From owner-freebsd-arch Mon Jul 16 4:13:15 2001 Delivered-To: freebsd-arch@freebsd.org Received: from kalaid.f2f.com.ua (kalaid.f2f.com.ua [62.149.0.33]) by hub.freebsd.org (Postfix) with ESMTP id 0CCA037B401; Mon, 16 Jul 2001 04:13:07 -0700 (PDT) (envelope-from sobomax@FreeBSD.org) Received: from Mail-In.Net (borey.f2f.com.ua [62.149.0.24]) by kalaid.f2f.com.ua (8.11.4/8.11.4) with ESMTP id f6GBFHj72554; Mon, 16 Jul 2001 14:15:18 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Received: from vega.vega.com (root@[212.35.189.160]) by Mail-In.Net (8.11.3/8.H.Z) with ESMTP id f6GBE4u20273; Mon, 16 Jul 2001 14:14:04 +0300 (EEST) Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vega.vega.com (8.11.4/8.11.3) with ESMTP id f6GBBxD47572; Mon, 16 Jul 2001 14:11:59 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Message-ID: <3B52CC08.1B08210F@FreeBSD.org> Date: Mon, 16 Jul 2001 14:12:17 +0300 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en,uk,ru MIME-Version: 1.0 To: small@FreeBSD.org Cc: arch@FreeBSD.org Subject: Extending md(4) to allow it use pre-compressed disk image Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi folks, I extended md(4) driver to allow it use pre-compressed disk image. In contrast with the current implementation, when loader(8) on loading decompresses compressed image and holds it uncompressed in the memory, with new feature loader(8) places compressed image into a memory, while md(4) decompresses sectors when they are read. This could be useful to decrease minimal memory requrements on FreeBSD install or in another cases when memory is scarce. Performance is quite good - even P133 reads data from such device at 2-2.5MB/s. Since standard gzip format is not really suitable for the task I created an utility that splits original image into clusters (cluster size could vary), compresses each cluster using zlib and writes compressed clusters along with information about offset of each cluster into resulting image. After that compressed image could be put into the floppy or other media, loaded using loader(8) and accessed through md(4) as usually. The only difference is that it is impossible to write into resulting disk. I would like to know if there is enough interest in integrating this feature into base system, please let me know what do you think about it. -Maxim P.S. Please keep me on the CC list. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Jul 16 8:15:32 2001 Delivered-To: freebsd-arch@freebsd.org Received: from scaup.mail.pas.earthlink.net (scaup.mail.pas.earthlink.net [207.217.121.49]) by hub.freebsd.org (Postfix) with ESMTP id D715737B403 for ; Mon, 16 Jul 2001 08:15:16 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.245.130.87.Dial1.SanJose1.Level3.net [209.245.130.87]) by scaup.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id IAA09392; Mon, 16 Jul 2001 08:14:56 -0700 (PDT) Message-ID: <3B530511.C8E861E1@mindspring.com> Date: Mon, 16 Jul 2001 08:15:29 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Wemm Cc: Dima Dorfman , arch@FreeBSD.ORG Subject: Re: Getting rid of libgmp References: <20010714130715.6A27738FD@overcee.netplex.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Peter Wemm wrote: > > > Comments? Suggestions? > > > > Benchmarks, proving that you increased, or at least did not > > injure performance with this change? > > This isn't really relevant. There are only a couple of things that use it. > Namely the secure rpc key generators, the secure diffie hellman rpc key > exchange, and telnet SRA key exchange at startup. None of these use it > more than once (or once per connection). > > telnet is already linked against libcrypto. It should be using > that for bignum support instead of libmp. > > libmp is dead. libcrypto is the interface of choice to use these days, > or libgmp. Nothing in our tree uses libgmp. We currently can do 600 1024 bit SSL connections a second, and expect to double that via interface changes. So performance _is_ relevent. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Jul 16 8:36:44 2001 Delivered-To: freebsd-arch@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.39]) by hub.freebsd.org (Postfix) with SMTP id 2648937B406 for ; Mon, 16 Jul 2001 08:36:33 -0700 (PDT) (envelope-from roam@ringworld.nanolink.com) Received: (qmail 56918 invoked by uid 1000); 16 Jul 2001 15:40:45 -0000 Date: Mon, 16 Jul 2001 18:40:45 +0300 From: Peter Pentchev To: Terry Lambert Cc: Peter Wemm , Dima Dorfman , arch@FreeBSD.ORG Subject: Re: Getting rid of libgmp Message-ID: <20010716184045.D56285@ringworld.oblivion.bg> Mail-Followup-To: Terry Lambert , Peter Wemm , Dima Dorfman , arch@FreeBSD.ORG References: <20010714130715.6A27738FD@overcee.netplex.com.au> <3B530511.C8E861E1@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B530511.C8E861E1@mindspring.com>; from tlambert2@mindspring.com on Mon, Jul 16, 2001 at 08:15:29AM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jul 16, 2001 at 08:15:29AM -0700, Terry Lambert wrote: > Peter Wemm wrote: > > > > Comments? Suggestions? > > > > > > Benchmarks, proving that you increased, or at least did not > > > injure performance with this change? > > > > This isn't really relevant. There are only a couple of things that use it. > > Namely the secure rpc key generators, the secure diffie hellman rpc key > > exchange, and telnet SRA key exchange at startup. None of these use it > > more than once (or once per connection). > > > > telnet is already linked against libcrypto. It should be using > > that for bignum support instead of libmp. > > > > libmp is dead. libcrypto is the interface of choice to use these days, > > or libgmp. Nothing in our tree uses libgmp. > > We currently can do 600 1024 bit SSL connections a second, and > expect to double that via interface changes. > > So performance _is_ relevent. I think Peter meant (and explained) that libmp's performance is not relevant for anything but secure RPC and telnet SRA. It is not relevant for SSL connections. As pointed out in previous messages in this thread, and as hinted in Peter's message, libmp is dead, and all the programs that used to use it are - or should be - linked against libcrypto. As pointed out in previous messages in this thread, and as hinted in Peter's message, libcrypto does not use libmp. So, performance is relevant in libcrypto. Performance is not relevant in libmp/libgmp. Replacing libmp/libgmp should not affect SSL performance in any way. G'luck, Peter -- This sentence every third, but it still comprehensible. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Jul 16 12:29:48 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-62.dsl.lsan03.pacbell.net [63.207.60.62]) by hub.freebsd.org (Postfix) with ESMTP id 00C4137B401 for ; Mon, 16 Jul 2001 12:29:45 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id EB4A167378; Mon, 16 Jul 2001 12:29:43 -0700 (PDT) Date: Mon, 16 Jul 2001 12:29:43 -0700 From: Kris Kennaway To: Terry Lambert Cc: Peter Wemm , Dima Dorfman , arch@FreeBSD.ORG Subject: Re: Getting rid of libgmp Message-ID: <20010716122942.D2870@xor.obsecurity.org> References: <20010714130715.6A27738FD@overcee.netplex.com.au> <3B530511.C8E861E1@mindspring.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="48TaNjbzBVislYPb" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B530511.C8E861E1@mindspring.com>; from tlambert2@mindspring.com on Mon, Jul 16, 2001 at 08:15:29AM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --48TaNjbzBVislYPb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 16, 2001 at 08:15:29AM -0700, Terry Lambert wrote: > > libmp is dead. libcrypto is the interface of choice to use these days, > > or libgmp. Nothing in our tree uses libgmp. >=20 > We currently can do 600 1024 bit SSL connections a second, and > expect to double that via interface changes. Erm, Terry, this performance already comes from libcrypto, if you're using openssl: libmp/libgmp doesn't enter in the equation whatsoever, because it's not used. If you're using libgmp to do your SSL via some local code, then you're not using the default FreeBSD SSL libraries and can continue to happily use your local code with the (faster) libgmp port. > So performance _is_ relevent. Indeed. Kris --48TaNjbzBVislYPb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7U0ClWry0BWjoQKURAuagAKCliFfBI2hbdnD2XI6gk84UEbvYVwCfagfZ JPMCA/Cbn18gusISRlFOBSo= =B5Fk -----END PGP SIGNATURE----- --48TaNjbzBVislYPb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Jul 16 13:47:57 2001 Delivered-To: freebsd-arch@freebsd.org Received: from maildrop.dub-t3-1.nwcgroup.com (maildrop.dub-t3-1.nwcgroup.com [195.129.80.17]) by hub.freebsd.org (Postfix) with ESMTP id A591B37B403 for ; Mon, 16 Jul 2001 13:47:36 -0700 (PDT) (envelope-from customerservice@playnetwork.com) Received: from maildrop (localhost [127.0.0.1]) by maildrop.dub-t3-1.nwcgroup.com (Postfix) with ESMTP id 634694678 for ; Mon, 16 Jul 2001 21:47:36 +0100 (IST) Message-ID: <1085900027.995316456405.JavaMail.nwdmail@maildrop> Date: Mon, 16 Jul 2001 20:47:36 +0000 (GMT+00:00) From: Reply-To: customerservice@playnetwork.com To: arch@FreeBSD.org Subject: Save Up To 70% On Music For Your Business! Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_24032_1288553723.995316456402" X-mailer: NewWorld Direct Java Mail Program X-uri: http://www.newworldcommerce.com X-Complaints: abuse@nwcgroup.com X-Bounce-Info: A05wE~WoqjuZ90k.kBG~pkTpgF~jIiXF4+oS+FG+rH~jX+hf+JVlX4+AMB+HPLK+Pk7VHUme~ok~dk52P+CpK+Wk+HM~cKYY~Lp0K+iir~yVsa~q1er+zkrY Return-Errors-To: customerservice@playnetwork.com X-Errors-To: customerservice@playnetwork.com Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dear Are you currently playing the radio as your in-store music source? Are you tired of all the deejay chatter and endless advertising? OR, are you using a CD player - and find your customers and employees hear the same music over and over because you're too busy to change CDs or buy new ones? Are you uncertain about paying ASCAP, BMI, or SESAC music licensing fees? Introducing PlayNetwork Online, a monthly subscription service that resolves all your business music issues. http://www.nwd42.com/s.asp?N=Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJhO Best of all it's available to you at an affordable monthly fee. If you'd like to learn more about this exciting new music service, please click on the link below for information regarding the benefits of professionally programmed music and details on our special introductory offer. Add life to your business with music. PlayNetwork Online. Imagine music your way. http://www.nwd42.com/s.asp?N=Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJhO Click here to configure your eMail preference: http://www.nwd42.com/s.asp?N=Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJXb Click here to unsubscribe: http://www.nwd42.com/s.asp?N=Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJfN The following text is for MIME compliant client programs. ------=_Part_24032_1288553723.995316456402 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Description: Plain Text mail part Dear Are you currently playing the radio as your in-store music source? Are you tired of all the deejay chatter and endless advertising? OR, are you using a CD player - and find your customers and employees hear the same music over and over because you're too busy to change CDs or buy new ones? Are you uncertain about paying ASCAP, BMI, or SESAC music licensing fees? Introducing PlayNetwork Online, a monthly subscription service that resolves all your business music issues. http://www.nwd42.com/s.asp?N=Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJhO Best of all it's available to you at an affordable monthly fee. If you'd like to learn more about this exciting new music service, please click on the link below for information regarding the benefits of professionally programmed music and details on our special introductory offer. Add life to your business with music. PlayNetwork Online. Imagine music your way. http://www.nwd42.com/s.asp?N=Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJhO Click here to configure your eMail preference: http://www.nwd42.com/s.asp?N=Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJXb Click here to unsubscribe: http://www.nwd42.com/s.asp?N=Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJfN ------=_Part_24032_1288553723.995316456402 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Content-Description: HTML mail part - external links Welcome
=09 =09
=09 =09 =09=09 =09 =09<= td align=3Dleft width=3D"100%">
If you cannot read this eMail, please go to
http://www.nwd42.= com/s.asp?N=3DZwm8Yq3701v~HNGFBKEFCOYJCHGDFHJhO
=09=09=09 =09=09=09=20 =09=09=09 =09=09=09 =09=09=09
3D""
=09=09
Welcome= !
=09=09
FINALLY, AFFORDABLE MUSIC FOR YOUR BUSINESS!
3D""

3D""=
 
<= IMG SRC=3D"http://www.nwd42.com/offer/PlayNetwork/Images/banner5%2ejpg" BOR= DER=3D0 ALT=3D"">
&n= bsp;

Visit our web = site and subscribe today.
Add life to your business with music!
3D""
 
<= TR>
3D""
Or Call Us At 1-866-752-9321 For M= ore Information.
 
Call Me
eMail Us
3D""<= /TD>

=
SUBSCRIBE TODAY AND SAVE!
=09 =09=09 =09

=09 =09=09=20 =09=09=09 =09=09=09=09 =09=09=09 =09=09
=09 =09 =09 =09=09 =09=09=09 =09 =09=09=09 =09=09=09=09 =09=09=09 =09=09
=09=09Click he= re to configure your eMail preference:
http://www.nwd42.com/s.asp?N=3D= Zwm8Yq3701v~HNGFBKEFCOYJCHGDFHJXb =09
=09=09=09=09=09 =09=09=09=09=09Click here to unsubscribe:
http://www.nwd42.com/s.asp?N=3DZwm8Yq3701v= ~HNGFBKEFCOYJCHGDFHJfN =09=09=09=09
=09
------=_Part_24032_1288553723.995316456402-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Jul 16 18:31:39 2001 Delivered-To: freebsd-arch@freebsd.org Received: from iatl0x01.coxmail.com (iatl1x01.coxmail.com [206.157.231.23]) by hub.freebsd.org (Postfix) with ESMTP id AC6FB37B403; Mon, 16 Jul 2001 18:26:13 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([208.138.198.178]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license 85f4f10023be2bd3bce00b3a38363ea2) with ESMTP id <20010717012612.BMDL1023.iatl0x01@enterprise.muriel.penguinpowered.com>; Mon, 16 Jul 2001 21:26:12 -0400 Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.5.0.FreeBSD:20010716212454:67204=_"; micalg=pgp-md5; protocol="application/pgp-signature" Date: Mon, 16 Jul 2001 21:24:54 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: arch@FreeBSD.ORG Subject: Importing lukemftpd Cc: obrien@freebsd.org Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.5.0.FreeBSD:20010716212454:67204=_ Content-Type: text/plain; charset=us-ascii Hi, I would like to import Luke Mewburn's ftpd from NetBSD as the ftpd for FreeBSD. David had originally brought up the idea of importing it back in December, but it appears that he hasn't had the time, or other issues have come up. However, I would like to bring up the discussion again as I think it's a needed improvement--NetBSD's ftpd is better maintained and has better standards compliance. However, when looking into it I found several issues with code divergence that I would like advice on first (ie. PAM support, some differences in ~ expansion, and of course differences in arguments). So I guess my question is, should: a) our ftpd and NetBSD ftpd be merged as best as possible to keep features of both, but try to follow NetBSD's ftpd development in our tree? b) we import NetBSD's ftpd AS IS and treat it like vender code with regular imports, but break backwards compatibility? c) we not do anything at all and leave our ftpd as it is? (a) of course is the best of both worlds, but it would require more work and might make maintainership harder in the future. Please let me know what people think about this. Thanks, Mike P.S. I would also like to do the same with lukeftp at some point. -- Mike Heffner Fredericksburg, VA --_=XFMail.1.5.0.FreeBSD:20010716212454:67204=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7U5PmFokZQs3sv5kRAuchAJ0Tye45n6/Tyu/BoH8SG6ZzF0jWHQCghS1o WRHYlPizKnewwreB+d+WjHs= =bnXk -----END PGP SIGNATURE----- --_=XFMail.1.5.0.FreeBSD:20010716212454:67204=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Mon Jul 16 22:34: 9 2001 Delivered-To: freebsd-arch@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 50A0D37B407; Mon, 16 Jul 2001 22:34:07 -0700 (PDT) (envelope-from dima@unixfreak.org) Received: from hornet.unixfreak.org (hornet [63.198.170.140]) by bazooka.unixfreak.org (Postfix) with ESMTP id B6C723E2F; Mon, 16 Jul 2001 22:34:06 -0700 (PDT) To: Mike Heffner Cc: arch@FreeBSD.ORG, obrien@freebsd.org Subject: Re: Importing lukemftpd In-Reply-To: ; from mheffner@novacoxmail.com on "Mon, 16 Jul 2001 21:24:54 -0400 (EDT)" Date: Mon, 16 Jul 2001 22:34:06 -0700 From: Dima Dorfman Message-Id: <20010717053406.B6C723E2F@bazooka.unixfreak.org> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike Heffner writes: > a) our ftpd and NetBSD ftpd be merged as best as possible to keep features of > both, but try to follow NetBSD's ftpd development in our tree? > > b) we import NetBSD's ftpd AS IS and treat it like vender code with regular > imports, but break backwards compatibility? > > c) we not do anything at all and leave our ftpd as it is? > > > (a) of course is the best of both worlds, but it would require more work and > might make maintainership harder in the future. > > Please let me know what people think about this. I think (a) with a twist is the best option; the twist is that we should try to get as much of our local features into lukeftpd's distribution as possible. This doesn't help the "more work" problem at all, but solves the "maintainership" problem quite nicely. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 0:22: 4 2001 Delivered-To: freebsd-arch@freebsd.org Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9]) by hub.freebsd.org (Postfix) with ESMTP id A0F4737B40C; Tue, 17 Jul 2001 00:22:01 -0700 (PDT) (envelope-from julian@elischer.org) Received: from elischer.org (InterJet.elischer.org [192.168.1.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id CAA88126; Tue, 17 Jul 2001 02:15:45 -0700 (PDT) Message-ID: <3B53E5D1.7C63B7A2@elischer.org> Date: Tue, 17 Jul 2001 00:14:25 -0700 From: Julian Elischer X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en, hu MIME-Version: 1.0 To: jlemon@freebsd.org, arch@freebsd.org Subject: kse and kqueue Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG if we change the system to use KSEs, do we make knotes in kqueues per process or per thread items? -- +------------------------------------+ ______ _ __ | __--_|\ Julian Elischer | \ U \/ / hard at work in | / \ julian@elischer.org +------>x USA \ a very strange | ( OZ ) \___ ___ | country ! +- X_.---._/ presently in San Francisco \_/ \\ v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 0:25: 3 2001 Delivered-To: freebsd-arch@freebsd.org Received: from sneakerz.org (sneakerz.org [216.33.66.254]) by hub.freebsd.org (Postfix) with ESMTP id B12A437B403; Tue, 17 Jul 2001 00:25:00 -0700 (PDT) (envelope-from bright@sneakerz.org) Received: by sneakerz.org (Postfix, from userid 1092) id 2D6475D010; Tue, 17 Jul 2001 02:24:50 -0500 (CDT) Date: Tue, 17 Jul 2001 02:24:50 -0500 From: Alfred Perlstein To: Julian Elischer Cc: jlemon@freebsd.org, arch@freebsd.org Subject: Re: kse and kqueue Message-ID: <20010717022450.M22070@sneakerz.org> References: <3B53E5D1.7C63B7A2@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <3B53E5D1.7C63B7A2@elischer.org>; from julian@elischer.org on Tue, Jul 17, 2001 at 12:14:25AM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Julian Elischer [010717 02:22] wrote: > if we change the system to use KSEs, > do we make knotes in kqueues per process or per thread items? Since they are impletemented as fds, probably per process, you'd probably want to be able to hand them around inside a process. -- -Alfred Perlstein [alfred@freebsd.org] Ok, who wrote this damn function called '??'? And why do my programs keep crashing in it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 10:22:45 2001 Delivered-To: freebsd-arch@freebsd.org Received: from spirit.jaded.net (shortbus.groupofnine.net [216.94.132.8]) by hub.freebsd.org (Postfix) with ESMTP id DEEDA37B41F; Tue, 17 Jul 2001 10:22:34 -0700 (PDT) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.11.4/8.11.4) id f6HHMX901053; Tue, 17 Jul 2001 13:22:33 -0400 (EDT) (envelope-from dan) Date: Tue, 17 Jul 2001 13:22:33 -0400 From: Dan Moschuk To: Mike Heffner Cc: arch@FreeBSD.ORG, obrien@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010717132232.A1010@spirit.jaded.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@novacoxmail.com on Mon, Jul 16, 2001 at 09:24:54PM -0400 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG | a) our ftpd and NetBSD ftpd be merged as best as possible to keep features of | both, but try to follow NetBSD's ftpd development in our tree? | | b) we import NetBSD's ftpd AS IS and treat it like vender code with regular | imports, but break backwards compatibility? | | c) we not do anything at all and leave our ftpd as it is? Why not start with lukem's code, add in PAM support and other FreeBSDisms, and then track NetBSD from that point? -Dan -- There is nothing wrong with Southern California that a rise in the ocean level wouldn't cure. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 10:36:10 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-62.dsl.lsan03.pacbell.net [63.207.60.62]) by hub.freebsd.org (Postfix) with ESMTP id BB6A937B403; Tue, 17 Jul 2001 10:36:06 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id BA72C6769D; Tue, 17 Jul 2001 10:36:05 -0700 (PDT) Date: Tue, 17 Jul 2001 10:36:05 -0700 From: Kris Kennaway To: Mike Heffner Cc: arch@FreeBSD.ORG, obrien@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010717103604.B79329@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ADZbWkCsHQ7r3kzd" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@novacoxmail.com on Mon, Jul 16, 2001 at 09:24:54PM -0400 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --ADZbWkCsHQ7r3kzd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 16, 2001 at 09:24:54PM -0400, Mike Heffner wrote: > Hi, >=20 > I would like to import Luke Mewburn's ftpd from NetBSD as the ftpd for Fr= eeBSD. > David had originally brought up the idea of importing it back in December= , but > it appears that he hasn't had the time, or other issues have come up. How= ever, > I would like to bring up the discussion again as I think it's a needed > improvement--NetBSD's ftpd is better maintained and has better standards > compliance. This has been discussed extensively over on -audit in the past. Basically, I have concerns as security officer about replacing an ftpd which has a good security track record with one which contains large amounts of unaudited code, and has had several security problems. The FreeBSD ftpd is used on far too many installed systems out there to risk introducing new root vulnerabilities, no matter how good the lukemftpd code is or how small that risk. There are also problems with missing features as you note. The last time this came up I offered the compromise solution of importing it into FreeBSD to work on feature parity and to give auditors a known base to work from, but it is not to become the default ftpd until I've signed off on it. We now have funding to perform in-depth auditing work on FreeBSD, so I think this would be achieved in a reasonable timeframe (probably by 5.0-RELEASE). Kris --ADZbWkCsHQ7r3kzd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VHeEWry0BWjoQKURAjLiAKDIIgQXiX/dfrv3GSd5nBBDWUFdDQCfY93T CDXNfnrb+FIeOixNK02XC54= =guQV -----END PGP SIGNATURE----- --ADZbWkCsHQ7r3kzd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 10:48:20 2001 Delivered-To: freebsd-arch@freebsd.org Received: from kawoserv.kawo2.rwth-aachen.de (kawoserv.kawo2.RWTH-Aachen.DE [134.130.180.1]) by hub.freebsd.org (Postfix) with ESMTP id CF60937B405; Tue, 17 Jul 2001 10:48:14 -0700 (PDT) (envelope-from alex@big.endian.de) Received: from zerogravity.kawo2.rwth-aachen.de (zerogravity.kawo2.rwth-aachen.de [134.130.181.28]) by kawoserv.kawo2.rwth-aachen.de (8.9.3/8.9.3) with ESMTP id TAA18649; Tue, 17 Jul 2001 19:48:14 +0200 Received: by zerogravity.kawo2.rwth-aachen.de (Postfix, from userid 1001) id 8703114AF5; Tue, 17 Jul 2001 19:48:13 +0200 (CEST) Date: Tue, 17 Jul 2001 19:48:12 +0200 From: Alexander Langer To: Maxim Sobolev Cc: small@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: Extending md(4) to allow it use pre-compressed disk image Message-ID: <20010717194812.A804@zerogravity.kawo2.rwth-aachen.d> References: <3B52CC08.1B08210F@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B52CC08.1B08210F@FreeBSD.org>; from sobomax@FreeBSD.ORG on Mon, Jul 16, 2001 at 02:12:17PM +0300 X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8 A8 E3 BA F3 4E 60 7D 7F X-PGP-at: finger alex@big.endian.de X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung. Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thus spake Maxim Sobolev (sobomax@FreeBSD.ORG): > size could vary), compresses each cluster using zlib and writes > compressed clusters along with information about offset of each > cluster into resulting image. After that compressed image could be put You sure that you don't produce that much overhead with all the additional gzip headers that it doesn't worse the compression? > I would like to know if there is enough interest in integrating this > feature into base system, please let me know what do you think about > it. Can you tell loader to load a mfs-compressed.gz? (I hope so) Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 16: 3:29 2001 Delivered-To: freebsd-arch@freebsd.org Received: from iatl0x01.coxmail.com (iatl1x01.coxmail.com [206.157.231.23]) by hub.freebsd.org (Postfix) with ESMTP id BF49237B406; Tue, 17 Jul 2001 16:03:25 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([209.249.161.66]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license 85f4f10023be2bd3bce00b3a38363ea2) with ESMTP id <20010717230324.DUFP1023.iatl0x01@enterprise.muriel.penguinpowered.com>; Tue, 17 Jul 2001 19:03:24 -0400 Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.5.0.FreeBSD:20010717190217:79707=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: <20010717132232.A1010@spirit.jaded.net> Date: Tue, 17 Jul 2001 19:02:17 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Dan Moschuk Subject: Re: Importing lukemftpd Cc: arch@FreeBSD.ORG Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.5.0.FreeBSD:20010717190217:79707=_ Content-Type: text/plain; charset=us-ascii On 17-Jul-2001 Dan Moschuk wrote: | || a) our ftpd and NetBSD ftpd be merged as best as possible to keep features || of || both, but try to follow NetBSD's ftpd development in our tree? || || b) we import NetBSD's ftpd AS IS and treat it like vender code with regular || imports, but break backwards compatibility? || || c) we not do anything at all and leave our ftpd as it is? | | Why not start with lukem's code, add in PAM support and other FreeBSDisms, | and | then track NetBSD from that point? Yes, that was option (a) ;) Mike -- Mike Heffner Fredericksburg, VA --_=XFMail.1.5.0.FreeBSD:20010717190217:79707=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VMP5FokZQs3sv5kRAk3RAJ9rLbjMazRsNDm7gU5qrpOU3p49GwCfeadQ vhFDdya0wNcDmkBN2lu1Pqo= =cA6A -----END PGP SIGNATURE----- --_=XFMail.1.5.0.FreeBSD:20010717190217:79707=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 16:30:51 2001 Delivered-To: freebsd-arch@freebsd.org Received: from iatl0x01.coxmail.com (iatl1x01.coxmail.com [206.157.231.23]) by hub.freebsd.org (Postfix) with ESMTP id 52EC637B406; Tue, 17 Jul 2001 16:30:46 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([209.249.161.66]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license 85f4f10023be2bd3bce00b3a38363ea2) with ESMTP id <20010717233045.DVYM1023.iatl0x01@enterprise.muriel.penguinpowered.com>; Tue, 17 Jul 2001 19:30:45 -0400 Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.5.0.FreeBSD:20010717192938:79707=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: <20010717103604.B79329@xor.obsecurity.org> Date: Tue, 17 Jul 2001 19:29:38 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Kris Kennaway Subject: Re: Importing lukemftpd Cc: obrien@FreeBSD.ORG, arch@FreeBSD.ORG Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.5.0.FreeBSD:20010717192938:79707=_ Content-Type: text/plain; charset=us-ascii On 17-Jul-2001 Kris Kennaway wrote: | On Mon, Jul 16, 2001 at 09:24:54PM -0400, Mike Heffner wrote: |> Hi, |> |> I would like to import Luke Mewburn's ftpd from NetBSD as the ftpd for |> FreeBSD. |> David had originally brought up the idea of importing it back in December, |> but |> it appears that he hasn't had the time, or other issues have come up. |> However, |> I would like to bring up the discussion again as I think it's a needed |> improvement--NetBSD's ftpd is better maintained and has better standards |> compliance. | | This has been discussed extensively over on -audit in the past. It was? All I remember was that David brought it up and the discussion quickly switched to whether patches to disable some commands before login were reviewed and/or should be committed, but the whole discussion died rather quick. I'll have to check the archives, maybe there was a different thread I missed. | Basically, I have concerns as security officer about replacing an ftpd | which has a good security track record with one which contains large | amounts of unaudited code, and has had several security problems. The | FreeBSD ftpd is used on far too many installed systems out there to | risk introducing new root vulnerabilities, no matter how good the | lukemftpd code is or how small that risk. Yes, I agree that suddenly pulling out the current ftpd from under people's feet would be a bad idea. However, lukemftpd also has alot better support for more fine grained security settings and logging mechanisms, so there's two sides to it. Also, many users looking for more functionality than our current ftpd provides will switch to using alternatives like wu-ftpd, proftpd, or others that also haven't had the best of track records. | | There are also problems with missing features as you note. The last | time this came up I offered the compromise solution of importing it | into FreeBSD to work on feature parity and to give auditors a known | base to work from, but it is not to become the default ftpd until I've I'm willing to accept this as a solution, it won't be as much of a jump and will provide the opportunity for it to get into the tree and worked upon until its ready for primetime. The only disadvantage of course would be the lack of testing exposure. | signed off on it. We now have funding to perform in-depth auditing | work on FreeBSD, so I think this would be achieved in a reasonable | timeframe (probably by 5.0-RELEASE). My original intentions were to probably not merge this into 4.x anyways. Mike -- Mike Heffner Fredericksburg, VA --_=XFMail.1.5.0.FreeBSD:20010717192938:79707=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VMpiFokZQs3sv5kRAo6UAJ44jTzFQvq+FDVcPxm9+I0G2K+jPQCfcSJw qUssiwaqbL3yX/C0wZC8nx8= =ibr3 -----END PGP SIGNATURE----- --_=XFMail.1.5.0.FreeBSD:20010717192938:79707=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 17: 1:47 2001 Delivered-To: freebsd-arch@freebsd.org Received: from kalaid.f2f.com.ua (kalaid.f2f.com.ua [62.149.0.33]) by hub.freebsd.org (Postfix) with ESMTP id 7F5B537B405; Tue, 17 Jul 2001 17:01:37 -0700 (PDT) (envelope-from sobomax@FreeBSD.org) Received: from mail.uic-in.net (root@[212.35.189.4]) by kalaid.f2f.com.ua (8.11.4/8.11.4) with ESMTP id f6I02lB02793; Wed, 18 Jul 2001 03:02:51 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Received: from notebook.vega.com (das0-l102.uic-in.net [212.35.189.229]) by mail.uic-in.net (8.11.4/8.11.4) with ESMTP id f6I00pk01057; Wed, 18 Jul 2001 03:00:53 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Date: Wed, 18 Jul 2001 03:00:53 +0300 (EEST) Message-Id: <200107180000.f6I00pk01057@mail.uic-in.net> To: alex@big.endian.de Cc: small@FreeBSD.org, arch@FreeBSD.org From: Maxim Sobolev Subject: Re: Extending md(4) to allow it use pre-compressed disk image X-Mailer: Pygmy (v0.5.10) In-Reply-To: <20010717194812.A804@zerogravity.kawo2.rwth-aachen.d> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 17 Jul 2001 19:48:12 +0200, Alexander Langer wrote: > Thus spake Maxim Sobolev (sobomax@FreeBSD.ORG): > > > size could vary), compresses each cluster using zlib and writes > > compressed clusters along with information about offset of each > > cluster into resulting image. After that compressed image could be put > > You sure that you don't produce that much overhead with all the > additional gzip headers that it doesn't worse the compression? That depends on how big your "much" is ;). It certainly produces some overhead compared to the plain gzip'ed file due to following reasons: additional index with offset of each compressed cluster (4 bytes per cluster) and clustering, which means that pieces of input treated by zlib as a fully independend data, that obviously limits the compression ratio. The former is rather small, as you can easily calculate with 16KB per cluster there will be only 1280 clusters for a 20MB image, which occupes only 5KB of data, while the latter is much bigger and it significantly depends on the size of cluster used. The following table compares results of compressing 10MB test image, which contains /bin and /etc subdirs from my workstation using different block sizes: Original size of the image: 10485760 bytes Size of the image when compressed with gzip -9: 3855949 bytes Cluster Size of Compressed Overhead Compared Amount ofRAM Size Image to gzip'ed Image Saved ------- ------------------ ----------------- ------------ 512 5,932,330 54% 4,553,430 1024 5,246,779 36% 5,238,981 2048 4,792,210 24% 5,693,550 4096 4,482,894 16% 6,002,866 8192 4,258,122 10% 6,227,638 16384 4,111,334 7% 6,374,426 32768 4,004,817 4% 6,480,943 65536 3,939,527 2% 6,546,233 Both the driver and compression utility support different block sizes, so it is really up to user whether he preffers performance over compression ratio or compression ratio over performance. Obviously that with the larger block sizes the driver will do more and more redundant work because to read some, arbitrary small portion of the cluster the driver has to decompress the whole cluster. However, provided simple MRU cahe effectively masks this effect by holding dozen of the most recently used clusters in decomressed form, so that from the performance standpoint difference between the cluster size of 512 bytes and cluster size of 16KB is ralatively small. > > I would like to know if there is enough interest in integrating this > > feature into base system, please let me know what do you think about > > it. > > Can you tell loader to load a mfs-compressed.gz? (I hope so) Yes, obviously you can, but unfortunately compression ratios achieved by compressing already compressed `mfs-compressed' images are rather low (typically less than 1%), so you wouldn't gain too much this way. :(( Please feel free to contact me with any other questions you might have. I think that among other things this new feature could be very useful to lower down minimal memory requirements during installation process, which could be a concern if we will move away from the plain old sysinstall(8) to a some GUI-based tool. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 17:45:46 2001 Delivered-To: freebsd-arch@freebsd.org Received: from kwanon.research.canon.com.au (kwanon.research.canon.com.au [203.12.172.254]) by hub.freebsd.org (Postfix) with ESMTP id 6B6C537B405; Tue, 17 Jul 2001 17:45:37 -0700 (PDT) (envelope-from iain@research.canon.com.au) Received: from bellmann.research.canon.com.au (bellmann.research.canon.com.au [10.5.0.3]) by kwanon.research.canon.com.au (Postfix) with ESMTP id 2E9C4C2BB0; Wed, 18 Jul 2001 00:52:38 +0000 (UTC) Received: from blow.research.canon.com.au (blow.research.canon.com.au [10.8.1.4]) by bellmann.research.canon.com.au (Postfix) with ESMTP id 51AB28B10; Wed, 18 Jul 2001 10:30:28 +1000 (EST) Received: by blow.research.canon.com.au (Postfix, from userid 683) id E7921328FD; Wed, 18 Jul 2001 10:45:35 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by blow.research.canon.com.au (Postfix) with ESMTP id C5556328F5; Wed, 18 Jul 2001 10:45:35 +1000 (EST) Date: Wed, 18 Jul 2001 10:45:35 +1000 (EST) From: Iain Templeton To: small@FreeBSD.org Cc: arch@freebsd.org Subject: Re: Extending md(4) to allow it use pre-compressed disk image In-Reply-To: <200107180000.f6I00pk01057@mail.uic-in.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 18 Jul 2001, Maxim Sobolev wrote: > Original size of the image: 10485760 bytes > Size of the image when compressed with gzip -9: 3855949 bytes > > Cluster Size of Compressed Overhead Compared Amount ofRAM > Size Image to gzip'ed Image Saved > ------- ------------------ ----------------- ------------ > 512 5,932,330 54% 4,553,430 > 1024 5,246,779 36% 5,238,981 > 2048 4,792,210 24% 5,693,550 > 4096 4,482,894 16% 6,002,866 > 8192 4,258,122 10% 6,227,638 > 16384 4,111,334 7% 6,374,426 > 32768 4,004,817 4% 6,480,943 > 65536 3,939,52x 2% 6,546,233 > > Both the driver and compression utility support different block > sizes, so it is really up to user whether he preffers performance > over compression ratio or compression ratio over performance. > Obviously that with the larger block sizes the driver will do > more and more redundant work because to read some, arbitrary small > portion of the cluster the driver has to decompress the whole > cluster. However, provided simple MRU cahe effectively masks this > effect by holding dozen of the most recently used clusters in > decomressed form, so that from the performance standpoint difference > between the cluster size of 512 bytes and cluster size of 16KB is > ralatively small. > I know that the cramfs of linux used 4k blocks, but that was probably because they happened to be the page size of the machine we were using. This way when they needed to load a page, only one decompress was needed, and it was the entire resulting page. Would this provide any advantage to say the VM system? Our fs image was about 650k using initrd, and 900k using cramfs, but considering that it seemed to save about 1.5 MB of system memory, that wasn't a problem. It seemed that the initrd was in memory, but being loaded into memory again when the files were used... I guess it would be useful for us to be able to run a compressed filesystem out of flash memory, so only the used bits were in memory at a time. Actually, the bigger problem is that FreeBSD doesn't run on the MPC855/860, but that may change soon. Iain My 0.022c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 19:49:21 2001 Delivered-To: freebsd-arch@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 4229637B401 for ; Tue, 17 Jul 2001 19:49:17 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 3676 invoked by uid 1000); 18 Jul 2001 02:49:03 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 Jul 2001 02:49:03 -0000 Date: Tue, 17 Jul 2001 21:49:03 -0500 (CDT) From: Mike Silbersack To: Subject: TCP Initial Sequence Numbers: We need to talk Message-ID: <20010717212424.X3382-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG As those of you watching -net and -hackers may have noticed, we're starting to see more reports of our current TCP ISN generation scheme causing problems for users. The effect is far greater than it was expected to be, and we need to fix this before 4.4 freezes. I'm no longer pushing for my previous suggestion of storing per-host sequence numbers. I have been unable to find people willing to review it, and many people concerned about having to track such state. I think I've found a solution that will be acceptable to all. But first, here's a little background on the current state of things for those who have just tuned in. In response to Tim Newsham's paper on the flaws of random positive incrementation of ISNs, we switched to using a generation scheme used by OpenBSD. The OpenBSD scheme has a few specially designed features, but can basically be classified as a random number generator. Hence, there is no monotonicity in the ISNs generated by systems using this method. For the purpose of generating ISNs for SYN-ACKs, this scheme works quite well. However, for the purpose of generating ISNs for SYNs, there are some quirks. If there is no preexisting socket on the receiver's side, a random ISN will work properly. However, if our SYN is received by a socket currently in the TIME_WAIT state, a problem arises. BSD based network stacks (including FreeBSD) check the sequence number of the incoming SYN packet for sockets in the TIME_WAIT state. If the incoming sequence number is greater than the last sequence number of the socket, the old socket is destroyed, and a new one is created in its place. However, if the incoming sequence number is less, this recycling will _not_ take place. As a result, the connection will be delayed until after the TIME_WAIT socket times out, or never connect in the case where the socket persists longer than the SYN retry timeout. When using randomly generated sequence numbers in SYNs, we cause this undesireable case to happen quite often. This causes numerous delays and failures for apps which constantly connect to another app (sql backends, etc.) So, in short, we must change algorithms. There are two guidelines we should abide by: 1. The ISNs we use in SYN-ACK packets must be as random as possible to avoid spoofing and prediction of the sequence numbers of other connections. 2. The ISNs we use in SYN packets must be monotonic on a per-(lhost,lport,rhost,rport) basis. To protect against RST and data injection attacks, they must also be unknown to anyone other than lhost and rhost. In order to meet these requirements, I propose that we use the following system: For SYN-ACKs: Use the value of arc4random() as our ISN. For SYNs: Use the value generated by the rfc1948 scheme, with the modification that the secret used in the hash be changed on a weekly basis. (This will break recycling for perhaps a minute a week, but it will ensure that the hash can not be bruteforced and also make sure that the system's uptime cannot be easily tracked.) Comments are appreciated. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 20:29: 6 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-62.dsl.lsan03.pacbell.net [63.207.60.62]) by hub.freebsd.org (Postfix) with ESMTP id BD98B37B401 for ; Tue, 17 Jul 2001 20:29:03 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 9F92166BA6; Tue, 17 Jul 2001 20:29:02 -0700 (PDT) Date: Tue, 17 Jul 2001 20:29:02 -0700 From: Kris Kennaway To: Mike Silbersack Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk Message-ID: <20010717202901.A89611@xor.obsecurity.org> References: <20010717212424.X3382-100000@achilles.silby.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010717212424.X3382-100000@achilles.silby.com>; from silby@silby.com on Tue, Jul 17, 2001 at 09:49:03PM -0500 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 17, 2001 at 09:49:03PM -0500, Mike Silbersack wrote: > In order to meet these requirements, I propose that we use the following > system: >=20 > For SYN-ACKs: Use the value of arc4random() as our ISN. >=20 > For SYNs: Use the value generated by the rfc1948 scheme, with the > modification that the secret used in the hash be changed on a weekly > basis. (This will break recycling for perhaps a minute a week, but it > will ensure that the hash can not be bruteforced and also make sure that > the system's uptime cannot be easily tracked.) >=20 > Comments are appreciated. If you're going to implement RFC 1948, why not just implement RFC 1948? :-) Kris --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VQJ9Wry0BWjoQKURAjJpAJ9gyMY14ZHHdflmArpm/PMx2N4dtQCg8UyV +/P2f7rjja0VN6VX5NicdS4= =AO2k -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 20:38:24 2001 Delivered-To: freebsd-arch@freebsd.org Received: from peter3.wemm.org (c1315225-a.plstn1.sfba.home.com [24.14.150.180]) by hub.freebsd.org (Postfix) with ESMTP id E4B2837B401 for ; Tue, 17 Jul 2001 20:38:19 -0700 (PDT) (envelope-from peter@wemm.org) Received: from overcee.netplex.com.au (overcee.wemm.org [10.0.0.3]) by peter3.wemm.org (8.11.0/8.11.0) with ESMTP id f6I3cJM17828 for ; Tue, 17 Jul 2001 20:38:19 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 2DD5838CC; Tue, 17 Jul 2001 20:38:19 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Mike Silbersack Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk In-Reply-To: <20010717212424.X3382-100000@achilles.silby.com> Date: Tue, 17 Jul 2001 20:38:19 -0700 From: Peter Wemm Message-Id: <20010718033819.2DD5838CC@overcee.netplex.com.au> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike Silbersack wrote: > > As those of you watching -net and -hackers may have noticed, we're > starting to see more reports of our current TCP ISN generation scheme > causing problems for users. The effect is far greater than it was > expected to be, and we need to fix this before 4.4 freezes. At Yahoo we're looking at attempting to port the NetBSD implementation of the BSD/OS syn_cache (compressed tcp state engine) stuff in order to improve SYN flood resiliance. The present hack (listen queue drop stuff) just is not cutting it. NetBSD have added RFC1948 support in there now as well. The NetBSD code is fairly well partitioned from the rest of the stack and has a few hooks into various places. It even has IPv6 awareness. (look at tcp_input.c, and tcp_subr.c, there are a small number of syn_cache_xxx() hooks added elsewhere.) How about attempting to kill two birds with one stone and really solve the SYN flood problem at the same time as dealing with the ISS stuff. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 20:39:54 2001 Delivered-To: freebsd-arch@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id E903437B406 for ; Tue, 17 Jul 2001 20:39:50 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 3798 invoked by uid 1000); 18 Jul 2001 03:39:49 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 Jul 2001 03:39:49 -0000 Date: Tue, 17 Jul 2001 22:39:49 -0500 (CDT) From: Mike Silbersack To: Kris Kennaway Cc: Subject: Re: TCP Initial Sequence Numbers: We need to talk In-Reply-To: <20010717202901.A89611@xor.obsecurity.org> Message-ID: <20010717223135.F3744-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 17 Jul 2001, Kris Kennaway wrote: > On Tue, Jul 17, 2001 at 09:49:03PM -0500, Mike Silbersack wrote: > > > In order to meet these requirements, I propose that we use the following > > system: > > > > For SYN-ACKs: Use the value of arc4random() as our ISN. > > > > For SYNs: Use the value generated by the rfc1948 scheme, with the > > modification that the secret used in the hash be changed on a weekly > > basis. (This will break recycling for perhaps a minute a week, but it > > will ensure that the hash can not be bruteforced and also make sure that > > the system's uptime cannot be easily tracked.) > > > > Comments are appreciated. > > If you're going to implement RFC 1948, why not just implement RFC > 1948? :-) > > Kris For SYN-ACKs: RFC1948 can only increase the predictability of the returned ISN, relative to a random number generator. For SYNs: I still have this bad feeling that the hash could be brute-forced, given enough (up)time. Actually, linux's RFC1948-like implementation reseeds every 300 seconds, if I'm reading the code correctly. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 20:51:20 2001 Delivered-To: freebsd-arch@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 73AC837B401 for ; Tue, 17 Jul 2001 20:51:18 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 3811 invoked by uid 1000); 18 Jul 2001 03:51:17 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 Jul 2001 03:51:17 -0000 Date: Tue, 17 Jul 2001 22:51:17 -0500 (CDT) From: Mike Silbersack To: Peter Wemm Cc: Subject: Re: TCP Initial Sequence Numbers: We need to talk In-Reply-To: <20010718033819.2DD5838CC@overcee.netplex.com.au> Message-ID: <20010717224921.W3744-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 17 Jul 2001, Peter Wemm wrote: > How about attempting to kill two birds with one stone and really solve the > SYN flood problem at the same time as dealing with the ISS stuff. > > Cheers, > -Peter A SYN Cache would be good (and I was planning to work on such issues when I get more time), but it's really unrelated to the issue at present. Netbsd's RFC1948 support isn't actually in use yet; it looks Jason Thorpe added it, then didn't trust it enough to enable it yet. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Tue Jul 17 23:54:53 2001 Delivered-To: freebsd-arch@freebsd.org Received: from elm.phenome.org (elm.phenome.org [194.153.169.3]) by hub.freebsd.org (Postfix) with ESMTP id 2E4F337B406 for ; Tue, 17 Jul 2001 23:54:46 -0700 (PDT) (envelope-from joshua@roughtrade.net) Received: from localhost (joshua@localhost [127.0.0.1]) by localhost (8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1) with ESMTP id f6I6seCC002576 for ; Wed, 18 Jul 2001 07:54:40 +0100 Date: Wed, 18 Jul 2001 07:54:40 +0100 (BST) From: Joshua Goodall X-X-Sender: To: Subject: Variant symlinks Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I heard that this topic came up (again!) at the kernel summit. I have a highly minimalist impl (i.e. substring-replace in vfs_lookup) and have a genuine interest/need in developing it to fully useful status. What was discussed/concluded? Is anyone actively working on this with a goal in sight? (I don't want to duplicate work) I have ideas of my own which I will summarise as "sysctl vs env: why not have both configurable" and leave further explication for later. Whatever happens I think libkern is going to gain a boyer-moore variant. (when the search-set is known in advance, a strstr clone sucks). Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 0:54: 5 2001 Delivered-To: freebsd-arch@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id 1D4EE37B401; Wed, 18 Jul 2001 00:53:59 -0700 (PDT) (envelope-from grog@lemis.com) Received: by wantadilla.lemis.com (Postfix, from userid 1004) id 2EC146ACC3; Wed, 18 Jul 2001 17:23:57 +0930 (CST) Date: Wed, 18 Jul 2001 17:23:57 +0930 From: Greg Lehey To: Mike Heffner Cc: arch@FreeBSD.ORG, obrien@freebsd.org, Luke Mewburn Subject: BSD-specific sources (was: Importing lukemftpd) Message-ID: <20010718172357.Q69861@wantadilla.lemis.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@novacoxmail.com on Mon, Jul 16, 2001 at 09:24:54PM -0400 Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Monday, 16 July 2001 at 21:24:54 -0400, Mike Heffner wrote: > Hi, > > I would like to import Luke Mewburn's ftpd from NetBSD as the ftpd for FreeBSD. > David had originally brought up the idea of importing it back in December, but > it appears that he hasn't had the time, or other issues have come up. However, > I would like to bring up the discussion again as I think it's a needed > improvement--NetBSD's ftpd is better maintained and has better standards > compliance. > > However, when looking into it I found several issues with code divergence that > I would like advice on first (ie. PAM support, some differences in ~ expansion, > and of course differences in arguments). > > So I guess my question is, should: > > a) our ftpd and NetBSD ftpd be merged as best as possible to keep features of > both, but try to follow NetBSD's ftpd development in our tree? > > b) we import NetBSD's ftpd AS IS and treat it like vender code with regular > imports, but break backwards compatibility? > > c) we not do anything at all and leave our ftpd as it is? > > > (a) of course is the best of both worlds, but it would require more work and > might make maintainership harder in the future. > > Please let me know what people think about this. Well, interestingly enough, Luke and I were talking about cooperation between the NetBSD and FreeBSD projects just over last weekend, and one of the things that we decided was that it would be desirable to add a new category of software to our source trees, software that is used by all BSDs (well, within our terms of reference, NetBSD and FreeBSD anyway). We didn't specifically mention his ftpd: we were thinking more of things like USB support. The idea would be that we might have a separate part of the source tree, like /usr/src//contrib, which is maintained either by a group of people, or (preferably) one person who ensures that it runs on all BSD platforms. The latter might be difficult to implement, especially for kernel code, and even for userland code there would be challenges. I've got a whole lot more to say on the matter, but I'm sure that people will find a number of weaknesses in my suggestions. Feel free to pick holes in the idea. Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 1: 4:57 2001 Delivered-To: freebsd-arch@freebsd.org Received: from sneakerz.org (sneakerz.org [216.33.66.254]) by hub.freebsd.org (Postfix) with ESMTP id E44D437B405; Wed, 18 Jul 2001 01:04:54 -0700 (PDT) (envelope-from bright@sneakerz.org) Received: by sneakerz.org (Postfix, from userid 1092) id A90225D010; Wed, 18 Jul 2001 03:04:51 -0500 (CDT) Date: Wed, 18 Jul 2001 03:04:51 -0500 From: Alfred Perlstein To: Greg Lehey Cc: Mike Heffner , arch@FreeBSD.ORG, obrien@freebsd.org, Luke Mewburn Subject: Re: BSD-specific sources (was: Importing lukemftpd) Message-ID: <20010718030451.G28164@sneakerz.org> References: <20010718172357.Q69861@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20010718172357.Q69861@wantadilla.lemis.com>; from grog@FreeBSD.org on Wed, Jul 18, 2001 at 05:23:57PM +0930 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Greg Lehey [010718 02:54] wrote: > > Well, interestingly enough, Luke and I were talking about cooperation > between the NetBSD and FreeBSD projects just over last weekend, and > one of the things that we decided was that it would be desirable to > add a new category of software to our source trees, software that is > used by all BSDs (well, within our terms of reference, NetBSD and > FreeBSD anyway). We didn't specifically mention his ftpd: we were > thinking more of things like USB support. The idea would be that we > might have a separate part of the source tree, like /usr/src//contrib, > which is maintained either by a group of people, or (preferably) one > person who ensures that it runs on all BSD platforms. The latter > might be difficult to implement, especially for kernel code, and even > for userland code there would be challenges. I've got a whole lot > more to say on the matter, but I'm sure that people will find a number > of weaknesses in my suggestions. Feel free to pick holes in the idea. Actually, I'd love to see this happen, not only with kernel, but with ftpd, openssh, and a bunch of "no-brainers" we could standardize on. Not only would this help with feature sharing, but we could eventually have our own meta _really_ free software system. We could call it 'SNV' - SNV is Not Viral. Look, it's recursive! -- -Alfred Perlstein [alfred@freebsd.org] Ok, who wrote this damn function called '??'? And why do my programs keep crashing in it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 9:35:55 2001 Delivered-To: freebsd-arch@freebsd.org Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id 64ABF37B401 for ; Wed, 18 Jul 2001 09:35:53 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.247.138.210.Dial1.SanJose1.Level3.net [209.247.138.210]) by falcon.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id JAA12666; Wed, 18 Jul 2001 09:35:37 -0700 (PDT) Message-ID: <3B55BAFA.B507F39C@mindspring.com> Date: Wed, 18 Jul 2001 09:36:10 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Silbersack Cc: Peter Wemm , freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk References: <20010717224921.W3744-100000@achilles.silby.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mike Silbersack wrote: > > How about attempting to kill two birds with one stone and really solve the > > SYN flood problem at the same time as dealing with the ISS stuff. > > A SYN Cache would be good (and I was planning to work on such issues when > I get more time), but it's really unrelated to the issue at present. > > Netbsd's RFC1948 support isn't actually in use yet; it looks Jason Thorpe > added it, then didn't trust it enough to enable it yet. :) Ashutosh S. Rajekar, near the end of June on -hackers, suggested that a SYN-cache that held onto the cached object even after the SYN-SYNACK-ACK, until the first data down the pipe, might be a good idea. This is much more agressive... I'm not sure it's called for, but, for high contention, high latency links, I think I like the idea much more than the simple cache that will actually allocated the inpcb, tcpcb, and socket, after getting the final ACK of the handshake. If you are actually thinking of doing this, you might want to look at using the BSDI version of the SYN cache code, instead. Neither one implements Ashutosh's "aggressive Syn cache" idea, though... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 11:23: 8 2001 Delivered-To: freebsd-arch@freebsd.org Received: from root.com (root.com [209.102.106.178]) by hub.freebsd.org (Postfix) with ESMTP id 6FF2B37B403 for ; Wed, 18 Jul 2001 11:23:05 -0700 (PDT) (envelope-from dg@root.com) Received: (from dg@localhost) by root.com (8.11.2/8.11.2) id f6IIAxG87100; Wed, 18 Jul 2001 11:10:59 -0700 (PDT) (envelope-from dg) Date: Wed, 18 Jul 2001 11:10:59 -0700 From: David Greenman To: Joshua Goodall Cc: arch@FreeBSD.org Subject: Re: Variant symlinks Message-ID: <20010718111059.K49840@nexus.root.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from joshua@roughtrade.net on Wed, Jul 18, 2001 at 07:54:40AM +0100 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > >I heard that this topic came up (again!) at the kernel summit. I have a >highly minimalist impl (i.e. substring-replace in vfs_lookup) and have a >genuine interest/need in developing it to fully useful status. > >What was discussed/concluded? Is anyone actively working on this with a >goal in sight? (I don't want to duplicate work) > >I have ideas of my own which I will summarise as "sysctl vs env: why not >have both configurable" and leave further explication for later. > >Whatever happens I think libkern is going to gain a boyer-moore variant. >(when the search-set is known in advance, a strstr clone sucks). I have an implimentation that I wrote a few weeks ago that needs some polish before I can let it out. It uses the users environment for the variable translation. -DG David Greenman Co-founder, The FreeBSD Project - http://www.freebsd.org President, TeraSolutions, Inc. - http://www.terasolutions.com Pave the road of life with opportunities. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 11:50:44 2001 Delivered-To: freebsd-arch@freebsd.org Received: from spirit.jaded.net (shortbus.groupofnine.net [216.94.132.8]) by hub.freebsd.org (Postfix) with ESMTP id 061D937B401; Wed, 18 Jul 2001 11:50:42 -0700 (PDT) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.11.4/8.11.4) id f6IIoeA01755; Wed, 18 Jul 2001 14:50:40 -0400 (EDT) (envelope-from dan) Date: Wed, 18 Jul 2001 14:50:40 -0400 From: Dan Moschuk To: Alfred Perlstein Cc: Greg Lehey , Mike Heffner , arch@FreeBSD.ORG, obrien@FreeBSD.ORG, Luke Mewburn Subject: Re: BSD-specific sources (was: Importing lukemftpd) Message-ID: <20010718145040.A1689@spirit.jaded.net> References: <20010718172357.Q69861@wantadilla.lemis.com> <20010718030451.G28164@sneakerz.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010718030451.G28164@sneakerz.org>; from bright@sneakerz.org on Wed, Jul 18, 2001 at 03:04:51AM -0500 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG | Actually, I'd love to see this happen, not only with kernel, but | with ftpd, openssh, and a bunch of "no-brainers" we could standardize | on. Not only would this help with feature sharing, but we could | eventually have our own meta _really_ free software system. | | We could call it 'SNV' - SNV is Not Viral. Look, it's recursive! Amen! I don't know how realistic a goal like this would be however. People have enough trouble testing on one operating system as it is, to suddenly through another (possibly two) more into the mix opens up a whole suite of new problems. Still, one can dream... -dan -- There is nothing wrong with Southern California that a rise in the ocean level wouldn't cure. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 11:51:40 2001 Delivered-To: freebsd-arch@freebsd.org Received: from spirit.jaded.net (shortbus.groupofnine.net [216.94.132.8]) by hub.freebsd.org (Postfix) with ESMTP id 19B9737B406 for ; Wed, 18 Jul 2001 11:51:37 -0700 (PDT) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.11.4/8.11.4) id f6IIpZ001765; Wed, 18 Jul 2001 14:51:35 -0400 (EDT) (envelope-from dan) Date: Wed, 18 Jul 2001 14:51:35 -0400 From: Dan Moschuk To: Mike Heffner Cc: arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010718145135.B1689@spirit.jaded.net> References: <20010717132232.A1010@spirit.jaded.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@novacoxmail.com on Tue, Jul 17, 2001 at 07:02:17PM -0400 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG | | Why not start with lukem's code, add in PAM support and other FreeBSDisms, | | and | | then track NetBSD from that point? | | Yes, that was option (a) ;) | | Mike Hehehe, whoops. Count my vote for option (a) then. 8) -dan -- There is nothing wrong with Southern California that a rise in the ocean level wouldn't cure. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 12:19:59 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [206.40.252.115]) by hub.freebsd.org (Postfix) with ESMTP id 37EC437B405; Wed, 18 Jul 2001 12:19:55 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f6IJIp626655; Wed, 18 Jul 2001 12:18:51 -0700 (PDT) (envelope-from obrien) Date: Wed, 18 Jul 2001 12:18:51 -0700 From: "David O'Brien" To: Bosko Milekic Cc: Mike Silbersack , Matt Dillon , arch@freebsd.org Subject: Re: cvs commit: src/sys/netinet tcp_usrreq.c Message-ID: <20010718121851.B26558@dragon.nuxi.com> Reply-To: arch@freebsd.org References: <200107132212.f6DMC3870963@earth.backplane.com> <20010714221719.K30721-100000@achilles.silby.com> <20010718081804.A96027@technokratis.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010718081804.A96027@technokratis.com>; from bmilekic@technokratis.com on Wed, Jul 18, 2001 at 08:18:04AM -0400 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [moving to arch] On Wed, Jul 18, 2001 at 08:18:04AM -0400, Bosko Milekic wrote: > Well, there is a general misunderstanding going around here. Maxusers > is merely a *HINT* on the amount of KVA space to reserve for the mbuf maps. It > is easily overriden by merely defining NMBCLUSTERS. The only `bogon' is that > NMBCLUSTERS implicitly also defines the number of mbufs. Presently, NMBUFS > gets defined to NMBCLUSTERS * 4, which may or may not be too much, depending > on whether you're using some of Bill Pauls gigE drivers or if your particular > application puts sf_bufs to good use. So do you feel these numbers are not the best for today? > In any case, both NMBUFS and NMBCLUSTERS can be easily overriden with > the respective boot-time tunable parameters. And remember, these values are > merely used to reserve KVA space. BUT they should be pretty reasonable numbers to start with. People continue to "benchmark" FreeBSD out of the box. We need to start paying more attention to the out-of-the-box settings. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 13:58:19 2001 Delivered-To: freebsd-arch@freebsd.org Received: from femail2.sdc1.sfba.home.com (femail2.sdc1.sfba.home.com [24.0.95.82]) by hub.freebsd.org (Postfix) with ESMTP id 1541337B406 for ; Wed, 18 Jul 2001 13:58:17 -0700 (PDT) (envelope-from chris@potamus.org) Received: from chris ([24.250.134.165]) by femail2.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20010718205816.ZOFR10346.femail2.sdc1.sfba.home.com@chris> for ; Wed, 18 Jul 2001 13:58:16 -0700 Message-ID: <001101c10fcc$7a7927f0$a586fa18@chris> From: "Chris Peterson" To: Subject: Re: TCP Initial Sequence Numbers: We need to talk Date: Wed, 18 Jul 2001 13:59:04 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Steve Gibson has written a paper describing his algorithm (called GENESIS) to defend against SYN floods. I don't know if he has implemented it or if his idea is even feasible. His algorithm is so simple, I suspect he must be overlooking something. Basically, he proposes that the server responds to client SYNs with a SYN/ACK whose ISN is the client SYN's ISN plus the RC5 encrypted client source IP address. When the server receives an ACK reply, it subtracts the client's ACK ISN and decrypts the result. If the decrypted value equals the client's source IP address, then this is a valid ACK. The server postpones maintaining TCP connection state until after receiving a valid ACK reply to its SYN/ACK. More information about GENESIS: http://grc.com/r&d/nomoredos2.htm chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 14: 3:55 2001 Delivered-To: freebsd-arch@freebsd.org Received: from prism.flugsvamp.com (cb58709-a.mdsn1.wi.home.com [24.17.241.9]) by hub.freebsd.org (Postfix) with ESMTP id 7A0EC37B401 for ; Wed, 18 Jul 2001 14:03:52 -0700 (PDT) (envelope-from jlemon@flugsvamp.com) Received: (from jlemon@localhost) by prism.flugsvamp.com (8.11.0/8.11.0) id f6IL3jr69969; Wed, 18 Jul 2001 16:03:45 -0500 (CDT) (envelope-from jlemon) Date: Wed, 18 Jul 2001 16:03:45 -0500 From: Jonathan Lemon To: Chris Peterson Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk Message-ID: <20010718160345.J74461@prism.flugsvamp.com> References: <001101c10fcc$7a7927f0$a586fa18@chris> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <001101c10fcc$7a7927f0$a586fa18@chris> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jul 18, 2001 at 01:59:04PM -0700, Chris Peterson wrote: > to defend against SYN floods. I don't know if he has implemented it or if > his idea is even feasible. His algorithm is so simple, I suspect he must be > overlooking something. Its not feasible; he's overlooking several things. Among them are: 1. it is susceptible to replay attacks, 2. the secret is per IP, and 3. "having the response go nowhere" is not a valid defense, if the attacker can guess it. -- Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 14:20:13 2001 Delivered-To: freebsd-arch@freebsd.org Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9]) by hub.freebsd.org (Postfix) with ESMTP id 1694B37B405 for ; Wed, 18 Jul 2001 14:20:10 -0700 (PDT) (envelope-from julian@elischer.org) Received: from InterJet.elischer.org (InterJet.elischer.org [192.168.1.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id QAA95609; Wed, 18 Jul 2001 16:08:40 -0700 (PDT) Date: Wed, 18 Jul 2001 16:08:38 -0700 (PDT) From: Julian Elischer To: Chris Peterson Cc: freebsd-arch@freebsd.org Subject: Re: TCP Initial Sequence Numbers: We need to talk In-Reply-To: <001101c10fcc$7a7927f0$a586fa18@chris> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG And what if the encoded port number comes out to be teh same as an existing port number to the same destination? Is it guaranteed that there is exactly one cleartext input for each RC5 output? This succests that the clent selects (indirectly) both sequence numbers. A new sequence number may be in the TIMEWAIT window of a recently shutdown session.. The server cannot send any data until it hears from the client with an ACK again? (e.g. cannot send "login:") On Wed, 18 Jul 2001, Chris Peterson wrote: > Steve Gibson has written a paper describing his algorithm (called GENESIS) > to defend against SYN floods. I don't know if he has implemented it or if > his idea is even feasible. His algorithm is so simple, I suspect he must be > overlooking something. > > Basically, he proposes that the server responds to client SYNs with a > SYN/ACK whose ISN is the client SYN's ISN plus the RC5 encrypted client > source IP address. When the server receives an ACK reply, it subtracts the > client's ACK ISN and decrypts the result. If the decrypted value equals the > client's source IP address, then this is a valid ACK. The server postpones > maintaining TCP connection state until after receiving a valid ACK reply to > its SYN/ACK. > > More information about GENESIS: > http://grc.com/r&d/nomoredos2.htm > > > chris > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-arch" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 15:43:11 2001 Delivered-To: freebsd-arch@freebsd.org Received: from smtp.med.und.nodak.edu (smtp.med.und.NoDak.edu [134.129.166.20]) by hub.freebsd.org (Postfix) with ESMTP id A08E737B403 for ; Wed, 18 Jul 2001 15:43:09 -0700 (PDT) (envelope-from bpederson@geocities.com) Received: from geo.med.und.nodak.edu ([134.129.166.11] helo=geocities.com) by smtp.med.und.nodak.edu with esmtp (SSLv3:RC4-MD5:128) (Exim 3.20 #1) id 15MzzZ-000G3d-00 for freebsd-arch@freebsd.org; Wed, 18 Jul 2001 17:40:29 -0500 Message-ID: <3B561053.6370CEE8@geocities.com> Date: Wed, 18 Jul 2001 17:40:19 -0500 From: Barry Pederson X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-arch@freebsd.org Subject: Re: TCP Initial Sequence Numbers: We need to talk References: <001101c10fcc$7a7927f0$a586fa18@chris> <20010718160345.J74461@prism.flugsvamp.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jonathan Lemon wrote: > > Its not feasible; he's overlooking several things. Among them > are: 1. it is susceptible to replay attacks, 2. the secret is > per IP, and 3. "having the response go nowhere" is not a valid > defense, if the attacker can guess it. 1, 2. It's protecting against spoofed SYN floods, the replay attack would have to be a non-spoofed ACK flood (since the attacker could probably figure out their own token) --or-- the attacker was also sniffing your network, could see what was in the outgoing SYN/ACK packets at least once for each spoofed IP, and then flooded with spoofed ACKs containing the encrypted token for that particular spoofed address. 3. He's assuming that guessing a 256-bit encryption key would be pretty tough, which probably would be, even if your machine uptime is many years so the key doesn't change for a long long time :) I kind of wonder though if the tiny amount of data being encrypted would somehow make a cipher easier to crack. Barry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 16:18:36 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mail.disney.com (mail.disney.com [204.128.192.15]) by hub.freebsd.org (Postfix) with ESMTP id 8484B37B401 for ; Wed, 18 Jul 2001 16:18:32 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from pain10.corp.disney.com (root@pain10.corp.disney.com [153.7.110.100]) by mail.disney.com (Switch-2.0.1/Switch-2.0.1) with SMTP id f6INHjI25798 for ; Wed, 18 Jul 2001 16:17:45 -0700 (PDT) Received: from [172.30.50.1] by pain.corp.disney.com with ESMTP for arch@freebsd.org; Wed, 18 Jul 2001 16:19:26 -0700 Received: from plio.fan.fa.disney.com (plio.fan.fa.disney.com [153.7.118.2]) by pecos.fa.disney.com (8.11.3/8.11.3) with ESMTP id f6INIUs12735 for ; Wed, 18 Jul 2001 16:18:30 -0700 (PDT) Received: from mercury.fan.fa.disney.com (mercury.fan.fa.disney.com [153.7.119.1]) by plio.fan.fa.disney.com (8.9.2/8.9.2) with ESMTP id QAA00048 for ; Wed, 18 Jul 2001 16:18:29 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from snoopy.fan.fa.disney.com by mercury.fan.fa.disney.com for arch@freebsd.org; Wed, 18 Jul 2001 16:18:29 -0700 Content-Type: text/plain; charset="us-ascii" From: Jim Pirzyk Organization: Walt Disney Feature Animation To: arch@freebsd.org Subject: Setting the default MAX Stack size Date: Wed, 18 Jul 2001 16:18:29 -0700 X-Mailer: KMail [version 1.2] MIME-Version: 1.0 Message-Id: <01071816182904.00720@snoopy> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG So I have a need to increase the max stack size in the kernel. There currently is no knob to do this. I though of implementing it like the max data size knob (MAXDSIZ). Is this the best answer or should it maybe be done via read only sysctl (and then can be set in the /boot/loader.conf)? I know how to do the former, but I am not sure about the latter. Suggestions? - JimP -- --- @(#) $Id: dot.signature,v 1.10 2001/05/17 23:38:49 Jim.Pirzyk Exp $ __o Jim.Pirzyk@disney.com ------------- pirzyk@freebsd.org _'\<,_ Senior Systems Engineer, Walt Disney Feature Animation (*)/ (*) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 17:32:22 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mail.wgate.com (mail.wgate.com [38.219.83.4]) by hub.freebsd.org (Postfix) with ESMTP id 6192037B401 for ; Wed, 18 Jul 2001 17:31:36 -0700 (PDT) (envelope-from rjesup@wgate.com) Received: from jesup.eng.tvol.net ([10.32.2.26]) by mail.wgate.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3LH07AG3; Wed, 18 Jul 2001 20:30:54 -0400 Reply-To: Randell Jesup To: arch@FreeBSD.ORG Subject: Test From: Randell Jesup Date: 18 Jul 2001 20:35:46 -0400 In-Reply-To: Greg Lehey's message of "Wed, 18 Jul 2001 17:23:57 +0930" Message-ID: User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Please excuse; my email to -arch doesn't seem to be getting through (again). -- Randell Jesup, Worldgate Communications, ex-Scala, ex-Amiga OS team ('88-94) rjesup@wgate.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 20: 4:52 2001 Delivered-To: freebsd-arch@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id C459C37B401 for ; Wed, 18 Jul 2001 20:04:47 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 6821 invoked by uid 1000); 19 Jul 2001 03:04:45 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 19 Jul 2001 03:04:45 -0000 Date: Wed, 18 Jul 2001 22:04:45 -0500 (CDT) From: Mike Silbersack To: Cc: Bosko Milekic , Matt Dillon , David O'Brien Subject: Re: cvs commit: src/sys/netinet tcp_usrreq.c In-Reply-To: <20010718121851.B26558@dragon.nuxi.com> Message-ID: <20010718214902.H6519-100000@achilles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 18 Jul 2001, David O'Brien wrote: > > In any case, both NMBUFS and NMBCLUSTERS can be easily overriden with > > the respective boot-time tunable parameters. And remember, these values are > > merely used to reserve KVA space. > > BUT they should be pretty reasonable numbers to start with. People > continue to "benchmark" FreeBSD out of the box. We need to start paying > more attention to the out-of-the-box settings. > > -- > -- David (obrien@FreeBSD.org) With tcp templates out of the way, it looks like mbufs aren't such a big deal anymore; they'll certainly decrease performance, but will no longer set a definite ceiling on the max number of sockets useable simultaneously. I think you're right in increasing the number of mbufs, but changing the scaling factor is probably the wrong way to do it; it will cause people with custom kernels to have many thousands more mbufs than they expect. In 4.x, the setting is currently at: (512 + MAXUSERS * 16) current was (1024 + MAXUSERS * 16) before your scaling change (to * 64). How about we instead change the constant amount, to perhaps: (2048 + MAXUSERS * 16) This should be pretty safe for -stable, and will help for people running benchmarks out of the box. (I'd like to do the scaling based on RAM size, but I don't have time at the moment.) Note that if we're increasing this, we should probably increase maxfiles/sockets - that's probably more important now. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 20:26: 3 2001 Delivered-To: freebsd-arch@freebsd.org Received: from sneakerz.org (sneakerz.org [216.33.66.254]) by hub.freebsd.org (Postfix) with ESMTP id 84CE537B403 for ; Wed, 18 Jul 2001 20:26:00 -0700 (PDT) (envelope-from bright@sneakerz.org) Received: by sneakerz.org (Postfix, from userid 1092) id 0ACE05D010; Wed, 18 Jul 2001 22:25:50 -0500 (CDT) Date: Wed, 18 Jul 2001 22:25:50 -0500 From: Alfred Perlstein To: Mike Silbersack Cc: arch@freebsd.org, Bosko Milekic , Matt Dillon , David O'Brien Subject: Re: cvs commit: src/sys/netinet tcp_usrreq.c Message-ID: <20010718222549.O28164@sneakerz.org> References: <20010718121851.B26558@dragon.nuxi.com> <20010718214902.H6519-100000@achilles.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20010718214902.H6519-100000@achilles.silby.com>; from silby@silby.com on Wed, Jul 18, 2001 at 10:04:45PM -0500 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG * Mike Silbersack [010718 22:04] wrote: > > On Wed, 18 Jul 2001, David O'Brien wrote: > > > > In any case, both NMBUFS and NMBCLUSTERS can be easily overriden with > > > the respective boot-time tunable parameters. And remember, these values are > > > merely used to reserve KVA space. > > > > BUT they should be pretty reasonable numbers to start with. People > > continue to "benchmark" FreeBSD out of the box. We need to start paying > > more attention to the out-of-the-box settings. > > > > -- > > -- David (obrien@FreeBSD.org) > > With tcp templates out of the way, it looks like mbufs aren't such a big > deal anymore; they'll certainly decrease performance, but will no longer > set a definite ceiling on the max number of sockets useable > simultaneously. You'll notice that there's 'redundant' (for lack of a better word) storage allocated in a socket. Basically, a socket can be a data socket, or a listening socket, you can recover at least 32 bytes per socket if you unionize based on the type. -- -Alfred Perlstein [alfred@freebsd.org] Ok, who wrote this damn function called '??'? And why do my programs keep crashing in it? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Jul 18 20:52:41 2001 Delivered-To: freebsd-arch@freebsd.org Received: from iatl0x01.coxmail.com (iatl1x01.coxmail.com [206.157.231.23]) by hub.freebsd.org (Postfix) with ESMTP id F16B237B403; Wed, 18 Jul 2001 20:52:37 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([209.249.161.66]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license 85f4f10023be2bd3bce00b3a38363ea2) with ESMTP id <20010719035237.CDUD1111.iatl0x01@enterprise.muriel.penguinpowered.com>; Wed, 18 Jul 2001 23:52:37 -0400 Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.5.0.FreeBSD:20010718235039:290=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: <20010718172357.Q69861@wantadilla.lemis.com> Date: Wed, 18 Jul 2001 23:50:39 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Greg Lehey Subject: RE: BSD-specific sources (was: Importing lukemftpd) Cc: Luke Mewburn , arch@FreeBSD.ORG Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.5.0.FreeBSD:20010718235039:290=_ Content-Type: text/plain; charset=us-ascii On 18-Jul-2001 Greg Lehey wrote: | | Well, interestingly enough, Luke and I were talking about cooperation | between the NetBSD and FreeBSD projects just over last weekend, and | one of the things that we decided was that it would be desirable to | add a new category of software to our source trees, software that is | used by all BSDs (well, within our terms of reference, NetBSD and | FreeBSD anyway). We didn't specifically mention his ftpd: we were | thinking more of things like USB support. The idea would be that we | might have a separate part of the source tree, like /usr/src//contrib, | which is maintained either by a group of people, or (preferably) one | person who ensures that it runs on all BSD platforms. The latter | might be difficult to implement, especially for kernel code, and even | for userland code there would be challenges. I've got a whole lot | more to say on the matter, but I'm sure that people will find a number | of weaknesses in my suggestions. Feel free to pick holes in the idea. Yes, I think this would be a great idea, specifically for new code. However, I have doubts on how succesfull successfulit would be for current code, especially that which has diverged significantly between the branches. Mike -- Mike Heffner Fredericksburg, VA --_=XFMail.1.5.0.FreeBSD:20010718235039:290=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VlkPFokZQs3sv5kRAjezAJ9hmjzzKXnSZAV4c0SZoI4o8ki59QCdFLLB r2kSYK1yF8t1LECguOW24KY= =OpHj -----END PGP SIGNATURE----- --_=XFMail.1.5.0.FreeBSD:20010718235039:290=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 1:13:55 2001 Delivered-To: freebsd-arch@freebsd.org Received: from scaup.mail.pas.earthlink.net (scaup.mail.pas.earthlink.net [207.217.121.49]) by hub.freebsd.org (Postfix) with ESMTP id 5FC5C37B403 for ; Thu, 19 Jul 2001 01:13:53 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.247.141.193.Dial1.SanJose1.Level3.net [209.247.141.193]) by scaup.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id BAA19885; Thu, 19 Jul 2001 01:13:48 -0700 (PDT) Message-ID: <3B5696E1.3A038FF5@mindspring.com> Date: Thu, 19 Jul 2001 01:14:25 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Barry Pederson Cc: freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk References: <001101c10fcc$7a7927f0$a586fa18@chris> <20010718160345.J74461@prism.flugsvamp.com> <3B561053.6370CEE8@geocities.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Barry Pederson wrote: > Jonathan Lemon wrote: > > > > Its not feasible; he's overlooking several things. Among them > > are: 1. it is susceptible to replay attacks, 2. the secret is > > per IP, and 3. "having the response go nowhere" is not a valid > > defense, if the attacker can guess it. > > 1, 2. It's protecting against spoofed SYN floods, the replay attack > would have to be a non-spoofed ACK flood (since the attacker could > probably figure out their own token) --or-- the attacker was also > sniffing your network, could see what was in the outgoing SYN/ACK > packets at least once for each spoofed IP, and then flooded with spoofed > ACKs containing the encrypted token for that particular spoofed address. My favorite attack for this would be to just ACK the hell out of your machine so that it burnt up all your CPU doing RC5's, which the attacker could just ignore... -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 1:15:30 2001 Delivered-To: freebsd-arch@freebsd.org Received: from scaup.mail.pas.earthlink.net (scaup.mail.pas.earthlink.net [207.217.121.49]) by hub.freebsd.org (Postfix) with ESMTP id 46DE637B403 for ; Thu, 19 Jul 2001 01:15:28 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.247.141.193.Dial1.SanJose1.Level3.net [209.247.141.193]) by scaup.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id BAA22615; Thu, 19 Jul 2001 01:15:26 -0700 (PDT) Message-ID: <3B569744.E4EDCC63@mindspring.com> Date: Thu, 19 Jul 2001 01:16:04 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Jim Pirzyk Cc: arch@FreeBSD.ORG Subject: Re: Setting the default MAX Stack size References: <01071816182904.00720@snoopy> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jim Pirzyk wrote: > So I have a need to increase the max stack size in the kernel. There > currently is no knob to do this. I though of implementing it like > the max data size knob (MAXDSIZ). Is this the best answer or should > it maybe be done via read only sysctl (and then can be set in the > /boot/loader.conf)? I know how to do the former, but I am not sure > about the latter. > > Suggestions? Change your code to not use so much auto variable space; if you are using this much space, you need to rethink your algorithm. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 1:21: 0 2001 Delivered-To: freebsd-arch@freebsd.org Received: from scaup.mail.pas.earthlink.net (scaup.mail.pas.earthlink.net [207.217.121.49]) by hub.freebsd.org (Postfix) with ESMTP id 7917D37B401 for ; Thu, 19 Jul 2001 01:20:58 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.247.141.193.Dial1.SanJose1.Level3.net [209.247.141.193]) by scaup.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id BAA00029; Thu, 19 Jul 2001 01:20:01 -0700 (PDT) Message-ID: <3B569857.D50A6FCA@mindspring.com> Date: Thu, 19 Jul 2001 01:20:39 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Alfred Perlstein Cc: Mike Silbersack , arch@FreeBSD.ORG, Bosko Milekic , Matt Dillon , "David O'Brien" Subject: Re: cvs commit: src/sys/netinet tcp_usrreq.c References: <20010718121851.B26558@dragon.nuxi.com> <20010718214902.H6519-100000@achilles.silby.com> <20010718222549.O28164@sneakerz.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Alfred Perlstein wrote: > You'll notice that there's 'redundant' (for lack of a better word) > storage allocated in a socket. Basically, a socket can be a data > socket, or a listening socket, you can recover at least 32 bytes > per socket if you unionize based on the type. That was a "secret"... 8^p. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 2:34:17 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-215.dsl.lsan03.pacbell.net [63.207.60.215]) by hub.freebsd.org (Postfix) with ESMTP id A7D4A37B405; Thu, 19 Jul 2001 02:34:14 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 7460F66C4D; Thu, 19 Jul 2001 02:34:13 -0700 (PDT) Date: Thu, 19 Jul 2001 02:34:13 -0700 From: Kris Kennaway To: Mike Heffner Cc: Greg Lehey , Luke Mewburn , arch@FreeBSD.ORG Subject: Re: BSD-specific sources (was: Importing lukemftpd) Message-ID: <20010719023412.A30128@xor.obsecurity.org> References: <20010718172357.Q69861@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@novacoxmail.com on Wed, Jul 18, 2001 at 11:50:39PM -0400 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 18, 2001 at 11:50:39PM -0400, Mike Heffner wrote: >=20 > On 18-Jul-2001 Greg Lehey wrote: > |=20 > | Well, interestingly enough, Luke and I were talking about cooperation > | between the NetBSD and FreeBSD projects just over last weekend, and > | one of the things that we decided was that it would be desirable to > | add a new category of software to our source trees, software that is > | used by all BSDs (well, within our terms of reference, NetBSD and > | FreeBSD anyway). We didn't specifically mention his ftpd: we were > | thinking more of things like USB support. The idea would be that we > | might have a separate part of the source tree, like /usr/src//contrib, > | which is maintained either by a group of people, or (preferably) one > | person who ensures that it runs on all BSD platforms. The latter > | might be difficult to implement, especially for kernel code, and even > | for userland code there would be challenges. I've got a whole lot > | more to say on the matter, but I'm sure that people will find a number > | of weaknesses in my suggestions. Feel free to pick holes in the idea. >=20 >=20 > Yes, I think this would be a great idea, specifically for new code. Howev= er, I > have doubts on how succesfull successfulit would be for current code, > especially that which has diverged significantly between the branches. Step 1: Synchronise the code Step 2: Stay in sync :-) Kris --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VqmUWry0BWjoQKURAlimAKCidbhHPPw3mzUwe1CM5XQSvq1YKQCgrJv/ 0PRlAKAEi9U5p8IA4uxzcPQ= =v4l3 -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 8:37:58 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mail.disney.com (mail.disney.com [204.128.192.15]) by hub.freebsd.org (Postfix) with ESMTP id 44E5437B405 for ; Thu, 19 Jul 2001 08:37:54 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from pain10.corp.disney.com (root@pain10.corp.disney.com [153.7.110.100]) by mail.disney.com (Switch-2.0.1/Switch-2.0.1) with SMTP id f6JFZrI04223 for ; Thu, 19 Jul 2001 08:35:53 -0700 (PDT) Received: from [172.30.50.1] by pain.corp.disney.com with ESMTP for arch@FreeBSD.ORG; Thu, 19 Jul 2001 08:37:34 -0700 Received: from plio.fan.fa.disney.com (plio.fan.fa.disney.com [153.7.118.2]) by pecos.fa.disney.com (8.11.3/8.11.3) with ESMTP id f6JFacs27457 for ; Thu, 19 Jul 2001 08:36:38 -0700 (PDT) Received: from mercury.fan.fa.disney.com (mercury.fan.fa.disney.com [153.7.119.1]) by plio.fan.fa.disney.com (8.9.2/8.9.2) with ESMTP id IAA27192 for ; Thu, 19 Jul 2001 08:36:37 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from snoopy.fan.fa.disney.com by mercury.fan.fa.disney.com; Thu, 19 Jul 2001 08:36:37 -0700 Content-Type: text/plain; charset="iso-8859-1" From: Jim Pirzyk Organization: Walt Disney Feature Animation To: Terry Lambert Subject: Re: Setting the default MAX Stack size Date: Thu, 19 Jul 2001 08:36:36 -0700 X-Mailer: KMail [version 1.2] Cc: arch@FreeBSD.ORG References: <01071816182904.00720@snoopy> <3B569744.E4EDCC63@mindspring.com> In-Reply-To: <3B569744.E4EDCC63@mindspring.com> MIME-Version: 1.0 Message-Id: <01071908363603.07804@snoopy> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thursday 19 July 2001 01:16 am, Terry Lambert wrote: > Jim Pirzyk wrote: > > So I have a need to increase the max stack size in the kernel. There > > currently is no knob to do this. I though of implementing it like > > the max data size knob (MAXDSIZ). Is this the best answer or should > > it maybe be done via read only sysctl (and then can be set in the > > /boot/loader.conf)? I know how to do the former, but I am not sure > > about the latter. > > > > Suggestions? > > Change your code to not use so much auto variable space; if > you are using this much space, you need to rethink your > algorithm. The program that is being used is by one of our developers and it is using recursion internally to do smog particle simulation over many frames (visual effects). Or systems are installed with 2GB of memory and they set there stack size to 128MB (from 64MB). The program could write its data out to disk, but then the performance gets killed. We also had to knock up the stack size on the linux systems that these programs are actually developed on. - JimP -- --- @(#) $Id: dot.signature,v 1.10 2001/05/17 23:38:49 Jim.Pirzyk Exp $ __o Jim.Pirzyk@disney.com ------------- pirzyk@freebsd.org _'\<,_ Senior Systems Engineer, Walt Disney Feature Animation (*)/ (*) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 9: 2:17 2001 Delivered-To: freebsd-arch@freebsd.org Received: from illustrious.cnchost.com (illustrious.concentric.net [207.155.252.7]) by hub.freebsd.org (Postfix) with ESMTP id BA86237B405 for ; Thu, 19 Jul 2001 09:02:14 -0700 (PDT) (envelope-from bakul@bitblocks.com) Received: from bitblocks.com (adsl-209-204-185-216.sonic.net [209.204.185.216]) by illustrious.cnchost.com id MAA23206; Thu, 19 Jul 2001 12:02:13 -0400 (EDT) [ConcentricHost SMTP Relay 1.14] Message-ID: <200107191602.MAA23206@illustrious.cnchost.com> To: Jim Pirzyk Cc: arch@FreeBSD.ORG Subject: Re: Setting the default MAX Stack size In-reply-to: Your message of "Thu, 19 Jul 2001 08:36:36 PDT." <01071908363603.07804@snoopy> Date: Thu, 19 Jul 2001 09:02:12 -0700 From: Bakul Shah Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > So I have a need to increase the max stack size in the kernel. There > > > currently is no knob to do this. I though of implementing it like > > > the max data size knob (MAXDSIZ). Is this the best answer or should > > > it maybe be done via read only sysctl (and then can be set in the > > > /boot/loader.conf)? I know how to do the former, but I am not sure > > > about the latter. > > > > > > Suggestions? > > > > Change your code to not use so much auto variable space; if > > you are using this much space, you need to rethink your > > algorithm. > > The program that is being used is by one of our developers and it > is using recursion internally to do smog particle simulation over > many frames (visual effects). Or systems are installed with > 2GB of memory and they set there stack size to 128MB (from 64MB). > > The program could write its data out to disk, but then the > performance gets killed. > > We also had to knock up the stack size on the linux systems that > these programs are actually developed on. How about something like options MAXSSIZ="(256UL*1024*1024)" in your config file? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 9: 8:15 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mail.disney.com (mail.disney.com [204.128.192.15]) by hub.freebsd.org (Postfix) with ESMTP id C5EB737B401 for ; Thu, 19 Jul 2001 09:08:12 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from pain10.corp.disney.com (root@pain10.corp.disney.com [153.7.110.100]) by mail.disney.com (Switch-2.0.1/Switch-2.0.1) with SMTP id f6JG7QI02604 for ; Thu, 19 Jul 2001 09:07:26 -0700 (PDT) Received: from [172.30.50.1] by pain.corp.disney.com with ESMTP for arch@FreeBSD.ORG; Thu, 19 Jul 2001 09:09:05 -0700 Received: from plio.fan.fa.disney.com (plio.fan.fa.disney.com [153.7.118.2]) by pecos.fa.disney.com (8.11.3/8.11.3) with ESMTP id f6JG89s00480 for ; Thu, 19 Jul 2001 09:08:09 -0700 (PDT) Received: from mercury.fan.fa.disney.com (mercury.fan.fa.disney.com [153.7.119.1]) by plio.fan.fa.disney.com (8.9.2/8.9.2) with ESMTP id JAA29900 for ; Thu, 19 Jul 2001 09:08:09 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from snoopy.fan.fa.disney.com by mercury.fan.fa.disney.com; Thu, 19 Jul 2001 09:08:08 -0700 Content-Type: text/plain; charset="iso-8859-1" From: Jim Pirzyk Organization: Walt Disney Feature Animation To: Bakul Shah Subject: Re: Setting the default MAX Stack size Date: Thu, 19 Jul 2001 09:08:08 -0700 X-Mailer: KMail [version 1.2] Cc: arch@FreeBSD.ORG References: <200107191602.MAA23206@illustrious.cnchost.com> In-Reply-To: <200107191602.MAA23206@illustrious.cnchost.com> MIME-Version: 1.0 Message-Id: <01071909080805.07804@snoopy> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thursday 19 July 2001 09:02 am, Bakul Shah wrote: > > > > So I have a need to increase the max stack size in the kernel. There > > > > currently is no knob to do this. I though of implementing it like > > > > the max data size knob (MAXDSIZ). Is this the best answer or should > > > > it maybe be done via read only sysctl (and then can be set in the > > > > /boot/loader.conf)? I know how to do the former, but I am not sure > > > > about the latter. > > > > > > > > Suggestions? > > > > > > Change your code to not use so much auto variable space; if > > > you are using this much space, you need to rethink your > > > algorithm. > > > > The program that is being used is by one of our developers and it > > is using recursion internally to do smog particle simulation over > > many frames (visual effects). Or systems are installed with > > 2GB of memory and they set there stack size to 128MB (from 64MB). > > > > The program could write its data out to disk, but then the > > performance gets killed. > > > > We also had to knock up the stack size on the linux systems that > > these programs are actually developed on. > > How about something like > > options MAXSSIZ="(256UL*1024*1024)" > > in your config file? This is the commit that I was going to do if no one else had a better idea. You do need to add MAXSSIZ to the /sys/conf/options file for config(8) to accept it, and then document it in the LINT configuration. - JimP -- --- @(#) $Id: dot.signature,v 1.10 2001/05/17 23:38:49 Jim.Pirzyk Exp $ __o Jim.Pirzyk@disney.com ------------- pirzyk@freebsd.org _'\<,_ Senior Systems Engineer, Walt Disney Feature Animation (*)/ (*) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 11:23: 8 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [206.40.252.115]) by hub.freebsd.org (Postfix) with ESMTP id B10DF37B403 for ; Thu, 19 Jul 2001 11:22:59 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f6JIMLu84507; Thu, 19 Jul 2001 11:22:21 -0700 (PDT) (envelope-from obrien) Date: Thu, 19 Jul 2001 11:22:21 -0700 From: "David O'Brien" To: Kris Kennaway Cc: Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719112221.A84356@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20010717103604.B79329@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="sdtB3X0nJg68CQEu" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010717103604.B79329@xor.obsecurity.org>; from kris@obsecurity.org on Tue, Jul 17, 2001 at 10:36:05AM -0700 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Jul 17, 2001 at 10:36:05AM -0700, Kris Kennaway wrote: > On Mon, Jul 16, 2001 at 09:24:54PM -0400, Mike Heffner wrote: > > I would like to import Luke Mewburn's ftpd from NetBSD as the ftpd > > for FreeBSD. > > This has been discussed extensively over on -audit in the past. Discussed slightly with no action on -audits part. :-( > The > FreeBSD ftpd is used on far too many installed systems out there to > risk introducing new root vulnerabilities, no matter how good the > lukemftpd code is or how small that risk. I don't think it is installed on as many as you thing. Our stock ftpd has so little functionality we send our users to wu-ftpd or ProFTPd and we know the number of security vulnerabilities those have had! > The last > time this came up I offered the compromise solution of importing it > into FreeBSD to work on feature parity and to give auditors a known > base to work from, Ok, your bluff has been called. The code has been imported and I'm attaching the diff for libexec/ftpd/Makefile and usr.bin/ftp/Makefile. To build the LukeM versions, apply my diff and remove all files other than `Makefile' and `config.h'. Some of the features in our ftpd we can loose. "SITE MD5" for instance. When it was added, it was well known that LukeM did not agree with that functionality and was not going to put it into his versions. Other functionality is antiquated and not really used. Some, like OPIE and PAM, support is missing and we certainly need to get that added. > but it is not to become the default ftpd until I've > signed off on it. Are you now holding all daemon hostage? I think you're being too strong on this statement. If this is going to be the case, please document that from now on daemon changes (or new ones) must be pre-approved by the S.O. > We now have funding to perform in-depth auditing > work on FreeBSD, so I think this would be achieved in a reasonable > timeframe (probably by 5.0-RELEASE). I want a _commitment_ for 5.0-RELEASE. I provide pointers to the source, explained the advantages of doing this; and still none of them reviewed the source. So lets set a timeline that your auditors have until November 1st to audit this. On November 1st we go live with LukeM ftpd. -- -- David (obrien@FreeBSD.org) --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ftpd-Makefile.patch" Index: Makefile =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/Makefile,v retrieving revision 1.44 diff -u -r1.44 Makefile --- Makefile 2001/07/09 17:46:24 1.44 +++ Makefile 2001/07/19 18:08:15 @@ -1,13 +1,16 @@ # @(#)Makefile 8.2 (Berkeley) 4/4/94 # $FreeBSD: src/libexec/ftpd/Makefile,v 1.44 2001/07/09 17:46:24 markm Exp $ +MAINTAINER= obrien + +LUKEMFTPD= ${.CURDIR}/../../contrib/lukemftpd +.PATH: ${LUKEMFTPD}/src + PROG= ftpd -MAN= ftpd.8 -SRCS= ftpd.c ftpcmd.y logwtmp.c popen.c +MAN= ftpd.8 ftpd.conf.5 ftpusers.5 +SRCS= cmds.c conf.c ftpd.c ftpcmd.y popen.c -CFLAGS+=-DSETPROCTITLE -DLOGIN_CAP -DVIRTUAL_HOSTING -Wall -CFLAGS+=-DINET6 -CFLAGS+=-I${.CURDIR} +CFLAGS+=-I${.CURDIR} -I${LUKEMFTPD} YFLAGS= LDADD= -lmd -lcrypt -lutil @@ -18,14 +21,20 @@ DPADD+= ${LIBOPIE} LSDIR= ../../bin/ls -.PATH: ${.CURDIR}/${LSDIR} -SRCS+= ls.c cmp.c print.c util.c -CFLAGS+=-Dmain=ls_main -I${.CURDIR}/${LSDIR} +.PATH: ${.CURDIR}/${LSDIR} +SRCS+= ls-hacked.c cmp.c print.c util.c +CFLAGS+=-I${.CURDIR}/${LSDIR} +CLEANFILES+= ls-hacked.c +ls-hacked.c: ls.c + sed -e 's/^main(/ls_main(/g' ${.ALLSRC} > ${.TARGET} + .if !defined(NOPAM) CFLAGS+=-DUSE_PAM DPADD+= ${LIBPAM} LDADD+= ${MINUSLPAM} .endif + +ftpd.o ftpcmd.o: version.h .include --sdtB3X0nJg68CQEu Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ftp-Makefile.patch" Index: Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/ftp/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- Makefile 2000/05/16 04:23:54 1.12 +++ Makefile 2001/07/19 17:48:39 @@ -6,17 +6,59 @@ # #CFLAGS+=-DGATE_SERVER=\"ftp-gw.host\" # -DGATE_PORT=21 +LUKEMFTP= ${.CURDIR}/../../contrib/lukemftp +.PATH: ${LUKEMFTP}/src ${LUKEMFTP}/libedit + PROG= ftp SRCS= cmds.c cmdtab.c complete.c domacro.c fetch.c ftp.c main.c ruserpass.c \ util.c +SRCS+= chared.c common.c el.c emacs.c hist.c key.c map.c \ + parse.c prompt.c read.c refresh.c search.c sig.c term.c tty.c vi.c \ + tokenizer.c history.c -CFLAGS+=-DINET6 -LDADD+= -ledit -ltermcap -DPADD+= ${LIBEDIT} ${LIBTERMCAP} +CFLAGS+=-I${.CURDIR} -I${LUKEMFTP} -I${LUKEMFTP}/libedit -I. +LDADD+= -ltermcap -lutil +DPADD+= ${LIBTERMCAP} ${LIBUTIL} LINKS= ${BINDIR}/ftp ${BINDIR}/pftp \ ${BINDIR}/ftp ${BINDIR}/gate-ftp MLINKS= ftp.1 pftp.1 \ ftp.1 gate-ftp.1 + +EDT= vi.h emacs.h common.h fcns.h fcns.c help.c help.h +SRCS+= ${EDT} +CLEANFILES+= ${EDT} makelist +.BEGIN: ${EDT} makelist + +makelist: makelist.in + sed -e 's/@AWK@/gawk/g' ${.ALLSRC} > ${.TARGET} + +vi.h: vi.c + cd ${.CURDIR} ; ${MAKE} makelist + sh ./makelist -h ${.ALLSRC} > ${.TARGET} + +emacs.h: emacs.c + cd ${.CURDIR} ; ${MAKE} makelist + sh ./makelist -h ${.ALLSRC} > ${.TARGET} + +common.h: common.c + cd ${.CURDIR} ; ${MAKE} makelist + sh ./makelist -h ${.ALLSRC} > ${.TARGET} + +fcns.h: vi.h emacs.h common.h + cd ${.CURDIR} ; ${MAKE} makelist + sh ./makelist -fh ${.ALLSRC} > ${.TARGET} + +fcns.c: vi.h emacs.h common.h + cd ${.CURDIR} ; ${MAKE} makelist + sh ./makelist -fc ${.ALLSRC} > ${.TARGET} + +help.c: vi.c emacs.c common.c + cd ${.CURDIR} ; ${MAKE} makelist + sh ./makelist -bc ${.ALLSRC} > ${.TARGET} + +help.h: vi.c emacs.c common.c + cd ${.CURDIR} ; ${MAKE} makelist + sh ./makelist -bh ${.ALLSRC} > ${.TARGET} .include --sdtB3X0nJg68CQEu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 12:30:21 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-215.dsl.lsan03.pacbell.net [63.207.60.215]) by hub.freebsd.org (Postfix) with ESMTP id 6C6C137B401; Thu, 19 Jul 2001 12:30:18 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 8B19766C4D; Thu, 19 Jul 2001 12:30:16 -0700 (PDT) Date: Thu, 19 Jul 2001 12:30:16 -0700 From: Kris Kennaway To: David O'Brien Cc: Kris Kennaway , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719123015.A44746@xor.obsecurity.org> References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010719112221.A84356@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Thu, Jul 19, 2001 at 11:22:21AM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 19, 2001 at 11:22:21AM -0700, David O'Brien wrote: > > but it is not to become the default ftpd until I've > > signed off on it. >=20 > Are you now holding all daemon hostage? I think you're being too strong > on this statement. If this is going to be the case, please document that > from now on daemon changes (or new ones) must be pre-approved by the S.O. You're being facetious. We've had this conversation many times before and I'm not saying anything new to you now that I haven't said before. I know you don't like it, but as security officer I get to make that decision. > > We now have funding to perform in-depth auditing > > work on FreeBSD, so I think this would be achieved in a reasonable > > timeframe (probably by 5.0-RELEASE). >=20 > I want a _commitment_ for 5.0-RELEASE. I provide pointers to the source, > explained the advantages of doing this; and still none of them reviewed > the source. So lets set a timeline that your auditors have until > November 1st to audit this. On November 1st we go live with LukeM ftpd. I can't give you a commitment, but this is going to be my top priority to request once we figure out this funding thing. It will get done. Kris --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VzVHWry0BWjoQKURApE+AKDJlvwr9CPxJij+MRmlEwiXSh3t3ACdHSEV NQUk+gvYA6isT9Q5grmFGvs= =Bi7U -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 12:31:23 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-215.dsl.lsan03.pacbell.net [63.207.60.215]) by hub.freebsd.org (Postfix) with ESMTP id 88D0E37B408; Thu, 19 Jul 2001 12:31:21 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 9A5EC66C4D; Thu, 19 Jul 2001 12:31:20 -0700 (PDT) Date: Thu, 19 Jul 2001 12:31:20 -0700 From: Kris Kennaway To: David O'Brien Cc: Kris Kennaway , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719123119.B44746@xor.obsecurity.org> References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="IrhDeMKUP4DT/M7F" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010719112221.A84356@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Thu, Jul 19, 2001 at 11:22:21AM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --IrhDeMKUP4DT/M7F Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jul 19, 2001 at 11:22:21AM -0700, David O'Brien wrote: > Index: Makefile > =================================================================== > RCS file: /home/ncvs/src/usr.bin/ftp/Makefile,v BTW, feel free to commit the ftp client whenever you feel like it, since there aren't serious security issues at stake there. Kris --IrhDeMKUP4DT/M7F Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VzWHWry0BWjoQKURAleRAJ9l6l3Wfl2uZaBugcq3XrivoQpq9wCg9uE1 cySTWdbmaJhRsbrTIMAD7zE= =u1zN -----END PGP SIGNATURE----- --IrhDeMKUP4DT/M7F-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 14:49: 4 2001 Delivered-To: freebsd-arch@freebsd.org Received: from iatl0x01.coxmail.com (iatl0x02.coxmail.com [206.157.225.11]) by hub.freebsd.org (Postfix) with ESMTP id 3CD2837B401; Thu, 19 Jul 2001 14:49:02 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([209.249.161.66]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license eaa2928f5bcba31507d4d280f1027278) with ESMTP id <20010719214900.BYEH28859.iatl0x01@enterprise.muriel.penguinpowered.com>; Thu, 19 Jul 2001 17:49:00 -0400 Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.5.0.FreeBSD:20010719174716:290=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: <20010719023412.A30128@xor.obsecurity.org> Date: Thu, 19 Jul 2001 17:47:16 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Kris Kennaway Subject: Re: BSD-specific sources (was: Importing lukemftpd) Cc: arch@FreeBSD.ORG, Luke Mewburn , Greg Lehey Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.5.0.FreeBSD:20010719174716:290=_ Content-Type: text/plain; charset=us-ascii On 19-Jul-2001 Kris Kennaway wrote: | | Step 1: Synchronise the code Only if you can agree on whose POLA to violate ;) | Step 2: Stay in sync Mike -- Mike Heffner Fredericksburg, VA --_=XFMail.1.5.0.FreeBSD:20010719174716:290=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7V1VkFokZQs3sv5kRAoYqAJ95GQAm/7yz/ggMUAt73BI38r5NpgCgllGJ XRqdr/Hy+J9MfY90U45gBuE= =Ipoz -----END PGP SIGNATURE----- --_=XFMail.1.5.0.FreeBSD:20010719174716:290=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 15:36:48 2001 Delivered-To: freebsd-arch@freebsd.org Received: from iatl0x01.coxmail.com (iatl0x02.coxmail.com [206.157.225.11]) by hub.freebsd.org (Postfix) with ESMTP id EE50637B405; Thu, 19 Jul 2001 15:36:40 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([209.249.161.66]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license eaa2928f5bcba31507d4d280f1027278) with ESMTP id <20010719223639.CBCD28859.iatl0x01@enterprise.muriel.penguinpowered.com>; Thu, 19 Jul 2001 18:36:39 -0400 Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.5.0.FreeBSD:20010719183456:290=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: <20010719112221.A84356@dragon.nuxi.com> Date: Thu, 19 Jul 2001 18:34:56 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: "David O'Brien" Subject: Re: Importing lukemftpd Cc: arch@FreeBSD.ORG, Kris Kennaway Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.5.0.FreeBSD:20010719183456:290=_ Content-Type: text/plain; charset=us-ascii On 19-Jul-2001 David O'Brien wrote: | On Tue, Jul 17, 2001 at 10:36:05AM -0700, Kris Kennaway wrote: | | Ok, your bluff has been called. The code has been imported and I'm Yay! ;) | attaching the diff for libexec/ftpd/Makefile and usr.bin/ftp/Makefile. | To build the LukeM versions, apply my diff and remove all files other | than `Makefile' and `config.h'. | | Some of the features in our ftpd we can loose. "SITE MD5" for instance. | When it was added, it was well known that LukeM did not agree with that | functionality and was not going to put it into his versions. Other | functionality is antiquated and not really used. Some, like OPIE and PAM, | support is missing and we certainly need to get that added. So does this mean that it won't be under the same tight control as most src/contrib stuff? Can we use it as the workspace sorta, for merging back in exisiting features of FreeBSD ftpd? | | I want a _commitment_ for 5.0-RELEASE. I provide pointers to the source, | explained the advantages of doing this; and still none of them reviewed At the time I was somewhat busy and couldn't find the time to look at in depth, hopefully I'll have more time now to look through it. Mike -- Mike Heffner Fredericksburg, VA --_=XFMail.1.5.0.FreeBSD:20010719183456:290=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7V2CPFokZQs3sv5kRArCrAJ0c1Qfvhi/NcW2sQJIBaMOOAMq8qQCeOoXu m56IJbvzz4z+yaW44MOo8bc= =ofUM -----END PGP SIGNATURE----- --_=XFMail.1.5.0.FreeBSD:20010719183456:290=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 15:55: 1 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [206.40.252.115]) by hub.freebsd.org (Postfix) with ESMTP id BAA7537B405; Thu, 19 Jul 2001 15:54:58 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f6JMsw390739; Thu, 19 Jul 2001 15:54:58 -0700 (PDT) (envelope-from obrien) Date: Thu, 19 Jul 2001 15:54:58 -0700 From: "David O'Brien" To: Dan Moschuk Cc: Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719155458.B90326@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20010717132232.A1010@spirit.jaded.net> <20010718145135.B1689@spirit.jaded.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010718145135.B1689@spirit.jaded.net>; from dan@FreeBSD.ORG on Wed, Jul 18, 2001 at 02:51:35PM -0400 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jul 18, 2001 at 02:51:35PM -0400, Dan Moschuk wrote: > > | | Why not start with lukem's code, add in PAM support and other FreeBSDisms, > | | and > | | then track NetBSD from that point? > | > | Yes, that was option (a) ;) > | > | Mike > > Hehehe, whoops. Count my vote for option (a) then. 8) Sorry, unless you are going to do all the work, your vote doesn't count. He who does the work.... -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 15:58:37 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [206.40.252.115]) by hub.freebsd.org (Postfix) with ESMTP id 5194E37B405 for ; Thu, 19 Jul 2001 15:58:35 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f6JMwBP90869; Thu, 19 Jul 2001 15:58:11 -0700 (PDT) (envelope-from obrien) Date: Thu, 19 Jul 2001 15:58:11 -0700 From: "David O'Brien" To: Kris Kennaway Cc: Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719155811.C90326@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123119.B44746@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010719123119.B44746@xor.obsecurity.org>; from kris@obsecurity.org on Thu, Jul 19, 2001 at 12:31:20PM -0700 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jul 19, 2001 at 12:31:20PM -0700, Kris Kennaway wrote: > On Thu, Jul 19, 2001 at 11:22:21AM -0700, David O'Brien wrote: > > > Index: Makefile > > =================================================================== > > RCS file: /home/ncvs/src/usr.bin/ftp/Makefile,v > > BTW, feel free to commit the ftp client whenever you feel like it, > since there aren't serious security issues at stake there. There aren't?? I am downloading data from a possibly hostile site. They could easily try to buffer overflow the client. Just as much a possible security vulnerability as we saw the the buffer overflows in fetchmail. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 16: 5: 4 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mass.dis.org (cust-P5-R1-105.POOL.ESR.SJO.wwc.com [206.112.104.105]) by hub.freebsd.org (Postfix) with ESMTP id 6D0EF37B405; Thu, 19 Jul 2001 16:05:00 -0700 (PDT) (envelope-from msmith@mass.dis.org) Received: from mass.dis.org (localhost [127.0.0.1]) by mass.dis.org (8.11.4/8.11.3) with ESMTP id f6JN54j02631; Thu, 19 Jul 2001 16:05:12 -0700 (PDT) (envelope-from msmith@mass.dis.org) Message-Id: <200107192305.f6JN54j02631@mass.dis.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Mike Heffner Cc: "David O'Brien" , arch@FreeBSD.ORG, Kris Kennaway Subject: Re: Importing lukemftpd In-reply-to: Your message of "Thu, 19 Jul 2001 18:34:56 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 19 Jul 2001 16:05:04 -0700 From: Mike Smith Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > | Some of the features in our ftpd we can loose. "SITE MD5" for instance. > | When it was added, it was well known that LukeM did not agree with that > | functionality and was not going to put it into his versions. Other > | functionality is antiquated and not really used. Some, like OPIE and PAM, > | support is missing and we certainly need to get that added. > > So does this mean that it won't be under the same tight control as most > src/contrib stuff? Can we use it as the workspace sorta, for merging back in > exisiting features of FreeBSD ftpd? Ideally, you'll merge these through LukeM. -- ... every activity meets with opposition, everyone who acts has his rivals and unfortunately opponents also. But not because people want to be opponents, rather because the tasks and relationships force people to take different points of view. [Dr. Fritz Todt] V I C T O R Y N O T V E N G E A N C E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 16:37:53 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-215.dsl.lsan03.pacbell.net [63.207.60.215]) by hub.freebsd.org (Postfix) with ESMTP id 387BD37B401; Thu, 19 Jul 2001 16:37:49 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 60B8866C4D; Thu, 19 Jul 2001 16:37:39 -0700 (PDT) Date: Thu, 19 Jul 2001 16:37:38 -0700 From: Kris Kennaway To: David O'Brien Cc: Kris Kennaway , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719163738.A75143@xor.obsecurity.org> References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123119.B44746@xor.obsecurity.org> <20010719155811.C90326@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010719155811.C90326@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Thu, Jul 19, 2001 at 03:58:11PM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --T4sUOijqQbZv57TR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 19, 2001 at 03:58:11PM -0700, David O'Brien wrote: > On Thu, Jul 19, 2001 at 12:31:20PM -0700, Kris Kennaway wrote: > > On Thu, Jul 19, 2001 at 11:22:21AM -0700, David O'Brien wrote: > >=20 > > > Index: Makefile > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > > RCS file: /home/ncvs/src/usr.bin/ftp/Makefile,v > >=20 > > BTW, feel free to commit the ftp client whenever you feel like it, > > since there aren't serious security issues at stake there. >=20 > There aren't?? I am downloading data from a possibly hostile site. > They could easily try to buffer overflow the client. Just as much a > possible security vulnerability as we saw the the buffer overflows in > fetchmail. Yes, but a client-side vulnerability is not the same class of vulnerability as a daemon which installed by default on all FreeBSD systems. If the code worries you, a security audit would be much appreciated. Thanks. Kris --T4sUOijqQbZv57TR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7V29BWry0BWjoQKURAm4DAKCmbGQ0+uRGcpZyArMu/xeJO6d/NQCgq5+T Xr6E+BdR94TGqdzQB5l7x/A= =nSMu -----END PGP SIGNATURE----- --T4sUOijqQbZv57TR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 17: 8:55 2001 Delivered-To: freebsd-arch@freebsd.org Received: from peter3.wemm.org (c1315225-a.plstn1.sfba.home.com [24.14.150.180]) by hub.freebsd.org (Postfix) with ESMTP id 7B0C237B401 for ; Thu, 19 Jul 2001 17:08:52 -0700 (PDT) (envelope-from peter@wemm.org) Received: from overcee.netplex.com.au (overcee.wemm.org [10.0.0.3]) by peter3.wemm.org (8.11.0/8.11.0) with ESMTP id f6K08qM26123 for ; Thu, 19 Jul 2001 17:08:52 -0700 (PDT) (envelope-from peter@wemm.org) Received: from wemm.org (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 36B7B3811; Thu, 19 Jul 2001 17:08:52 -0700 (PDT) (envelope-from peter@wemm.org) X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: tlambert2@mindspring.com Cc: Barry Pederson , freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk In-Reply-To: <3B5696E1.3A038FF5@mindspring.com> Date: Thu, 19 Jul 2001 17:08:52 -0700 From: Peter Wemm Message-Id: <20010720000852.36B7B3811@overcee.netplex.com.au> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Terry Lambert wrote: > Barry Pederson wrote: > > Jonathan Lemon wrote: > > > > > > Its not feasible; he's overlooking several things. Among them > > > are: 1. it is susceptible to replay attacks, 2. the secret is > > > per IP, and 3. "having the response go nowhere" is not a valid > > > defense, if the attacker can guess it. > > > > 1, 2. It's protecting against spoofed SYN floods, the replay attack > > would have to be a non-spoofed ACK flood (since the attacker could > > probably figure out their own token) --or-- the attacker was also > > sniffing your network, could see what was in the outgoing SYN/ACK > > packets at least once for each spoofed IP, and then flooded with spoofed > > ACKs containing the encrypted token for that particular spoofed address. > > My favorite attack for this would be to just ACK the hell > out of your machine so that it burnt up all your CPU doing > RC5's, which the attacker could just ignore... Exactly. This is the fundamental difference between classic syn cookies vs the syn_cache compressed tcp state engine stuff. syn cookies move the expensive part of the syn processing to the ack side, which you can still attack. The BSDi (and improved by NetBSD) syn_cache stuff does lightweight preprocessing and protects the expensive stack from this crud. It has optional RFC1948 (or whatever number it is) ISN support as well. Windows NT has something similar too.. They have a compressed tcp state for tracking massive numbers of TIME_WAIT connections without consuming a full pcb/tcpcb etc. I'm sure they use this for other things too. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 20:31:43 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [206.40.252.115]) by hub.freebsd.org (Postfix) with ESMTP id 8946137B406 for ; Thu, 19 Jul 2001 20:31:40 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f6K3VGt94099; Thu, 19 Jul 2001 20:31:16 -0700 (PDT) (envelope-from obrien) Date: Thu, 19 Jul 2001 20:31:16 -0700 From: "David O'Brien" To: Dima Dorfman Cc: Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719203116.A94074@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20010717053406.B6C723E2F@bazooka.unixfreak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010717053406.B6C723E2F@bazooka.unixfreak.org>; from dima@unixfreak.org on Mon, Jul 16, 2001 at 10:34:06PM -0700 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jul 16, 2001 at 10:34:06PM -0700, Dima Dorfman wrote: > > b) we import NetBSD's ftpd AS IS and treat it like vender code with regular > > imports, but break backwards compatibility? > > I think (a) with a twist is the best option; the twist is that we > should try to get as much of our local features into lukeftpd's > distribution as possible. That would be `b' and what should be followed. > This doesn't help the "more work" problem > at all, but solves the "maintainership" problem quite nicely. How? You create more work and that is easly on the maintainer? -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 20:37: 8 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [206.40.252.115]) by hub.freebsd.org (Postfix) with ESMTP id 7E21D37B409 for ; Thu, 19 Jul 2001 20:37:05 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f6K3b0A94194; Thu, 19 Jul 2001 20:37:00 -0700 (PDT) (envelope-from obrien) Date: Thu, 19 Jul 2001 20:37:00 -0700 From: "David O'Brien" To: Kris Kennaway Cc: Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719203700.B94074@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123015.A44746@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010719123015.A44746@xor.obsecurity.org>; from kris@obsecurity.org on Thu, Jul 19, 2001 at 12:30:16PM -0700 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jul 19, 2001 at 12:30:16PM -0700, Kris Kennaway wrote: > > Are you now holding all daemon hostage? I think you're being too strong > > on this statement. If this is going to be the case, please document that > > from now on daemon changes (or new ones) must be pre-approved by the S.O. > > You're being facetious. A little. But I do find that your power play seems to be arbitrarily applied to LukeM ftpd. > I can't give you a commitment, but this is going to be my top priority > to request once we figure out this funding thing. It will get done. What does funding have to do with anything? All the auditing done so far wasn't funded. If you asked your auditing contacts to spend time on this, I think they most likely would. I fail to see why you will not make a commitment. I have committed to GCC 3.0 in 5.0. I know the work that will take, but I have done it anyway. JHB has committed to proc locking for 5.0. There are numerous people that have committed to getting X done for 5.0. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 20:39:38 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [206.40.252.115]) by hub.freebsd.org (Postfix) with ESMTP id 468F337B405 for ; Thu, 19 Jul 2001 20:39:36 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f6K3dYv94243; Thu, 19 Jul 2001 20:39:34 -0700 (PDT) (envelope-from obrien) Date: Thu, 19 Jul 2001 20:39:34 -0700 From: "David O'Brien" To: Mike Heffner Cc: arch@FreeBSD.ORG, Kris Kennaway Subject: Re: Importing lukemftpd Message-ID: <20010719203934.C94074@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20010719112221.A84356@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@novacoxmail.com on Thu, Jul 19, 2001 at 06:34:56PM -0400 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jul 19, 2001 at 06:34:56PM -0400, Mike Heffner wrote: > | Some of the features in our ftpd we can loose. "SITE MD5" for instance. > | When it was added, it was well known that LukeM did not agree with that > | functionality and was not going to put it into his versions. Other > | functionality is antiquated and not really used. Some, like OPIE and PAM, > | support is missing and we certainly need to get that added. > > So does this mean that it won't be under the same tight control as most > src/contrib stuff? I don't know how I gave that impression. For now, that ftpd should be treated under normal src/contrib conventions. > Can we use it as the workspace sorta, for merging back in > exisiting features of FreeBSD ftpd? Yes. People should make _local_ modifications, use CVS to produce a diff and post. Once we have consensus on a patch set, we send off to LukeM. We import the resulting next release from him. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Thu Jul 19 21: 3:45 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-215.dsl.lsan03.pacbell.net [63.207.60.215]) by hub.freebsd.org (Postfix) with ESMTP id 2B55F37B408; Thu, 19 Jul 2001 21:03:35 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id BC7F766C4D; Thu, 19 Jul 2001 21:03:33 -0700 (PDT) Date: Thu, 19 Jul 2001 21:03:33 -0700 From: Kris Kennaway To: David O'Brien Cc: Kris Kennaway , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719210332.A78418@xor.obsecurity.org> References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123015.A44746@xor.obsecurity.org> <20010719203700.B94074@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010719203700.B94074@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Thu, Jul 19, 2001 at 08:37:00PM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 19, 2001 at 08:37:00PM -0700, David O'Brien wrote: > On Thu, Jul 19, 2001 at 12:30:16PM -0700, Kris Kennaway wrote: > > > Are you now holding all daemon hostage? I think you're being too str= ong > > > on this statement. If this is going to be the case, please document = that > > > from now on daemon changes (or new ones) must be pre-approved by the = S.O. > >=20 > > You're being facetious. >=20 > A little. But I do find that your power play seems to be arbitrarily > applied to LukeM ftpd. There haven't been any other cases of similar impact recently for me to stand up and do my thing over. If someone wanted to -- say -- commit a replacement IPv4 stack which had been rewritten from scratch, or a rewritten inetd, etc, then I'd be saying the exact same thing. I can't afford to yell and scream about the potential insecurity of every change made to FreeBSD, even though almost every commit includes the possibility to introduce insecurity, because people wouldn't stand for it (and rightly so), so I have to pick my battles and limit it to cases where I perceive the risk to be great enough. For example, that includes yelling at committers when they make a "risky" commit (i.e. to a security-critical area of the tree) which wasn't reviewed, because of the large number of times such commits have turned around and bitten us a few months later (causing sometimes dozens of person-hours of work for the security team to clean up). > > I can't give you a commitment, but this is going to be my top priority > > to request once we figure out this funding thing. It will get done. >=20 > What does funding have to do with anything? All the auditing done so far > wasn't funded. If you asked your auditing contacts to spend time on > this, I think they most likely would. I fail to see why you will not > make a commitment. I have committed to GCC 3.0 in 5.0. I know the work > that will take, but I have done it anyway. JHB has committed to proc > locking for 5.0. There are numerous people that have committed to > getting X done for 5.0. You and John are being paid to work full-time on FreeBSD, and the projects you mentioned are projects you do during your >8 hours a day of paid FreeBSD hacking time. If you were working on these in your own time, say from 10pm at night after a hard day at work, I think you'd be much less firm about your ability to complete the project according to a deadline. Auditing of a non-trivial application is time-consuming and difficult. The kinds of bugs I expect might be found in something like ftpd are not the trivial ones involving misuse of sprintf(), but the deeply embedded ones which rely on interactions between several different parts of the code. That requires someone to sit down for a week and really become intimate with the code, which isn't something that most people can do in their spare time for an hour or two here and there (which is why no-one's done this so far). If someone is being paid to do the work as part of their day job, they have the ability to do this. Kris --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7V62TWry0BWjoQKURAogWAJ4golL/6OVlFnSuKhFLlio/vjXmoACg2tqG qxelyzpoemzvrhz3YQuQUEk= =VMgL -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 8:40:26 2001 Delivered-To: freebsd-arch@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 3FD1937B405 for ; Fri, 20 Jul 2001 08:40:22 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.245.134.204.Dial1.SanJose1.Level3.net [209.245.134.204]) by hawk.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id IAA29281; Fri, 20 Jul 2001 08:40:20 -0700 (PDT) Message-ID: <3B585109.ED17E59B@mindspring.com> Date: Fri, 20 Jul 2001 08:40:57 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Jim Pirzyk Cc: arch@FreeBSD.ORG Subject: Re: Setting the default MAX Stack size References: <01071816182904.00720@snoopy> <3B569744.E4EDCC63@mindspring.com> <01071908363603.07804@snoopy> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jim Pirzyk wrote: > > On Thursday 19 July 2001 01:16 am, Terry Lambert wrote: > > Jim Pirzyk wrote: > > > So I have a need to increase the max stack size in the kernel. [ ... ] > > > Suggestions? > > > > Change your code to not use so much auto variable space; if > > you are using this much space, you need to rethink your > > algorithm. > > The program that is being used is by one of our developers and it > is using recursion internally to do smog particle simulation over > many frames (visual effects). Or systems are installed with > 2GB of memory and they set there stack size to 128MB (from 64MB). > > The program could write its data out to disk, but then the > performance gets killed. > > We also had to knock up the stack size on the linux systems that > these programs are actually developed on. I don't understand why the kernel stack size has anything to do with this, unless you are implementing this in the kernel. If you are running out of kernel stack, we need to know where, since that sould be a serious bug. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 8:44:18 2001 Delivered-To: freebsd-arch@freebsd.org Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.121.12]) by hub.freebsd.org (Postfix) with ESMTP id 5F10537B401 for ; Fri, 20 Jul 2001 08:44:14 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.245.134.204.Dial1.SanJose1.Level3.net [209.245.134.204]) by harrier.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id IAA01536; Fri, 20 Jul 2001 08:44:09 -0700 (PDT) Message-ID: <3B5851EF.19B13D73@mindspring.com> Date: Fri, 20 Jul 2001 08:44:47 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Bakul Shah Cc: Jim Pirzyk , arch@FreeBSD.ORG Subject: Re: Setting the default MAX Stack size References: <200107191602.MAA23206@illustrious.cnchost.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Bakul Shah wrote: > > > > > So I have a need to increase the max stack size in the kernel. [ ... ] > How about something like > > options MAXSSIZ="(256UL*1024*1024)" > > in your config file? This increases the maximum user space stack size, not the stack size in the kernel. If this is what he meant, then yeah, this will do it; he also needs to look at his login class in login.conf, and "ulimit"/"limit"/"limits" (based on the shell he is using), to crank up the user space quota, and not just the top end limit. If he's running in the kernel (the original question appears to be on the order of "can you put too much water in a nuclear reactor?" 8-)), that change won't help him. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 9:24:36 2001 Delivered-To: freebsd-arch@freebsd.org Received: from gull.mail.pas.earthlink.net (gull.mail.pas.earthlink.net [207.217.121.85]) by hub.freebsd.org (Postfix) with ESMTP id EA0E537B403 for ; Fri, 20 Jul 2001 09:24:32 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.245.134.204.Dial1.SanJose1.Level3.net [209.245.134.204]) by gull.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id JAA21717; Fri, 20 Jul 2001 09:24:15 -0700 (PDT) Message-ID: <3B585B55.EFBF2F01@mindspring.com> Date: Fri, 20 Jul 2001 09:24:53 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Wemm Cc: Barry Pederson , freebsd-arch@FreeBSD.ORG Subject: Re: TCP Initial Sequence Numbers: We need to talk References: <20010720000852.36B7B3811@overcee.netplex.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Peter Wemm wrote: > > My favorite attack for this would be to just ACK the hell > > out of your machine so that it burnt up all your CPU doing > > RC5's, which the attacker could just ignore... > > Exactly. This is the fundamental difference between classic syn cookies > vs the syn_cache compressed tcp state engine stuff. syn cookies move > the expensive part of the syn processing to the ack side, which you can > still attack. > > The BSDi (and improved by NetBSD) syn_cache stuff does lightweight > preprocessing and protects the expensive stack from this crud. It has > optional RFC1948 (or whatever number it is) ISN support as well. I couldn't see where this had really been improved by NetBSD; maybe you can point it out to me. I did like the suggestion last June on -hackers of delaying the state transition from compressed state to full blown state until data had been received, but it was very, very specific to applications where the client sends data first; this means it's useless for SMTP, POP3, and other servers, and you would have to make it an option on the listen socket for it to be useful (e.g. "I, the opener of the socket, promise not to speak until spoken to, when I get connections on this socket"). > Windows NT has something similar too.. They have a compressed tcp state > for tracking massive numbers of TIME_WAIT connections without consuming a > full pcb/tcpcb etc. I'm sure they use this for other things too. This is called a "TIME_WAIT zombie" structure; implementation is really trivial, but requires that the serial numbers not go backwards, as they currently do, since it would panic the kernel when it attempted to reference structure elements which weren't there, in the case that the state machine went backwards (to SYN_SENT, which is what it does, and then it hangs forever). The "SYN cache" and "TIME_WAIT zombie" issues, along with two other technologies which I'm willing to talk to you about off-list at my work address (terry#clickarray.com) are why I regretted the elimination of the TCP template, rather than a reduction in its size. It turns out that they could all use something about 60 bytes in size, and it would have been handy to have not eliminated it, and kept the code simple (not to disparage Mike's work on the elimination). I've also got some patches applicable to many of the Bill Paul drivers that should drastically reduce overhead, as well some other patches to address the top end load behaviour and receiver livelock avoidance (these are extremely complex, and have taken me several weeks to do; I have only recently stabilized them to the point I trust putting them into production). I also have some issues with the "callout wheel" timers, which I have some prototype code to address, and am looking at thevPittsburg patches for SACK and FACK (the rate halving doesn't work quite right). I think that Luigi's TSACK day has come and gone, now that it's supported by Windows by default; too bad FreeBSD didn't integrate many of these innovations earlier on, since much of the research has been taking place on FreeBSD... 8-(. Eventually, we will get FreeBSD beaten into shape, and I expect that most of what I've done will make it back to the project, if it wants it, after a couple of product releases, since we expect to push forward on other fronts which I haven't seen anyone working on yet. Integration into -current will be a bitch, though. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 9:34:18 2001 Delivered-To: freebsd-arch@freebsd.org Received: from gull.mail.pas.earthlink.net (gull.mail.pas.earthlink.net [207.217.121.85]) by hub.freebsd.org (Postfix) with ESMTP id 390E037B401; Fri, 20 Jul 2001 09:34:14 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (dialup-209.245.134.204.Dial1.SanJose1.Level3.net [209.245.134.204]) by gull.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id JAA10340; Fri, 20 Jul 2001 09:34:10 -0700 (PDT) Message-ID: <3B585D99.60A9C4C6@mindspring.com> Date: Fri, 20 Jul 2001 09:34:33 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: "David O'Brien" , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123015.A44746@xor.obsecurity.org> <20010719203700.B94074@dragon.nuxi.com> <20010719210332.A78418@xor.obsecurity.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Kris Kennaway wrote: > > > > Are you now holding all daemon hostage? I think you're being > > > > too strong on this statement. If this is going to be the case, > > > > please document that from now on daemon changes (or new ones) > > > > must be pre-approved by the S.O. > > > > > > You're being facetious. > > > > A little. But I do find that your power play seems to be arbitrarily > > applied to LukeM ftpd. > > There haven't been any other cases of similar impact recently for me > to stand up and do my thing over. If someone wanted to -- say -- > commit a replacement IPv4 stack which had been rewritten from scratch, > or a rewritten inetd, etc, then I'd be saying the exact same thing. Suggestion: make the old ftpd a port, if the NetBSD one is going to be default, since there are additional features, and it has been security audited. I, for one, will be keeping it around. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 10: 9:11 2001 Delivered-To: freebsd-arch@freebsd.org Received: from marlborough.cnchost.com (marlborough.concentric.net [207.155.248.14]) by hub.freebsd.org (Postfix) with ESMTP id 356E937B407 for ; Fri, 20 Jul 2001 10:09:02 -0700 (PDT) (envelope-from bakul@bitblocks.com) Received: from bitblocks.com (adsl-209-204-185-216.sonic.net [209.204.185.216]) by marlborough.cnchost.com id NAA29982; Fri, 20 Jul 2001 13:09:00 -0400 (EDT) [ConcentricHost SMTP Relay 1.14] Message-ID: <200107201709.NAA29982@marlborough.cnchost.com> To: tlambert2@mindspring.com Cc: Jim Pirzyk , arch@freebsd.org Subject: Re: Setting the default MAX Stack size In-reply-to: Your message of "Fri, 20 Jul 2001 08:44:47 PDT." <3B5851EF.19B13D73@mindspring.com> Date: Fri, 20 Jul 2001 10:08:59 -0700 From: Bakul Shah Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > How about something like > > > > options MAXSSIZ="(256UL*1024*1024)" > > > > in your config file? > > This increases the maximum user space stack size, not the > stack size in the kernel. > If this is what he meant, then yeah, this will do it; I too was initially confused but I believe this is what he meant based on the following (from his email): > > The program that is being used is by one of our developers and it > > is using recursion internally to do smog particle simulation over > > many frames (visual effects). Or systems are installed with > > 2GB of memory and they set there stack size to 128MB (from 64MB). Stranger things have happened but I didn't think the Disney folks had implemented smog particle simulation in the kernel space:-) Your original comment about rewriting kernel code to use less space is equally valid for user code but Pirzyk probably wanted a quick fix first. > he also needs to look at his login class in login.conf, > and "ulimit"/"limit"/"limits" (based on the shell he is > using), to crank up the user space quota, and not just > the top end limit. Yes indeed. -- bakul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 10:14:58 2001 Delivered-To: freebsd-arch@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 7D1BF37B403; Fri, 20 Jul 2001 10:14:56 -0700 (PDT) (envelope-from dima@unixfreak.org) Received: from hornet.unixfreak.org (hornet [63.198.170.140]) by bazooka.unixfreak.org (Postfix) with ESMTP id ABD0B3E2F; Fri, 20 Jul 2001 10:14:44 -0700 (PDT) To: tlambert2@mindspring.com Cc: Kris Kennaway , "David O'Brien" , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd In-Reply-To: <3B585D99.60A9C4C6@mindspring.com>; from tlambert2@mindspring.com on "Fri, 20 Jul 2001 09:34:33 -0700" Date: Fri, 20 Jul 2001 10:14:44 -0700 From: Dima Dorfman Message-Id: <20010720171444.ABD0B3E2F@bazooka.unixfreak.org> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Terry Lambert writes: > Kris Kennaway wrote: > > > > > Are you now holding all daemon hostage? I think you're being > > > > > too strong on this statement. If this is going to be the case, > > > > > please document that from now on daemon changes (or new ones) > > > > > must be pre-approved by the S.O. > > > > > > > > You're being facetious. > > > > > > A little. But I do find that your power play seems to be arbitrarily > > > applied to LukeM ftpd. > > > > There haven't been any other cases of similar impact recently for me > > to stand up and do my thing over. If someone wanted to -- say -- > > commit a replacement IPv4 stack which had been rewritten from scratch, > > or a rewritten inetd, etc, then I'd be saying the exact same thing. > > Suggestion: make the old ftpd a port, if the NetBSD one is > going to be default, since there are additional features, > and it has been security audited. I, for one, will be keeping > it around. This is a good idea. I'll do it unless somebody else wants to. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 11:23:17 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [206.40.252.115]) by hub.freebsd.org (Postfix) with ESMTP id 5BB7837B401 for ; Fri, 20 Jul 2001 11:23:14 -0700 (PDT) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f6KIMxE45308; Fri, 20 Jul 2001 11:22:59 -0700 (PDT) (envelope-from obrien) Date: Fri, 20 Jul 2001 11:22:58 -0700 From: "David O'Brien" To: Terry Lambert Cc: Kris Kennaway , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010720112258.B40565@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123015.A44746@xor.obsecurity.org> <20010719203700.B94074@dragon.nuxi.com> <20010719210332.A78418@xor.obsecurity.org> <3B585D99.60A9C4C6@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B585D99.60A9C4C6@mindspring.com>; from tlambert2@mindspring.com on Fri, Jul 20, 2001 at 09:34:33AM -0700 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Jul 20, 2001 at 09:34:33AM -0700, Terry Lambert wrote: > Suggestion: make the old ftpd a port, if the NetBSD one is > going to be default, Naturally. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 12: 4:25 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mail.disney.com (mail.disney.com [204.128.192.15]) by hub.freebsd.org (Postfix) with ESMTP id 1623C37B407 for ; Fri, 20 Jul 2001 12:04:18 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from pain10.corp.disney.com (root@pain10.corp.disney.com [153.7.110.100]) by mail.disney.com (Switch-2.0.1/Switch-2.0.1) with SMTP id f6KJ3UI14276 for ; Fri, 20 Jul 2001 12:03:30 -0700 (PDT) Received: from [172.30.50.1] by pain.corp.disney.com with ESMTP for arch@FreeBSD.ORG; Fri, 20 Jul 2001 12:04:57 -0700 Received: from plio.fan.fa.disney.com (plio.fan.fa.disney.com [153.7.118.2]) by pecos.fa.disney.com (8.11.3/8.11.3) with ESMTP id f6KJ41s27755 for ; Fri, 20 Jul 2001 12:04:01 -0700 (PDT) Received: from mercury.fan.fa.disney.com (mercury.fan.fa.disney.com [153.7.119.1]) by plio.fan.fa.disney.com (8.9.2/8.9.2) with ESMTP id MAA01783 for ; Fri, 20 Jul 2001 12:04:00 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from snoopy.fan.fa.disney.com by mercury.fan.fa.disney.com; Fri, 20 Jul 2001 12:04:00 -0700 Content-Type: text/plain; charset="iso-8859-1" From: Jim Pirzyk Organization: Walt Disney Feature Animation To: Terry Lambert Subject: Re: Setting the default MAX Stack size Date: Fri, 20 Jul 2001 12:04:00 -0700 X-Mailer: KMail [version 1.2] Cc: arch@FreeBSD.ORG References: <01071816182904.00720@snoopy> <01071908363603.07804@snoopy> <3B585109.ED17E59B@mindspring.com> In-Reply-To: <3B585109.ED17E59B@mindspring.com> MIME-Version: 1.0 Message-Id: <0107201204000G.07804@snoopy> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Friday 20 July 2001 08:40 am, Terry Lambert wrote: > Jim Pirzyk wrote: > > On Thursday 19 July 2001 01:16 am, Terry Lambert wrote: > > > Jim Pirzyk wrote: > > > > So I have a need to increase the max stack size in the kernel. > > [ ... ] > > > > > Suggestions? > > > > > > Change your code to not use so much auto variable space; if > > > you are using this much space, you need to rethink your > > > algorithm. > > > > The program that is being used is by one of our developers and it > > is using recursion internally to do smog particle simulation over > > many frames (visual effects). Or systems are installed with > > 2GB of memory and they set there stack size to 128MB (from 64MB). > > > > The program could write its data out to disk, but then the > > performance gets killed. > > > > We also had to knock up the stack size on the linux systems that > > these programs are actually developed on. > > I don't understand why the kernel stack size has anything to > do with this, unless you are implementing this in the kernel. > > If you are running out of kernel stack, we need to know where, > since that sould be a serious bug. Ah, here is the disconnect. I am talking the user's max stack size which is a parameter in the kernel, not the kernel's stack size. Changing MAXSSIZ in the kernel allows you to type limit stacksize 262143 - JimP -- --- @(#) $Id: dot.signature,v 1.10 2001/05/17 23:38:49 Jim.Pirzyk Exp $ __o Jim.Pirzyk@disney.com ------------- pirzyk@freebsd.org _'\<,_ Senior Systems Engineer, Walt Disney Feature Animation (*)/ (*) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 12:56:28 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mail.disney.com (mail.disney.com [204.128.192.15]) by hub.freebsd.org (Postfix) with ESMTP id BC6B137B405 for ; Fri, 20 Jul 2001 12:56:24 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from pain10.corp.disney.com (root@pain10.corp.disney.com [153.7.110.100]) by mail.disney.com (Switch-2.0.1/Switch-2.0.1) with SMTP id f6KJtbI23365 for ; Fri, 20 Jul 2001 12:55:37 -0700 (PDT) Received: from [172.30.50.1] by pain.corp.disney.com with ESMTP for arch@freebsd.org; Fri, 20 Jul 2001 12:56:39 -0700 Received: from plio.fan.fa.disney.com (plio.fan.fa.disney.com [153.7.118.2]) by pecos.fa.disney.com (8.11.3/8.11.3) with ESMTP id f6KJths03605 for ; Fri, 20 Jul 2001 12:55:43 -0700 (PDT) Received: from mercury.fan.fa.disney.com (mercury.fan.fa.disney.com [153.7.119.1]) by plio.fan.fa.disney.com (8.9.2/8.9.2) with ESMTP id MAA07448 for ; Fri, 20 Jul 2001 12:55:42 -0700 (PDT) (envelope-from Jim.Pirzyk@disney.com) Received: from snoopy.fan.fa.disney.com by mercury.fan.fa.disney.com; Fri, 20 Jul 2001 12:55:41 -0700 Content-Type: text/plain; charset="iso-8859-1" From: Jim Pirzyk Organization: Walt Disney Feature Animation To: Bakul Shah , tlambert2@mindspring.com Subject: Re: Setting the default MAX Stack size Date: Fri, 20 Jul 2001 12:55:41 -0700 X-Mailer: KMail [version 1.2] Cc: arch@freebsd.org References: <200107201709.NAA29982@marlborough.cnchost.com> In-Reply-To: <200107201709.NAA29982@marlborough.cnchost.com> MIME-Version: 1.0 Message-Id: <0107201255410J.07804@snoopy> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Friday 20 July 2001 10:08 am, Bakul Shah wrote: > > > How about something like > > > > > > options MAXSSIZ="(256UL*1024*1024)" > > > > > > in your config file? > > > > This increases the maximum user space stack size, not the > > stack size in the kernel. > > > > If this is what he meant, then yeah, this will do it; > > I too was initially confused but I believe this is what he > > meant based on the following (from his email): > > > The program that is being used is by one of our developers and it > > > is using recursion internally to do smog particle simulation over > > > many frames (visual effects). Or systems are installed with > > > 2GB of memory and they set there stack size to 128MB (from 64MB). > > Stranger things have happened but I didn't think the Disney > folks had implemented smog particle simulation in the kernel > space:-) > > Your original comment about rewriting kernel code to use less > space is equally valid for user code but Pirzyk probably > wanted a quick fix first. This is what I get for being sufficiently vague in my inital email. We would have some software developers that would like to implement the particle simulations in the kernel so they could run faster :) Yes we could get them to rewrite the code, but since the increase of swap to the availble memory was not drastic, I though this would be the best answer for all. Thanks all. - JimP -- --- @(#) $Id: dot.signature,v 1.10 2001/05/17 23:38:49 Jim.Pirzyk Exp $ __o Jim.Pirzyk@disney.com ------------- pirzyk@freebsd.org _'\<,_ Senior Systems Engineer, Walt Disney Feature Animation (*)/ (*) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Fri Jul 20 17:30:18 2001 Delivered-To: freebsd-arch@freebsd.org Received: from smtp6ve.mailsrvcs.net (smtp6vepub.gte.net [206.46.170.27]) by hub.freebsd.org (Postfix) with ESMTP id EA96537B40B for ; Fri, 20 Jul 2001 17:30:03 -0700 (PDT) (envelope-from info@wpi2001.com) Received: from wpi2001.com (client-141-150-248-226.delval.dialup.bellatlantic.net [141.150.248.226]) by smtp6ve.mailsrvcs.net (8.9.1/8.9.1) with SMTP id AAA44607640 for ; Sat, 21 Jul 2001 00:30:02 GMT Message-Id: <200107210030.AAA44607640@smtp6ve.mailsrvcs.net> From: "Washington Promotions International" To: Subject: Official America's Cup Jubilee Announcement Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Date: Fri, 20 Jul 2001 20:29:11 -0400 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG WASHINGTON PROMOTIONS INTERNATIONAL HONORED BY THE AMERICA'S CUP JUBILEE 2001 The America's Cup Jubilee Governing Committee in Cowes, United Kingdom has selected Washington Promotions International as the official U.S.A. merchandise licensee for the 150th Anniversary of the America's Cup. Please visit this web site to see the array of clothing, compasses, barometers and other commemorative items. http://wpi2001.com/index2.html Individuals, yacht and sailing clubs, and corporations everywhere, currently have the opportunity to acquire special items with ACJ2001 logo. Additionally, you may also choose to add your own logo to these fine items. This is a once in a lifetime opportunity to celebrate an event of this caliber and prestige. Please post to your newsletter or bulletin board. If you have any questions contact: Vassil C. Yanco (281)292-9810 Office (281)292-9331 Fax E-mail: info@wpi2001.com Web Site: http://wpi2001.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Jul 21 4:43: 2 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 423E337B405 for ; Sat, 21 Jul 2001 04:43:00 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id VAA01663; Sat, 21 Jul 2001 21:42:54 +1000 Date: Sat, 21 Jul 2001 21:40:37 +1000 (EST) From: Bruce Evans X-Sender: bde@besplex.bde.org To: Jim Pirzyk Cc: arch@FreeBSD.ORG Subject: Re: Setting the default MAX Stack size In-Reply-To: <01071816182904.00720@snoopy> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 18 Jul 2001, Jim Pirzyk wrote: > So I have a need to increase the max stack size in the kernel. There > currently is no knob to do this. I though of implementing it like > the max data size knob (MAXDSIZ). Is this the best answer or should > it maybe be done via read only sysctl (and then can be set in the > /boot/loader.conf)? I know how to do the former, but I am not sure > about the latter. This (set MAXSSIZ in the same way as MAXDSIZ) is the best answer. There is no point in making it more tunable than MAXDSIZ. Notes: - MAXSSIZ used to be an option, just like MAXDSIZ. There are ifdefs for both in . This was broken by not putting MAXSSIZ in sys/conf/options. - the stack size should normally be limited using login.conf or the stack size rlimit. These don't apply here because MAXSSIZ gives the maximum that can be set using these. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Sat Jul 21 21:13: 3 2001 Delivered-To: freebsd-arch@freebsd.org Received: from iatl0x01.coxmail.com (iatl0x02.coxmail.com [206.157.225.11]) by hub.freebsd.org (Postfix) with ESMTP id 7215637B401; Sat, 21 Jul 2001 21:12:59 -0700 (PDT) (envelope-from mheffner@novacoxmail.com) Received: from enterprise.muriel.penguinpowered.com ([209.249.161.66]) by iatl0x01.coxmail.com (InterMail vK.4.03.02.00 201-232-124 license eaa2928f5bcba31507d4d280f1027278) with ESMTP id <20010722041258.WZQ10268.iatl0x01@enterprise.muriel.penguinpowered.com>; Sun, 22 Jul 2001 00:12:58 -0400 Message-ID: X-Mailer: XFMail 1.5.0 on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.5.0.FreeBSD:20010722001142:18955=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: Date: Sun, 22 Jul 2001 00:11:42 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Mike Heffner Subject: RE: Importing lukemftpd Cc: obrien@freebsd.org, arch@FreeBSD.ORG, dan@freebsd.org Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.5.0.FreeBSD:20010722001142:18955=_ Content-Type: text/plain; charset=us-ascii Ok, for anyone that is doing any work with lukemftpd (ie. auditing, merging in changes, trying to get it work, ...), I've setup the following directory that I'll try to keep up to date with any patches: http://people.freebsd.org/~mikeh/diffs/lukemftpd/ Right now I just have two diffs in there, the first is a 's/GLOB_LIMIT/GLOB_MAXPATH' which prevents it from segfaulting when doing any globbing, the second is a quick hack I put together to add the daemon mode (-D) option -- which I used to debug the first patch ;) Mike -- Mike Heffner Fredericksburg, VA --_=XFMail.1.5.0.FreeBSD:20010722001142:18955=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7WlJ+FokZQs3sv5kRAhzKAJsEUT78PpqlHm1zQLAy02Ezba5uBQCfeWzM RgcgwQLrcE1XCUObo83ZUlQ= =10LR -----END PGP SIGNATURE----- --_=XFMail.1.5.0.FreeBSD:20010722001142:18955=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message