulated: On 06/06/2012 11:24, Jerry wrote: I think you are in error there Matthew. From what I have read The $99 goes to Verisign, not Microsoft - further once paid you can sign as many binaries as you want. Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? $99 as a one-off payment might seem a trivial cost to you, so much so that you rather rashly promised to pay that for anyone. I won't hold you to it. Even so, there are several thousand readers of this list. I doubt even you could afford to subsidise very many of them... The $99 was for FreeBSD to deliver the OS, not per user. This is clearly explained in the various URLs listed in this thread. I am sorry if you misunderstood. Of course if a user wants to recompile the kernel, etcetera after having downloaded and installed it from FreeBSD or one of its subsidies, they are on their own. Seriously though, a one time payment of $99 is so trivial I find it hard to believe that anyone is actually bitching about it. I pay many times that amount for golf every month. Look Jerry, Are you serious there ? Having to pay to use a different OS on hardware that you own ? What next, non-approved keyboard, $40 extra ? Non-approved mouse, $30, non-approved USB external drive, $80 ? Don't take it personally but it's people like you willing to bend the knee that encourage such abuse as we're discussing today. The denial of freedom to do what you want with that piece of hardware you just bought. And no, $99 isn't trivial, it has to be 1/6 the price of a standard PC nowadays. I'm *not* paying extra to install a non-MS-approved-lol-seriously OS. This is nothing short of extortion. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 9:32 AM, Matthew Seaman wrote: On 05/06/2012 23:10, Jerry wrote: I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. Signing bootloaders and kernels etc. seems superficially like a good idea to me. However, instant reaction is that this is definitely *not* something that Microsoft should be in charge of. Some neutral[*] body without any commercial interests should do that job, and bootloader/kernel signing should be freely available. On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. Which completely abrogates the whole point of signing bootloaders/kernels in the first place: anyone wishing to create malware would be able to sign whatever they want using such a key. It's DRM-level stupidity all over again. My conclusion: boycott products, manufacturers and/or OSes that participate in this scheme. FreeBSD alone won't make any real difference to manufacturers, but I hope there is still enough of the original spirit of freedom within the Linux camp, and perhaps from Google/android to make an impact. I'm pretty sure there can be a way of whitelisting bootloaders and so forth to help prevent low-level malware, but this isn't it. Cheers, Matthew [*] I suggest ICANN might be the right sort of organization to fulfil this role. I agree with the whole post except that last bit about ICANN Matthew. The US already has enough dominance as is, without involving ICANN, a supposedly neutral body (yeah right...) any further. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 1:19 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Matthew Seaman wrote: On 05/06/2012 23:10, Jerry wrote: I thought this URL http://mjg59.dreamwidth.org/12368.html also shown above, answered that question. Signing bootloaders and kernels etc. seems superficially like a good idea to me. However, instant reaction is that this is definitely *not* something that Microsoft should be in charge of. Some neutral[*] body ... On deeper thought though, the whole idea appears completely unworkable. It means that you will not be able to compile your own kernel or drivers unless you have access to a signing key. As building your own You don't need the signing key if you turn off secure boot in the CMOS. The fedora folk are worried that naive desktop users will not be able to do that, and usage of linux will be impeded. It won't be a significant impediment to users capable of compiling their own kernel. is pretty fundamental to the FreeBSD project, the logical consequence is that FreeBSD source should come with a signing key for anyone to use. Which completely abrogates the whole point of signing bootloaders/kernels in the first place: anyone wishing to create malware would be able to sign whatever they want using such a key. It's DRM-level stupidity all over again. I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Apple keeps it's signing key secret because it gets a share of revenue from the sale of apps. If the fedora key became known it wouldn't hurt fedora. Can the UEFI BIOS consult a list of revoked keys online? That would be surprising. dan feenberg Key revoked in the BIOS' next version, which will ship by default on newer hardware. No need for checking online. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/5/12 9:12 PM, Gökşin Akdeniz wrote: UEFI considerations drive Fedora to pay MSFT to sign their kernel binaries http://cwonline.computerworld.com/t/8035515/1292406/565573/0/ That's restriction is only for ARM devices which have a label that says Desgined for Windows8. In other words those devices can not boot another os except Windows 8 due to secure boot option enabled by default. The short and the long of it Microsoft is copying Apple on tablets with ARM. Well perhaps it should say designed ONLY for windows8 then ? This has class action written all over it, just like the ready for win7 fiasco where the PCs displaying the sticker could only run the minimalist version of the OS. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 1:57 AM, Chris Hill wrote: On Tue, 5 Jun 2012, G?k?in Akdeniz wrote: For the time being only ARM platform is restricted. True, but I would be astonished if this restriction were not expanded by MS in the future. Just my opinion, but I believe their ultimate goal is to add platforms until the secure boot restriction encompasses most or all desktop and server hardware. This would be over a period of years. I direct you to an older version of the matrix, where microsoft was discussing Paladium and TCPA. These are the exact same. And these are a liberty killer. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 6:45 PM, Daniel Feenberg wrote: On Wed, 6 Jun 2012, Julian H. Stacey wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? A limited-liability company with no assets is judgement-proof. Otherwise one of us would purchase a key for $99, then publish the key so we could all forever more compile boot our own kernels. But that would presumably break the trap Microsoft Verisign seek to impose. Could it really be that simple? As for hardware vendors putting revoked keys in the ROM - are they really THAT cooperative? Seems like they would drag their feet on ROM updates if they had to add a lot of stuff that won't help them, so that doesn't seem like a great enforcement tool. dan feenberg Oh god... Please realize that once the key is divulged, it gets revoked at the BIOS' next update. Otherwise the key's purpose is rendered moot. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6/6/12 7:23 PM, Robert Bonomi wrote: Julian H. Stacey j...@berklix.com wrote: I do wonder about that. What incentive does the possesor of a signing key have to keep it secret? Contract penalty clause maybe ? Lawyers ? Contract with _whom_? The party you pay money to -- Verisign -- simply certifies that the party buying the certificate/signing-key -is- who they claim to be. It is *entirely* up to the owner of that certificate/signing-key -who- they allow to use it. If someone/anyone attempts to 'revoke' that certificate/key _other_ than at the request of the owner of that certificate/key, *THAT* party is subject to legal sanctions. Among other things, 'false persona', 'tortuous inter- ference in a business relationship', just to name a few. There is, however, an 'interesting' legal question -- *if* a party were to let 'anybody' use their certificate/key, what is the certificat/key owner's legal liability if someone uses that key to sign malware? Standard contract writeup stipulates that only a limited set of 'authorized' company representatives be given access to the Signing Key. If the key should be divulged, then the key may be revoked by the issuer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On 6 Jun 2012, at 21:52, Dave U. Random anonym...@anonymitaet-im-inter.net wrote: Polytropon free...@edvax.de wrote: On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: Having to pay Verisign instead of Microsoft makes no difference: the point is why should I have to pay anything to a third party in order to run whatever OS I want on a piece of hardware I own? It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD, NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's an overgrown ugly mess. We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware and run a free (or in the case of Linux apparently free) OS on free hardware. There are increasing numbers of SBCs and plenty of used servers on Ebay. They're all built better than commodity Intel mafiaware. Good riddance! You have no idea what you're talking about. This kind of religious propaganda post is neither constructive nor helpful. I don't trust AMD with my servers' CPUs, not since many years ago when they had all these overheating problems.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD ports patch count
On 6/1/12 9:49 AM, Brent Clark wrote: Hiya I would just like to ask / know. Did anything weird or wonderful happen on the FreeBSD ports. To show you what I mean. [root@torry /usr/home/bclark]# portaudit -F -a; portsnap fetch update; pkg_version -vIL=; freebsd-update fetch install auditfile.tbz 100% of 77 kB 6570 Bps 00m00s New database installed. 0 problem(s) in your installed packages found. Looking up portsnap.FreeBSD.org mirrors... 9 mirrors found. Fetching snapshot tag from geodns-1.portsnap.freebsd.org... done. Fetching snapshot metadata... done. Updating from Thu May 31 19:58:31 SAST 2012 to Fri Jun 1 08:51:05 SAST 2012. Fetching 4 metadata patches... done. Applying metadata patches... done. Fetching 0 metadata files... done. Fetching 4180 patches.10203040 4180 patches really !!! I run the above command almost everyday, so the most I have ever really seen is 300 - 400 patches. But 4180 has got me attention. Thanks Brent I may be mistaken but I would guess it has to do with the vulnerabilities addressed in OpenSSL in the 30/05/2012 update. I'm assuming authors have bumped their ports' revision numbers to force a rebuild, using the patched openssl lib. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Anyone using freebsd ZFS for large storage servers?
As a side note and in case you were considering, I strongly advise against Linux + fuse ZFS. On 31 May 2012, at 18:05, Oscar Hodgson oscar.hodg...@gmail.com wrote: That helps. Thank you. This is an academic departmental instructional / research environment. We had a great relationship with Sun, they provided great opportunities to put Solaris in front of students. Oracle, not so much, and the Oracle single-tier support model simply isn't affordable for this business (there's no ROI at the departmental level g). Solaris is not a viable option. FreeBSD looks like the next best available option at the moment, particularly considering the use of the storage heads as compute machines. OpenIndiana shows promise. Nexenta has a great product, but the user community expects more flexibility in software options. Is there anything like a list of supported (known good) SAS HBA's? Oscar On Thu, May 31, 2012 at 11:38 AM, Kaya Saman kayasa...@gmail.com wrote: If this is any consellation I run a 36TB cluster using a self built server with a Promise DAS (VessJBOD 1840) using ZFS at home! to support my OpenSource projects and personal files. As for OS take your pick: NexentaStor, FreeBSD, Solaris 11 All capable, of course Solaris has latest version of ZFS but still. At work we're looking into getting a StorEdge appliance wich will handle up to 140+ TB. I am also in charge of redesigning one of our virtual SAN's to a FreeBSD ZFS storage system which will run well how many JBOD's can you fit on the system?? Probably round ~100TB or so. Regards, Kaya On Thu, May 31, 2012 at 4:32 PM, Oscar Hodgson oscar.hodg...@gmail.com wrote: The subject is pretty much the question. Perhaps there's a better place to be asking this question ... We have (very briefly) discussed the possibility of using FreeBSD pizza boxes as a storage heads direct attached to external JBOD arrays with ZFS. In perusing the list, I haven't stumbled across indications of people actually doing this. External JBODs would be running 24 to 48TB each, roughly. There would be a couple of units. The pizza boxes would be used for computational tasks, and nominally would have 8 cores and 96G+ RAM. Obvious questions are hardware compatibility and stability. I've set up small FreeBSD 9 machines with ZFS roots and simple mirrors for other tasks here, and those have been successful so far. Observations would be appreciated. Oscar. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to use an external USB3.0 drive with 4k sectors?
On 31 May 2012, at 17:57, Jens Schweikhardt schwe...@schweikhardt.net wrote: hello, world\n so I decided to try two HW technology advancements in one go. I have a brand new shiny 1TB USB3.0 external disk, that when plugged to an USB2(two!) reports da5 at umass-sim2 bus 2 scbus6 target 0 lun 0 da5: ST1000LM 024 HN-M101MBB Fixed Direct Access SCSI-2 device da5: 40.000MB/s transfers da5: 953869MB (244190646 4096 byte sectors: 255H 63S/T 15200C) and # diskinfo -v da5 da5 4096# sectorsize 1000204886016 # mediasize in bytes (931G) 244190646 # mediasize in sectors 0 # stripesize 0 # stripeoffset 15200 # Cylinders according to firmware. 255 # Heads according to firmware. 63 # Sectors according to firmware. 00A123456789# Disk ident. (The vendor, Jmicron, has put an NTFS on it, with a disk manual as a pdf file. Strangely, I cannot mount it with # ll /dev/da5* crw-r- 1 root operator0, 236 May 31 15:05 /dev/da5 crw-r- 1 root operator0, 237 May 31 15:05 /dev/da5s1 # mount -t ntfs -o ro /dev/da5s1 /mnt mount_ntfs: /dev/da5s1: Invalid argument ) When I plug it to one of the two USB3.0 ports (using the xhci driver), I don't get device nodes in /dev created for it, but instead an ever growing list of ugen4.2: Jmicron Corp. at usbus4 umass2: Jmicron Corp. Usb production, class 0/0, rev 2.10/1.00, addr 1 on usbus4 ugen4.2: Jmicron Corp. at usbus4 (disconnected) umass2: at uhub4, port 4, addr 1 (disconnected) The USB3.0 ports otherwise work fine with a 16BG USB3.0 Stick. Windows 7 can use the disk as well on the USB3.0 port, which makes me look for things I have missed. For example, my kernel config is stripped down quite a bit, so it might be that my custom kernel does not have all the necessary drivers built in or kldloaded. Do I need device ada? What is the magic needed to hook up 4k secotr drives via USB3.0? Regards, Jens -- Jens Schweikhardt http://www.schweikhardt.net/ SIGSIG -- signature too long (core dumped) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Logic dictates that you try with GENERIC, see if that works any better ;)___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kldxref: /boot/kernel/kernel: too many sections
On 26 May 2012, at 13:41, Martin Laabs mailingli...@martinlaabs.de wrote: Hello, while updating my system I got the following error message while make installworld: === syscons/green (install) install -o root -g wheel -m 555 green_saver.ko /boot/kernel install -o root -g wheel -m 555 green_saver.ko.symbols /boot/kernel kldxref /boot/kernel kldxref: /boot/kernel/kernel: too many sections kldxref: error while reading /boot/kernel/kernel: Bad address su:/usr/src$ Hold on a sec you run install*world* and it tries to install a kernel ? Looks fishy to me. Also, try with a generic kernel, just to check if that fails as well. I tried to remove the /usr/obj and remake the kernel by make buildkernel again but the error remains. I use 8.2-STABLE with a freshly updated RELENG_8 src. I do not build all kernel modules so I have the following in my make.conf MODULES_OVERRIDE = nfsserver linux linprocfs geom/geom_bde syscons/green However - I don't think this explains the misbehavior of kldxref. Can anybody give me a hint where to search for the bug? Best regards, Martin Laabs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: why I am upset
On 26 May 2012, at 03:12, ajtiM lum...@gmail.com wrote: Why I am upset but not just me? I am running KDE 4.8 from January on my Linux computer. Now is almost June and we got KDE 4.8 on FreeBSD too. 5 months testing and it works? No. The modern OS for the desktop computer doesn;t works. O.K. OS works but installatoon of 5 months testing of KDE doesn;t. And help? Read /usr/ports/UOPDATING!! I red before I start inastallation but I am not sure if helpers did! Thank you for wasting my time. Mitja 1/ English, learn it. 2/ Remind me how much you paid for free software you've most likely never contributed to ? 3/ You're too busy being a whiny raging kid to actually explain your problem 4/ Even if you had, I doubt anyone would want to help you after your epic flame Seeing you do not even show the slightest hint of respect or gratitude towards the people who actually work on the software in their free time: 5/ I'm gonna respectfully ask that you STFU You're such a good rager, I'm convinced you shan't need google to figure out the acronym. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd-update not updating reported patchlevel
On 4 May 2012, at 16:45, Polytropon free...@edvax.de wrote: On Fri, 4 May 2012 04:14:05 -0500 (CDT), Robert Bonomi wrote: What is required is a differentation between the _kernel_ revision level, and the patchlevel of the entire base system. Store the kernel revision level -in- the kernel. Use the 'standard' THREE-level version numbering {Major}.{Minor}.{revision} for the kernel. Bump 'revision' for each set fo kernel patches. The patchlevel info for the base system can be a simple data file. I'd suggest a dotfile' in /etc, mode 644, with the followig flags set: 'system append only', 'system undlink'. Bump 'patchlevel' every time -anything- in the base system changes, regardless of whether it is part of the kernel or the 'world'. Interesting approach. Both files could also be header files in /usr/include to store this information per #define. But in fact, I like the /etc idea better. Allow me to extent the approach: For -STABLE versions (e. g. if updated per CVS), those files could contain the build number and the date of the currently installed -STABLE snapshot. I have massive love for this idea, having to check the kern build date to have a rough idea of what 8-STABLE I'm running is too prone to errors. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Re[4]: Problem with vlans on igb (was: fsck problem FreeBSD 8.3)
Well, you see me glad that this fixes your problems. You might want to see with Jack Vogel who maintains the Intel drivers, if you can track down the issue and perhaps even find a fix for it. Taking the liberty of CCing you Jack. 2012/4/18 Eugen Konkov kes-...@yandex.ru: Hi, Damien. With this configuration works without reboots ifconfig_igb0=-rxcsum -txcsum -lro -tso up ifconfig_igb1=-rxcsum -txcsum -lro -tso up ifconfig_igb2=-rxcsum -txcsum -lro -tso -vlanhwtag up ifconfig_igb3=-rxcsum -txcsum -lro -tso up igb0 has only one vlan igb1 has two vlans igb2 has 16 vlans igb3 has 4 vlans if igb2 has vlanhwtag enabled then server starts to reboot DF Yes, I suggest you try with -vlanhwtag as well. DF If that stops your unwanted reboots, you may want to remove it and see DF if the situation changes. DF 2012/4/12 Коньков Евгений kes-...@yandex.ru: Now i350 is configured as: /etc/rc.conf ## TCP/IP ifconfig_igb0=-rxcsum -txcsum -lro -tso up ifconfig_igb1=-rxcsum -txcsum -lro -tso up ifconfig_igb2=-rxcsum -txcsum -lro -tso up ifconfig_igb3=-rxcsum -txcsum -lro -tso up # ifconfig -m igb1 igb1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=400b8VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO capabilities=505bbRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,VLAN_HWFILTER,VLAN_HWTSO ether a0:36:9f:00:66:a5 media: Ethernet autoselect (1000baseT full-duplex) status: active supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP #pciconf -lv igb0@pci0:1:0:0: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet Do I need to disable VLAN_HWCSUM, VLAN_HWFILTER,VLAN_HWTSO also? PS. I will try to disable those after the holidays DF Try disabling hardware VLAN tagging like so, I know we had problems a DF few years back with it. DF in /etc/rc.conf : DF ifconfig_igb2= -vlanhwtag -tso -lro up DF 2012/4/11 KES kes-...@yandex.ua: Пересылаемое сообщение 11.04.2012, 13:14, KES kes-...@yandex.ua: 10.04.2012, 08:50, Da Rock freebsd-questi...@herveybayaustralia.com.au: On 04/10/12 05:02, Коньков Евгений wrote: Yes, I have tested. and on this hardware on this OS it works from Fri Feb 24 17:07:48 UTC 2012 but last two days: reboot ~ Mon Apr 9 19:50 reboot ~ Mon Apr 9 18:30 reboot ~ Sun Apr 8 20:55 reboot ~ Sun Apr 8 20:00 reboot ~ Sun Apr 8 19:49 reboot ~ Sun Apr 8 17:43 reboot ~ Sun Apr 8 10:58 reboot ~ Sat Apr 7 21:13 reboot ~ Sat Apr 7 16:37 reboot ~ Sat Apr 7 16:07 I remembered. One thing changed. I add vlans to igb2, but no traffic flow on that devices yet. Perhaps you should test removing the vlans and see if things improve? I have removed vlans, two day server works without reboots Before this I have use: igb0, igb1, igb3 igb0@pci0:1:0:0: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb1@pci0:1:0:1: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb2@pci0:1:0:2: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb3@pci0:1:0:3: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet ifconfig_vlan100=inet 192.168.0.1 netmask 255.255.255.0 vlan 100 vlandev igb2 #nALL ifconfig_vlan101=inet 192.168.1.1 netmask 255.255.255.0 vlan 101 vlandev igb2 #n2 p24 ifconfig_vlan102=inet 192.168.2.1 netmask 255.255.255.0 vlan 102 vlandev igb2 #n1 p23 ifconfig_vlan103=inet 192.168.3.1 netmask 255.255.255.0 vlan 103 vlandev igb2 #n3 p22 ifconfig_vlan104=inet 192.168.4.1 netmask 255.255.255.0 vlan 104 vlandev igb2 #n7,9 p21 ifconfig_vlan105=inet 192.168.5.1 netmask 255.255.255.0 vlan 105 vlandev igb2 #n11 p20 ifconfig_vlan106=inet 192.168.6.1 netmask 255.255.255.0
Re: Problem with vlans on igb (was: fsck problem FreeBSD 8.3)
Try disabling hardware VLAN tagging like so, I know we had problems a few years back with it. in /etc/rc.conf : ifconfig_igb2= -vlanhwtag -tso -lro up 2012/4/11 KES kes-...@yandex.ua: Пересылаемое сообщение 11.04.2012, 13:14, KES kes-...@yandex.ua: 10.04.2012, 08:50, Da Rock freebsd-questi...@herveybayaustralia.com.au: On 04/10/12 05:02, Коньков Евгений wrote: Yes, I have tested. and on this hardware on this OS it works from Fri Feb 24 17:07:48 UTC 2012 but last two days: reboot ~ Mon Apr 9 19:50 reboot ~ Mon Apr 9 18:30 reboot ~ Sun Apr 8 20:55 reboot ~ Sun Apr 8 20:00 reboot ~ Sun Apr 8 19:49 reboot ~ Sun Apr 8 17:43 reboot ~ Sun Apr 8 10:58 reboot ~ Sat Apr 7 21:13 reboot ~ Sat Apr 7 16:37 reboot ~ Sat Apr 7 16:07 I remembered. One thing changed. I add vlans to igb2, but no traffic flow on that devices yet. Perhaps you should test removing the vlans and see if things improve? I have removed vlans, two day server works without reboots Before this I have use: igb0, igb1, igb3 igb0@pci0:1:0:0: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb1@pci0:1:0:1: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb2@pci0:1:0:2: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb3@pci0:1:0:3: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet ifconfig_vlan100=inet 192.168.0.1 netmask 255.255.255.0 vlan 100 vlandev igb2 #nALL ifconfig_vlan101=inet 192.168.1.1 netmask 255.255.255.0 vlan 101 vlandev igb2 #n2 p24 ifconfig_vlan102=inet 192.168.2.1 netmask 255.255.255.0 vlan 102 vlandev igb2 #n1 p23 ifconfig_vlan103=inet 192.168.3.1 netmask 255.255.255.0 vlan 103 vlandev igb2 #n3 p22 ifconfig_vlan104=inet 192.168.4.1 netmask 255.255.255.0 vlan 104 vlandev igb2 #n7,9 p21 ifconfig_vlan105=inet 192.168.5.1 netmask 255.255.255.0 vlan 105 vlandev igb2 #n11 p20 ifconfig_vlan106=inet 192.168.6.1 netmask 255.255.255.0 vlan 106 vlandev igb2 #n13 p19 ifconfig_vlan107=inet 192.168.7.1 netmask 255.255.255.0 vlan 107 vlandev igb2 #n223 p18 ifconfig_vlan108=inet 192.168.8.1 netmask 255.255.255.0 vlan 108 vlandev igb2 #n225 p17 ifconfig_vlan109=inet 192.168.9.1 netmask 255.255.255.0 vlan 109 vlandev igb2 #n221 p16 ifconfig_vlan110=inet 192.168.10.1 netmask 255.255.255.0 vlan 110 vlandev igb2 #n229 p15 ifconfig_vlan111=inet 192.168.11.1 netmask 255.255.255.0 vlan 111 vlandev igb2 #n233 p14 ifconfig_vlan112=inet 192.168.12.1 netmask 255.255.255.0 vlan 112 vlandev igb2 #n231 p13 ifconfig_vlan113=inet 192.168.13.1 netmask 255.255.255.0 vlan 113 vlandev igb2 #n237 p12 ifconfig_vlan114=inet 192.168.14.1 netmask 255.255.255.0 vlan 114 vlandev igb2 #n424 p11 ifconfig_vlan115=inet 192.168.15.1 netmask 255.255.255.0 vlan 115 vlandev igb2 # PAP Nothing logged in /var/log/* or crashes that exist in /var/crash PAP would indicate to me some sort of hardware related problem. PAP Have you tested your hardware lately and know that it is in operational order? PAP ~Paul PAP On Mon, Apr 09, 2012 at 09:36:54PM +0300, ??? ??? wrote: Hi. Apr 9 19:51:58 fsck: /dev/ad8s1e: UNEXPECTED INCONSISTENCY, CANNOT RUN FAST FSCK Apr 9 19:51:58 fsck: Apr 9 19:51:58 fsck: Apr 9 19:51:58 fsck: /dev/ad8s1e: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. Apr 9 19:51:58 fsck: /dev/ad8s1e: CANNOT SET FS_NEEDSFSCK FLAG Apr 9 20:09:22 kernel: running manually: # fsck -y /dev/ad8s1e ** /dev/ad8s1e (NO WRITE) ** Last Mounted on /tmp ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 99 files, 10 used, 506477 free (45 frags, 63304 blocks, 0.0% fragmentation) Server reboot two or three time per day # uname -a FreeBSD flux 8.3-PRERELEASE FreeBSD 8.3-PRERELEASE #3 r231881: Fri Feb 24 17:07:48 UTC 2012 adm@flux:/usr/obj/usr/src/sys/KES_KERN_v8 amd64 before this it works about month without problems /var/crash - empty, in
Re: Re[2]: Problem with vlans on igb (was: fsck problem FreeBSD 8.3)
Yes, I suggest you try with -vlanhwtag as well. If that stops your unwanted reboots, you may want to remove it and see if the situation changes. 2012/4/12 Коньков Евгений kes-...@yandex.ru: Now i350 is configured as: /etc/rc.conf ## TCP/IP ifconfig_igb0=-rxcsum -txcsum -lro -tso up ifconfig_igb1=-rxcsum -txcsum -lro -tso up ifconfig_igb2=-rxcsum -txcsum -lro -tso up ifconfig_igb3=-rxcsum -txcsum -lro -tso up # ifconfig -m igb1 igb1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=400b8VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO capabilities=505bbRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,LRO,VLAN_HWFILTER,VLAN_HWTSO ether a0:36:9f:00:66:a5 media: Ethernet autoselect (1000baseT full-duplex) status: active supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP #pciconf -lv igb0@pci0:1:0:0: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet Do I need to disable VLAN_HWCSUM, VLAN_HWFILTER,VLAN_HWTSO also? PS. I will try to disable those after the holidays DF Try disabling hardware VLAN tagging like so, I know we had problems a DF few years back with it. DF in /etc/rc.conf : DF ifconfig_igb2= -vlanhwtag -tso -lro up DF 2012/4/11 KES kes-...@yandex.ua: Пересылаемое сообщение 11.04.2012, 13:14, KES kes-...@yandex.ua: 10.04.2012, 08:50, Da Rock freebsd-questi...@herveybayaustralia.com.au: On 04/10/12 05:02, Коньков Евгений wrote: Yes, I have tested. and on this hardware on this OS it works from Fri Feb 24 17:07:48 UTC 2012 but last two days: reboot ~ Mon Apr 9 19:50 reboot ~ Mon Apr 9 18:30 reboot ~ Sun Apr 8 20:55 reboot ~ Sun Apr 8 20:00 reboot ~ Sun Apr 8 19:49 reboot ~ Sun Apr 8 17:43 reboot ~ Sun Apr 8 10:58 reboot ~ Sat Apr 7 21:13 reboot ~ Sat Apr 7 16:37 reboot ~ Sat Apr 7 16:07 I remembered. One thing changed. I add vlans to igb2, but no traffic flow on that devices yet. Perhaps you should test removing the vlans and see if things improve? I have removed vlans, two day server works without reboots Before this I have use: igb0, igb1, igb3 igb0@pci0:1:0:0: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb1@pci0:1:0:1: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb2@pci0:1:0:2: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet igb3@pci0:1:0:3: class=0x02 card=0x00018086 chip=0x15218086 rev=0x01 hdr=0x00 vendor = 'Intel Corporation' class = network subclass = ethernet ifconfig_vlan100=inet 192.168.0.1 netmask 255.255.255.0 vlan 100 vlandev igb2 #nALL ifconfig_vlan101=inet 192.168.1.1 netmask 255.255.255.0 vlan 101 vlandev igb2 #n2 p24 ifconfig_vlan102=inet 192.168.2.1 netmask 255.255.255.0 vlan 102 vlandev igb2 #n1 p23 ifconfig_vlan103=inet 192.168.3.1 netmask 255.255.255.0 vlan 103 vlandev igb2 #n3 p22 ifconfig_vlan104=inet 192.168.4.1 netmask 255.255.255.0 vlan 104 vlandev igb2 #n7,9 p21 ifconfig_vlan105=inet 192.168.5.1 netmask 255.255.255.0 vlan 105 vlandev igb2 #n11 p20 ifconfig_vlan106=inet 192.168.6.1 netmask 255.255.255.0 vlan 106 vlandev igb2 #n13 p19 ifconfig_vlan107=inet 192.168.7.1 netmask 255.255.255.0 vlan 107 vlandev igb2 #n223 p18 ifconfig_vlan108=inet 192.168.8.1 netmask 255.255.255.0 vlan 108 vlandev igb2 #n225 p17 ifconfig_vlan109=inet 192.168.9.1 netmask 255.255.255.0 vlan 109 vlandev igb2 #n221 p16 ifconfig_vlan110=inet 192.168.10.1 netmask 255.255.255.0 vlan 110 vlandev igb2 #n229 p15 ifconfig_vlan111=inet 192.168.11.1 netmask 255.255.255.0 vlan 111 vlandev igb2 #n233 p14 ifconfig_vlan112=inet 192.168.12.1 netmask 255.255.255.0 vlan 112 vlandev igb2 #n231 p13 ifconfig_vlan113=inet 192.168.13.1 netmask 255.255.255.0 vlan 113 vlandev igb2 #n237 p12
Re: LAGG bug or misconfiguration???
Sorry top posting from phone. Show your switch's port configurations. We're using VLAN tagging over lagg failover interfaces at work and I have already tried the tests you described, to much better results. We're also running 8.2 so the only thing that seems to differ between us is the switch config, likely. On 15 Mar 2012, at 20:06, Snoop sn...@email.it wrote: Hi there, a while after setting up my new server (with 8 jails in it) I've decided (after postponing several times) to properly check the functionality of the lagg and the result was very disappointing. The test I've done is very simple. I've started copying a file from one site to another of my VPN network (from the server I've been testing the net to another node somewhere else) and in the meantime I've been physically disconnecting the main network cable to check the responsiveness of the lagg configuration. Then I've plugged the cable back to check if the traffic would switch back to the main NIC as it should. The result was basically this (lagg0 members: bge0 primary, bge1 secondary) - when bge0 unplugged the traffic switched almost instantaneously to bge1 - when bge0 plugged back in, the network stopped working completely with the two NICs polling synchronously until I manually unplug bge1. Then within 2-4 seconds traffic goes back on bge0 (I've been waiting for a little more than a minute maximum to avoid all the active connections on the server to timeout). Now, I've repeated the same test about 10-15 times randomly waiting for different times between the unplug-replug procedure. The result was always the same. So, below are the ipconfig outputs - before to start the test - when bge0 gets unplugged - when bge0 gets plugged back in I couldn't see anything odd. ___ lagg0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8009bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE ether 00:14:ee:00:8a:c0 inet xxx.xx.xx.224 netmask 0xff00 broadcast xxx.xx.xx.255 inet xxx.xx.xx.227 netmask 0x broadcast xxx.xx.xx.227 inet xxx.xx.xx.225 netmask 0x broadcast xxx.xx.xx.225 inet 172.16.3.2 netmask 0x broadcast 172.16.3.2 inet 172.16.3.3 netmask 0x broadcast 172.16.3.3 inet 172.16.3.4 netmask 0x broadcast 172.16.3.4 inet 172.16.3.5 netmask 0x broadcast 172.16.3.5 inet 172.16.3.6 netmask 0x broadcast 172.16.3.6 inet xxx.xx.xx.226 netmask 0x broadcast xxx.xx.xx.226 media: Ethernet autoselect status: active laggproto failover laggport: bge1 flags=0 laggport: bge0 flags=5MASTER,ACTIVE ___ lagg0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8009bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE ether 00:14:ee:00:8a:c0 inet xxx.xx.xx.224 netmask 0xff00 broadcast xxx.xx.xx.255 inet xxx.xx.xx.227 netmask 0x broadcast xxx.xx.xx.227 inet xxx.xx.xx.225 netmask 0x broadcast xxx.xx.xx.225 inet 172.16.3.2 netmask 0x broadcast 172.16.3.2 inet 172.16.3.3 netmask 0x broadcast 172.16.3.3 inet 172.16.3.4 netmask 0x broadcast 172.16.3.4 inet 172.16.3.5 netmask 0x broadcast 172.16.3.5 inet 172.16.3.6 netmask 0x broadcast 172.16.3.6 inet xxx.xx.xx.226 netmask 0x broadcast xxx.xx.xx.226 media: Ethernet autoselect status: active laggproto failover laggport: bge1 flags=4ACTIVE laggport: bge0 flags=1MASTER ___ lagg0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8009bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE ether 00:14:ee:00:8a:c0 inet xxx.xx.xx.224 netmask 0xff00 broadcast xxx.xx.xx.255 inet xxx.xx.xx.227 netmask 0x broadcast xxx.xx.xx.227 inet xxx.xx.xx.225 netmask 0x broadcast xxx.xx.xx.225 inet 172.16.3.2 netmask 0x broadcast 172.16.3.2 inet 172.16.3.3 netmask 0x broadcast 172.16.3.3 inet 172.16.3.4 netmask 0x broadcast 172.16.3.4 inet 172.16.3.5 netmask 0x broadcast 172.16.3.5 inet 172.16.3.6 netmask 0x broadcast 172.16.3.6 inet xxx.xx.xx.226 netmask 0x broadcast xxx.xx.xx.226 media: Ethernet autoselect status: active laggproto failover laggport: bge1 flags=0 laggport: bge0 flags=5MASTER,ACTIVE __ Also nothing unusual
Re: LAGG bug or misconfiguration???
You're not looking for FEC or ethechannel or 802.3ad at all. What you're looking for, in the case of a *failover* configuration, is a spanning-tree portfast feature so that your port doesn't transition through the different spantree states before forwarding traffic. Kindly obtain the configuration from whoever has it and let us know. On 3/16/12 11:18 AM, Snoop wrote: Hi Dweimer and Damien, thanks for replying. The server is connected to a switch of the datacentre. The configuration of this switch is unknown to me and I obviously have no access to it but I truly believe that such an enterprise environment has management capabilities. Anyway, in which way the configuration would affect the lagg functionality? Might this issue be related to what stated in the FreeBSD LAGG pages in the handbook? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-aggregation.html Cisco® Fast EtherChannel® Cisco Fast EtherChannel (FEC), is a static setup and does not negotiate aggregation with the peer or exchange frames to monitor the link. If the switch supports LACP then that should be used instead. On Fri, 2012-03-16 at 10:45 +0100, Damien Fleuriot wrote: Sorry top posting from phone. Show your switch's port configurations. We're using VLAN tagging over lagg failover interfaces at work and I have already tried the tests you described, to much better results. We're also running 8.2 so the only thing that seems to differ between us is the switch config, likely. On 15 Mar 2012, at 20:06, Snoop sn...@email.it wrote: Hi there, a while after setting up my new server (with 8 jails in it) I've decided (after postponing several times) to properly check the functionality of the lagg and the result was very disappointing. The test I've done is very simple. I've started copying a file from one site to another of my VPN network (from the server I've been testing the net to another node somewhere else) and in the meantime I've been physically disconnecting the main network cable to check the responsiveness of the lagg configuration. Then I've plugged the cable back to check if the traffic would switch back to the main NIC as it should. The result was basically this (lagg0 members: bge0 primary, bge1 secondary) - when bge0 unplugged the traffic switched almost instantaneously to bge1 - when bge0 plugged back in, the network stopped working completely with the two NICs polling synchronously until I manually unplug bge1. Then within 2-4 seconds traffic goes back on bge0 (I've been waiting for a little more than a minute maximum to avoid all the active connections on the server to timeout). Now, I've repeated the same test about 10-15 times randomly waiting for different times between the unplug-replug procedure. The result was always the same. So, below are the ipconfig outputs - before to start the test - when bge0 gets unplugged - when bge0 gets plugged back in I couldn't see anything odd. ___ lagg0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8009bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE ether 00:14:ee:00:8a:c0 inet xxx.xx.xx.224 netmask 0xff00 broadcast xxx.xx.xx.255 inet xxx.xx.xx.227 netmask 0x broadcast xxx.xx.xx.227 inet xxx.xx.xx.225 netmask 0x broadcast xxx.xx.xx.225 inet 172.16.3.2 netmask 0x broadcast 172.16.3.2 inet 172.16.3.3 netmask 0x broadcast 172.16.3.3 inet 172.16.3.4 netmask 0x broadcast 172.16.3.4 inet 172.16.3.5 netmask 0x broadcast 172.16.3.5 inet 172.16.3.6 netmask 0x broadcast 172.16.3.6 inet xxx.xx.xx.226 netmask 0x broadcast xxx.xx.xx.226 media: Ethernet autoselect status: active laggproto failover laggport: bge1 flags=0 laggport: bge0 flags=5MASTER,ACTIVE ___ lagg0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8009bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE ether 00:14:ee:00:8a:c0 inet xxx.xx.xx.224 netmask 0xff00 broadcast xxx.xx.xx.255 inet xxx.xx.xx.227 netmask 0x broadcast xxx.xx.xx.227 inet xxx.xx.xx.225 netmask 0x broadcast xxx.xx.xx.225 inet 172.16.3.2 netmask 0x broadcast 172.16.3.2 inet 172.16.3.3 netmask 0x broadcast 172.16.3.3 inet 172.16.3.4 netmask 0x broadcast 172.16.3.4 inet 172.16.3.5 netmask 0x broadcast 172.16.3.5 inet 172.16.3.6 netmask 0x broadcast 172.16.3.6 inet xxx.xx.xx.226 netmask 0x broadcast xxx.xx.xx.226 media: Ethernet autoselect status: active laggproto failover
Re: LAGG bug or misconfiguration???
I confirm you should see fast transition for your VLANs to forwarding state. Are your ports in access or trunk mode ? If they're trunked, portfast alone won't do it, you need spanning-tree portfast trunk. Additionally, are you using link aggregation on the cisco swi ? (channel-group) On 3/16/12 5:31 PM, Snoop wrote: That's the STP configuration on my two switch ports: spanning-tree portfast spanning-tree bpduguard enable On Fri, 2012-03-16 at 12:10 +0100, Damien Fleuriot wrote: You're not looking for FEC or ethechannel or 802.3ad at all. What you're looking for, in the case of a *failover* configuration, is a spanning-tree portfast feature so that your port doesn't transition through the different spantree states before forwarding traffic. Kindly obtain the configuration from whoever has it and let us know. On 3/16/12 11:18 AM, Snoop wrote: Hi Dweimer and Damien, thanks for replying. The server is connected to a switch of the datacentre. The configuration of this switch is unknown to me and I obviously have no access to it but I truly believe that such an enterprise environment has management capabilities. Anyway, in which way the configuration would affect the lagg functionality? Might this issue be related to what stated in the FreeBSD LAGG pages in the handbook? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-aggregation.html Cisco® Fast EtherChannel® Cisco Fast EtherChannel (FEC), is a static setup and does not negotiate aggregation with the peer or exchange frames to monitor the link. If the switch supports LACP then that should be used instead. On Fri, 2012-03-16 at 10:45 +0100, Damien Fleuriot wrote: Sorry top posting from phone. Show your switch's port configurations. We're using VLAN tagging over lagg failover interfaces at work and I have already tried the tests you described, to much better results. We're also running 8.2 so the only thing that seems to differ between us is the switch config, likely. On 15 Mar 2012, at 20:06, Snoop sn...@email.it wrote: Hi there, a while after setting up my new server (with 8 jails in it) I've decided (after postponing several times) to properly check the functionality of the lagg and the result was very disappointing. The test I've done is very simple. I've started copying a file from one site to another of my VPN network (from the server I've been testing the net to another node somewhere else) and in the meantime I've been physically disconnecting the main network cable to check the responsiveness of the lagg configuration. Then I've plugged the cable back to check if the traffic would switch back to the main NIC as it should. The result was basically this (lagg0 members: bge0 primary, bge1 secondary) - when bge0 unplugged the traffic switched almost instantaneously to bge1 - when bge0 plugged back in, the network stopped working completely with the two NICs polling synchronously until I manually unplug bge1. Then within 2-4 seconds traffic goes back on bge0 (I've been waiting for a little more than a minute maximum to avoid all the active connections on the server to timeout). Now, I've repeated the same test about 10-15 times randomly waiting for different times between the unplug-replug procedure. The result was always the same. So, below are the ipconfig outputs - before to start the test - when bge0 gets unplugged - when bge0 gets plugged back in I couldn't see anything odd. ___ lagg0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8009bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE ether 00:14:ee:00:8a:c0 inet xxx.xx.xx.224 netmask 0xff00 broadcast xxx.xx.xx.255 inet xxx.xx.xx.227 netmask 0x broadcast xxx.xx.xx.227 inet xxx.xx.xx.225 netmask 0x broadcast xxx.xx.xx.225 inet 172.16.3.2 netmask 0x broadcast 172.16.3.2 inet 172.16.3.3 netmask 0x broadcast 172.16.3.3 inet 172.16.3.4 netmask 0x broadcast 172.16.3.4 inet 172.16.3.5 netmask 0x broadcast 172.16.3.5 inet 172.16.3.6 netmask 0x broadcast 172.16.3.6 inet xxx.xx.xx.226 netmask 0x broadcast xxx.xx.xx.226 media: Ethernet autoselect status: active laggproto failover laggport: bge1 flags=0 laggport: bge0 flags=5MASTER,ACTIVE ___ lagg0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8009bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE ether 00:14:ee:00:8a:c0 inet xxx.xx.xx.224 netmask 0xff00 broadcast xxx.xx.xx.255 inet xxx.xx.xx.227 netmask 0x broadcast xxx.xx.xx.227 inet xxx.xx.xx.225 netmask 0x
Re: apache22 + mod_fastcgi
Have you tried pointing your vhost's fcgi handler to the same unix socket path you use for your default vhost ? On 10 Mar 2012, at 02:35, alexus ale...@gmail.com wrote: if it would be incorrectly it wouldn't work the first time (default host) virtualhost has a copy from a default host, the only difference is local path to directory, that's all ifmodule is there just in case if for whatever reason module is missing, site can operate in degraded state vs not operate at all and other virtual hosts can work as well otherwise i have to go and comment out alot of lines manually so it's not ifmodule as that proven to work, but in any case i added ifmodule after, line was there before without ifmodule so it didn't work before either.. mbp:~ alexus$ curl -I http://XX.XXX.XX.XXX/php/phpinfo.php HTTP/1.1 200 OK Date: Sat, 10 Mar 2012 01:34:29 GMT Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 mod_python/3.3.1 Python/2.7.2 mod_fastcgi/2.4.6 X-Powered-By: PHP/5.3.8 Content-Type: text/html mbp:~ alexus$ curl -I http://virtualhost.com/php/phpinfo.php HTTP/1.1 200 OK Date: Sat, 10 Mar 2012 01:34:42 GMT Server: Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q DAV/2 mod_python/3.3.1 Python/2.7.2 mod_fastcgi/2.4.6 Last-Modified: Thu, 23 Feb 2012 02:10:09 GMT ETag: 97c8ef-11-4b99824b74240 Accept-Ranges: bytes Content-Length: 17 Content-Type: application/x-httpd-php mbp:~ alexus$ On Fri, Mar 9, 2012 at 7:24 PM, Damien Fleuriot m...@my.gd wrote: I think you're naming your module incorrectly. First, try just setting the handler in your vhost w/o the ifmodule stuff. If that works, you know where you've gone wrong. On 9 Mar 2012, at 21:12, alexus ale...@gmail.com wrote: i'd like to follow up with this question if possible On Wed, Mar 7, 2012 at 8:31 PM, alexus ale...@gmail.com wrote: --- LoadModule fastcgi_module libexec/apache22/mod_fastcgi.so IfModule mod_fastcgi.c AddHandler php5-fastcgi .php FastCgiExternalServer /usr/local/www/apache22/data/php -socket /var/run/spawn_fcgi.sock /IfModule --- this works for my apache for default virtualhost, yet if i use same thing under a virtualhost it won't work VirtualHost *:* ServerName DocumentRoot /home/xxx/xxx/htdocs/ IfModule mod_fastcgi.c AddHandler php5-fastcgi .php FastCgiExternalServer /home/xxx/xxx/htdocs/php -socket /var/run/spawn_fcgi.sock /IfModule /VirtualHost in default virtual host i PHP scripts gets executed no problem, under second it actually just starts downloading that php script.. any ideas? -- http://alexus.org/ -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fwd: Some questions about Link Aggregation and Failover
Well that's exactly what I'm trying to show you. Link aggregation will *NOT* allow you to get 200mbs between 2 servers by sending data over the 2 cables. As per the example I pasted below, link aggregation uses a load balancing algorithm to share the traffic across several links. It will *NOT* use *BOTH* links for a single source ip - destination ip pair. On 3/9/12 2:15 AM, bo wang wrote: Hi. Maybe you can't understand me. I mean that how can I do Link Aggregation for increasing the top speed between two server and a switch. 2012/3/8 Damien Fleuriot m...@my.gd: From your switch, run the following tests: core1.drt.hi-media#test etherchannel load-balance interface port-channel 2 ip 1.2.3.4 5.6.7.8 Would select Gi1/1/1 of Po2 core1.drt.hi-media#test etherchannel load-balance interface port-channel 2 ip 1.2.3.4 5.6.7.9 Would select Gi2/1/1 of Po2 core1.drt.hi-media#test etherchannel load-balance interface port-channel 2 ip 1.2.3.4 5.6.7.10 Would select Gi2/1/1 of Po2 Of course, you'll want to adjust with your own servers and PC IP addresses. On 3/8/12 9:33 AM, bo wang wrote: -- Forwarded message -- From: bo wang wowo...@gmail.com Date: 2012/3/8 Subject: Re: Some questions about Link Aggregation and Failover To: n...@hdk5.net Hello: Please see the picture 1 that is my test before.Doing 2 group in c3750.When I use PC and server2 to connect server1 fpt server for download. I find the server1 just use 1 port of lagg, other ports don't work. Then I change my test , picture2 is showed. I do only 1 group in c3750 for server1. And do the same test.I find that there are two ports of lagg work.The lagg0 top speed can be 140MB/s (server2 speed is 100MB/S, PC speed is 40MB/s) It can increase top speed. So what can I do for doinig two group in a switch? 2012/3/8 bo wang wowo...@gmail.com: Sorry,I can't understand what your meaning. Switch#show etherchannel Channel-group listing: -- Group: 1 -- Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol: LACP Minimum Links: 0 Group: 2 -- Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol: LACP Minimum Links: 0 Switch#show etherchannel detail Channel-group listing: -- Group: 1 -- Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol: LACP Minimum Links: 0 Ports in the group: --- Port: Gi1/0/1 Port state= Up Mstr Assoc In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index= 0 Load = 0x00Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode.P - Device is in passive mode. Local information: LACP port Admin OperPortPort Port Flags State Priority Key Key Number State Gi1/0/1 SA bndl 32768 0x1 0x1 0x102 0x3D Partner's information: LACP portAdmin Oper Port Port Port Flags Priority Dev ID AgekeyKeyNumber State Gi1/0/1 SA 32768 0010.18c0.af20 24s0x00x250 0x3 0x3D Age of the port in the current state: 12d:22h:41m:09s Port: Gi1/0/2 Port state= Up Mstr Assoc In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index= 0 Load = 0x00Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode.P - Device is in passive mode. Local information: LACP port Admin OperPortPort Port Flags State Priority Key Key Number State Gi1/0/2 SA bndl 32768 0x1 0x1 0x103 0x3D Partner's information: LACP portAdmin Oper Port Port Port Flags Priority Dev ID AgekeyKeyNumber State Gi1/0/2 SA 32768 0010.18c0.af20 26s0x00x250 0x4 0x3D Age of the port in the current state: 12d:22h:41m:15s Port-channels in the group: --- Port-channel: Po1(Primary Aggregator) Age of the Port-channel = 12d:22h:41m:21s Logical slot/port = 10/1 Number of ports = 2 HotStandBy port = null
Re: apache22 + mod_fastcgi
I think you're naming your module incorrectly. First, try just setting the handler in your vhost w/o the ifmodule stuff. If that works, you know where you've gone wrong. On 9 Mar 2012, at 21:12, alexus ale...@gmail.com wrote: i'd like to follow up with this question if possible On Wed, Mar 7, 2012 at 8:31 PM, alexus ale...@gmail.com wrote: --- LoadModule fastcgi_module libexec/apache22/mod_fastcgi.so IfModule mod_fastcgi.c AddHandler php5-fastcgi .php FastCgiExternalServer /usr/local/www/apache22/data/php -socket /var/run/spawn_fcgi.sock /IfModule --- this works for my apache for default virtualhost, yet if i use same thing under a virtualhost it won't work VirtualHost *:* ServerName DocumentRoot /home/xxx/xxx/htdocs/ IfModule mod_fastcgi.c AddHandler php5-fastcgi .php FastCgiExternalServer /home/xxx/xxx/htdocs/php -socket /var/run/spawn_fcgi.sock /IfModule /VirtualHost in default virtual host i PHP scripts gets executed no problem, under second it actually just starts downloading that php script.. any ideas? -- http://alexus.org/ -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fwd: Some questions about Link Aggregation and Failover
From your switch, run the following tests: core1.drt.hi-media#test etherchannel load-balance interface port-channel 2 ip 1.2.3.4 5.6.7.8 Would select Gi1/1/1 of Po2 core1.drt.hi-media#test etherchannel load-balance interface port-channel 2 ip 1.2.3.4 5.6.7.9 Would select Gi2/1/1 of Po2 core1.drt.hi-media#test etherchannel load-balance interface port-channel 2 ip 1.2.3.4 5.6.7.10 Would select Gi2/1/1 of Po2 Of course, you'll want to adjust with your own servers and PC IP addresses. On 3/8/12 9:33 AM, bo wang wrote: -- Forwarded message -- From: bo wang wowo...@gmail.com Date: 2012/3/8 Subject: Re: Some questions about Link Aggregation and Failover To: n...@hdk5.net Hello: Please see the picture 1 that is my test before.Doing 2 group in c3750.When I use PC and server2 to connect server1 fpt server for download. I find the server1 just use 1 port of lagg, other ports don't work. Then I change my test , picture2 is showed. I do only 1 group in c3750 for server1. And do the same test.I find that there are two ports of lagg work.The lagg0 top speed can be 140MB/s (server2 speed is 100MB/S, PC speed is 40MB/s) It can increase top speed. So what can I do for doinig two group in a switch? 2012/3/8 bo wang wowo...@gmail.com: Sorry,I can't understand what your meaning. Switch#show etherchannel Channel-group listing: -- Group: 1 -- Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol: LACP Minimum Links: 0 Group: 2 -- Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol: LACP Minimum Links: 0 Switch#show etherchannel detail Channel-group listing: -- Group: 1 -- Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol: LACP Minimum Links: 0 Ports in the group: --- Port: Gi1/0/1 Port state= Up Mstr Assoc In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index= 0 Load = 0x00Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode.P - Device is in passive mode. Local information: LACP port Admin OperPortPort Port Flags State Priority Key Key Number State Gi1/0/1 SA bndl 32768 0x1 0x1 0x102 0x3D Partner's information: LACP portAdmin Oper PortPort Port Flags Priority Dev ID AgekeyKeyNumber State Gi1/0/1 SA 32768 0010.18c0.af20 24s0x00x250 0x3 0x3D Age of the port in the current state: 12d:22h:41m:09s Port: Gi1/0/2 Port state= Up Mstr Assoc In-Bndl Channel group = 1 Mode = Active Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index= 0 Load = 0x00Protocol = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode.P - Device is in passive mode. Local information: LACP port Admin OperPortPort Port Flags State Priority Key Key Number State Gi1/0/2 SA bndl 32768 0x1 0x1 0x103 0x3D Partner's information: LACP portAdmin Oper PortPort Port Flags Priority Dev ID AgekeyKeyNumber State Gi1/0/2 SA 32768 0010.18c0.af20 26s0x00x250 0x4 0x3D Age of the port in the current state: 12d:22h:41m:15s Port-channels in the group: --- Port-channel: Po1(Primary Aggregator) Age of the Port-channel = 12d:22h:41m:21s Logical slot/port = 10/1 Number of ports = 2 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol= LACP Port security = Disabled Ports in the Port-channel: Index Load Port EC stateNo of bits --+--+--+--+--- 0 00 Gi1/0/1 Active 0 0 00 Gi1/0/2 Active 0 Time since last port bundled:12d:22h:41m:17sGi1/0/1 Group: 2 -- Group state = L2 Ports: 2 Maxports = 16 Port-channels: 1 Max Port-channels = 16 Protocol: LACP Minimum Links: 0 Ports in the group: ---
Re: Some questions about Link Aggregation and Failover
Sorry top post, not so smartphone. Do this on your c3750, in privileged mode: Show ether 1 sum On 7 Mar 2012, at 05:41, bo wang wowo...@gmail.com wrote: Hello: Recently I want to do Link Aggregation for increasing the speed. I use a Cisco 3750 Switche and two IBM Server R with BSD 9.0 .I do link aggregation According to this page. http://www.freebsd.org/doc/en/books/handbook/network-aggregation.html I use LACP .But when i have done ,the link aggregation only can do Failover .It cann't increase the speed. What is the problem?Detailed configuration as follows in the BSD9.0 /etc/rc.conf hostname=bbc04 ifconfig_bce2=up ifconfig_bce3=up ifconfig_bce4=up ifconfig_bce5=up ifconfig_bce6=up ifconfig_bce7=up cloned_interfaces=lagg0 ifconfig_lagg0=laggproto loadbalance laggport bce2 laggport bce3 laggport bce4 laggport bce5 laggport bce6 laggport bce7 ipv4_addrs_lagg0=172.16.60.64/16 defaultrouter=172.16.0.1 sshd_enable=YES pureftpd_enable=YES # Set dumpdev to AUTO to enable crash dumps, NO to disable dumpdev=NO the Cisco 3750 configure interface range gigabitEthernet 1/0/1-6 channel-proto lacp channel-group 1 mode active interface range gigabitEthernet 1/0/13-18 channel-proto lacp channel-group 2 mode active ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it worthy upgrading to 9.0 ?
On 3/6/12 12:30 PM, krad wrote: apart from a major bump in the version of pf. Still the old syntax though, what I'm eager for is 10.0 with the upgrade to 4.8 openbsd PF. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it worthy upgrading to 9.0 ?
On 3/6/12 7:01 AM, Allen wrote: On 2/28/2012 3:03 AM, Damien Fleuriot wrote: This is an entirely subjective question and one that only you can answer. For example, given the number of problem reports I'm seeing on the lists, I'm going to stick with the 8-STABLE branch for still a long time, likely until 9.1 or 9.2-RELEASE. I don't think it's a good idea to let what you see on a mailing list be your end all be all of what you use... This isn't an insult or anything, but I've seen some pretty damn stupid people who try to install stuff into Swap And that isn't even close to the stupidest thing I've ever seen on a list. Trust me, the best way to figure out of you personally would benefit from upgrading, is doing it yourself. I get your point, however, reports of NICs malfunctionning or stuff like that are pretty distressing when running frontend firewall boxes. Seeing 9.0 doesn't bring much to the table, imo, in terms of firewalling and CARP novelty, I'm probably going to stick with 8.3 for some time :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Delete files let FreeBSD crashes.
On 3 Mar 2012, at 16:37, Conrad J. Sabatier conr...@cox.net wrote: On Wed, 29 Feb 2012 09:24:55 +0800 netroby hufeng1...@gmail.com wrote: Thanks . I had resolved the problem : 1. restart FreeBSD to single user mode. 2. umount all device then run fsck -f 3. after finished the fsck, restart FreeBSD , return to normal mode. 4. delete the broken directory, and restore the data from backup. 5. every thing seems ok now. netroby That's all well and good, but just for future reference, when you boot into single-user mode, the root partition will already be mounted read-only. It's not necessary to mount any other partitions before running fsck, and in fact, it is advised *not* to do so. You misread his message, he said he *u*mounted partitions. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: request a quote
5-star rating this gem right now. This does, however, raise an interesting question. Do you guys know of any company whose business model is freebsd support and engineering ? Like, a la RHEL or SLES. Excluding dedicated servers rental, since they don't actually provide the real support. On 29 Feb 2012, at 09:59, Mariusz Herman mher...@advatech.pl wrote: Hi, I would be thankful, if you could send me price of 4-year support for FreeBSD. For configuration: Lp Model Description Qty 1.0 7100139 Sun Fire X4470 M2 server: model family 4 1.1 7100142 Sun Fire X4470 M2 server: 3 RU base chassis with motherboard and 2 PSUs 4 1.2 7100140 2 Intel(R) Xeon(R) E7-4820 8-core 2 GHz processors (for factory installation) 8 1.3 7100166 Two 8-DIMM riser cards (for factory installation) 16 1.4 7100152 Two 4 GB DDR3-1333 DIMMs (for factory installation) 48 1.5 2352A 2 memory DIMM slot filler (for factory installation) 80 1.6 RB-SS2CF-300G10K2 One 300 GB 1 rpm 2.5-inch SAS-2 HDD with bracket (for factory installation) 8 1.7 6331A-N 2.5-inch HDD filler panel (for factory installation) 16 1.8 8370A DVD-RW drive (for factory installation) 4 1.9 SG-SAS6-INT-Z Sun Storage 6 Gb SAS PCIe HBA, Internal: 8 port (for factory Installation) 4 1.10 4446A-Z-N Sun x4 Quad-port Gigabit Ethernet Adapter UTP 8 1.11 5394A PCIe filler panel (for factory installation) 32 1.12 2365A Tool-less rackmount rail kit (for factory Installation) 4 1.13 2364A Cable management arm (for factory installation) 4 1.14 SR-JUMP-1MC13 Power cord: Sun Rack 2 jumper, 1 meter, C14RA plug, C13 connector, 13 A (for factory installation) 8 _ Kind regards Mariusz Herman Sales Support Specialist e-mail: mher...@advatech.pl tel. (+4871) 772 66 08 kom. +48 661 917 210 Advatech Sp. z o.o. ul. Klecińska 123 54-413 Wrocław tel. (+4871) 772 66 00 fax. (+4871) 798 57 75 www.advatech.pl Wpisana do Krajowego Rejestru Sądowego pod numerem 145269 Sąd Rejonowy dla Wrocławia - Fabrycznej we Wrocławiu VI Wydział Gospodarczy Krajowego Rejestru Sądowego NIP: PL 899-21-85-891 Kapitał zakładowy 50 000 zł, kapitał własny 6 686 037 zł ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: request a quote
On 2/29/12 10:58 AM, Matthew Seaman wrote: On 29/02/2012 09:23, Damien Fleuriot wrote: This does, however, raise an interesting question. Do you guys know of any company whose business model is freebsd support and engineering ? Like, a la RHEL or SLES. None that I know of. People have tried to set up such things in the past, and unfortunately have failed miserably. The closest thing is iXSystems -- but their primary business is supplying hardware, and while they do provide FreeBSD support, their offering is US centric -- maybe even US-West Coast focussed. Personally I think that having a commercial entity behind FreeBSD in this way would be a good thing. As a central provider that will help promote FreeBSD commercial usage and fund a deal of development that nowadays either doesn't happen, or that takes far too long, and provide employment for FreeBSD developers and admins, it certainly has some obvious benefits. That was the point of my question exactly. Having worked in a banking environment in the past, I can tell that high profile companies shun open source software UNLESS they can get a support contract. That's the reason Red Hat Enterprise Linux and Suse Linux Enterprise Server are successful, not only do they provide the software, but they also sell the support contract and guarantees that go with it. Such a business model would imo do wonders to promote FreeBSD as a professional OS. Setting up such an entity and making it work as a profitable concern is an entirely different matter. It's a competitive market out there, an a new company would be going up against the likes of RedHat, Microsoft, Oracle and other well established behemoths. While I think that FreeBSD and FreeBSD people have the technical quality to succeed, what is missing is the business capability -- people who can go out and sell FreeBSD and that can attract investors and make them feel confident that they can invest. That's pretty rare to find in combination with the sort of technical expertise the FreeBSD project (unconciously) selects for. Cheers, Matthew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it worthy upgrading to 9.0 ?
On 2/28/12 1:52 AM, sw2wolf wrote: uname -a FreeBSD mybsd.zsoft.com 8.2-RELEASE FreeBSD 8.2-RELEASE #3: Fri Sep 30 15:23:56 CST 2011 r...@mybsd.zsoft.com:/media/G/usr/obj/media/G/usr/src/sys/MYKERNEL i386 I am using 8.2 for a long time. And it works VERY well. Any suggestion is appreciated! This is an entirely subjective question and one that only you can answer. For example, given the number of problem reports I'm seeing on the lists, I'm going to stick with the 8-STABLE branch for still a long time, likely until 9.1 or 9.2-RELEASE. You may want to reflect on the features you currently use and whether they've been improved in 9.0-RELEASE or not (eg ZFS v28) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Delete files let FreeBSD crashes.
On 2/28/12 8:11 AM, netroby wrote: i installed freebsd 9 on virtualbox, when i try to delete a directory with following command: rm -rf ./zf2 the system will halt , then restart. i had using fsck -y to check the filesystem, but seems not work. following the output: *** HALT *** You're not running fsck on a MOUNTED device are you ? If you are, kindly stop doing so to prevent damage to your system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Is it worthy upgrading to 9.0 ?
On 2/28/12 2:14 PM, Stas Verberkt wrote: On Tue, Feb 28, 2012 at 05:21:35PM +0700, Erich Dollansky wrote: I cannot tell how often I have said this already. I stay with the even branches until the next even branch comes out. Currently, the machine here runs 8.3 and will stick to 8 until 10.0 or 10.1 will arrive at the scene. Just wondering: is there any difference between an even and an uneven branch? Kind regards, Stas Verberkt To be honest, there shouldn't be. There's an old saying that goes along the lines of uneven are unstable/experimental but recent comments on the ML have claimed otherwise. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cloning a FreeBSD system
On 2/27/12 5:54 PM, Stephen Cook wrote: Hello all! I'm relatively new to FreeBSD but I'm enjoying it so far. I have FreeBSD 9.0 installed as a VirtualBox guest, and I plan on cloning it repeatedly to set up a fake network for me to toy with (e.g. setting up clusters of replicated databases, web server pools, etc). [snip] 3) Create new SSH keys 3a) For host keys, I can delete the existing ones in /etc/ssh/ and reboot, is there a better way? 3b) Should I bother changing the SSH keys for any users I have? It is basically one user (I use to log in with) which will be the same across the board anyway. Why bother changing keys if this is only a fake network for you to toy with ? Let them be. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cloning a FreeBSD system
On 2/27/12 7:05 PM, Adam Vande More wrote: On Mon, Feb 27, 2012 at 10:54 AM, Stephen Cook scli...@gmail.com wrote: 3) Create new SSH keys 3a) For host keys, I can delete the existing ones in /etc/ssh/ and reboot, is there a better way? ssh-keygen(1) is the typical method. Or just delete the existing keys and sshd will recreate them at first boot ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Custom Kernel Target Ignored
On 26 Feb 2012, at 15:37, Carolyn Longfoot c_longf...@hotmail.com wrote: make buildkernel KERNCONF=AsusAMD620 is what I do. Erich ARGHHH... KERNCONF not KERNELCONF... scuse my blindness... Pro tip, put it in your /etc/make.conf like so: KERNCONF=WHATEVERYOUSAID Then cd /usr/src make buildkernel You might also want to have a look at MODULES_OVERRIDE, also to be put in make.conf , saves a huge lot of time.___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org