Tim Vanderhoek <[EMAIL PROTECTED]> writes:
> Have you run your systems with J-grep as a replacement for GNU grep
> for a while (making sure nothing breaks)?
Yes.
> There seems to be at least one dependency on GNU grep in
> /ports/Mk/bsd.port.mk where the -F argument is used.
-F is implemented.
Sheldon Hearn <[EMAIL PROTECTED]> writes:
> In this case, the implementation we'll be introducing will introduce a
> performance loss, not a gain.
Can you document that?
> As far as stability goes, there's a loss
> involved _if_ passing the GNU grep regression tests
"Brian F. Feldman" <[EMAIL PROTECTED]> writes:
> That's true. I'd like to see the replacement grep do mmaping of the
> input files if it doesn't already, as that would speed it up.
Shouldn't be too hard to implement, the way file operations are
abstracted. Patches? :)
DES
--
Dag-Erling Smorgrav
On Tue, 27 Jul 1999, Nate Williams wrote:
> > If it will get ALL of you to give it a rest, how about:
> > per-rule logging limits
> > logging limit raising
> > logging limit resetting
> > Which would all NOT affect the statistics?
>
> We need more input from people who use the code, t
Hi!
I have created a script to integrate FreBSD 3.2, KAME and PAO.
As a result I have the following source trees:
- FREEBSD+KAME("make world" is working :-)
- FREEBSD+PAO (haven't tested yet, no conflicts)
- FREEBSD+KAME+PAO(haven't tested yet, 2 minor conflicts)
Once I have
> various researchers and early-adopters, all of which can go to the
> KAME site and grab the patches to 3.2-stable if they want to play now,
> today. If we haven't done a good enough job of making that clear and
> are suffering from defections to other *BSDs because of this, then we
> just need t
> I think u must read following:
> http://www.freebsd.org/releases/3.2R/errata.html
There is nothing on the 3.2 errata that addresses this.
--
-- David(obr...@nuxi.com -or- obr...@freebsd.org)
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the bo
On Tue, 27 Jul 1999, Nate Williams wrote:
> > If it will get ALL of you to give it a rest, how about:
> > per-rule logging limits
> > logging limit raising
> > logging limit resetting
> > Which would all NOT affect the statistics?
>
> We need more input from people who use the code,
> I've had some interesting comments from David Bushong, motivating for
> inclusion of his Magdir candidate on PR 12554. He makes a strong case
> for a bloated file(1) Magdir. The only thing we're battling with is a
> filename for his submission.
My advice would be to submit his PR to Chris Demtri
Hi!
I have created a script to integrate FreBSD 3.2, KAME and PAO.
As a result I have the following source trees:
- FREEBSD+KAME("make world" is working :-)
- FREEBSD+PAO (haven't tested yet, no conflicts)
- FREEBSD+KAME+PAO(haven't tested yet, 2 minor conflicts)
Once I have
> A more general concern is whether Henry Spencer's regex routines
> -- at least in our present "alpha-quality" version -- are up to
I spoke to Henry at USENIX and he said he has a new version of his regex
library. I have added it to my plate of things to update.
--
-- David(obr...@nuxi.com
$ uname -a
$ grep foo NONEXIST
Segmentation fault (core dumped)
$ gdb /usr/bin/grep grep.core
...
(no debugging symbols found)...
Core was generated by `grep'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.2...(no debugging symbols found)...done.
Rea
> various researchers and early-adopters, all of which can go to the
> KAME site and grab the patches to 3.2-stable if they want to play now,
> today. If we haven't done a good enough job of making that clear and
> are suffering from defections to other *BSDs because of this, then we
> just need
> If it will get ALL of you to give it a rest, how about:
> per-rule logging limits
> logging limit raising
> logging limit resetting
> Which would all NOT affect the statistics?
We need more input from people who use the code, to make sure they don't
depend on the current 'featu
> http://www.freebsd.org/~des/software/grep-0.7.tar.gz>
Before importing, it must display a version number of 1.0 (or drop the
version number). This is not Linux where everything is version 0.xy.
--
-- David(obr...@nuxi.com -or- obr...@freebsd.org)
To Unsubscribe: send mail to majord..
> I think u must read following:
> http://www.freebsd.org/releases/3.2R/errata.html
There is nothing on the 3.2 errata that addresses this.
--
-- David([EMAIL PROTECTED] -or- [EMAIL PROTECTED])
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body
Due to the discussion of speed, I have been looking at it and it is really
slow. Even slower than I thought and I was thinking it was pretty slow.
So using gprof, I have discovered that it seems to spend a whole mess of
time in grep_malloc() and free(). So I pulled all the references to
malloc i
> I've had some interesting comments from David Bushong, motivating for
> inclusion of his Magdir candidate on PR 12554. He makes a strong case
> for a bloated file(1) Magdir. The only thing we're battling with is a
> filename for his submission.
My advice would be to submit his PR to Chris Demtr
> A better patch would check to see if the text to the right of the '.'
> is a valid group... However, the above will still parse
>
> fred.jones:fred.jones
>
> in the most desirable way, so I suppose the validity checking is
> overkill.
This is what I plan to commit (w/in minutes):
-
> A more general concern is whether Henry Spencer's regex routines
> -- at least in our present "alpha-quality" version -- are up to
I spoke to Henry at USENIX and he said he has a new version of his regex
library. I have added it to my plate of things to update.
--
-- David([EMAIL PROTECT
$ uname -a
$ grep foo NONEXIST
Segmentation fault (core dumped)
$ gdb /usr/bin/grep grep.core
...
(no debugging symbols found)...
Core was generated by `grep'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.2...(no debugging symbols found)...done.
Re
> If it will get ALL of you to give it a rest, how about:
> per-rule logging limits
> logging limit raising
> logging limit resetting
> Which would all NOT affect the statistics?
We need more input from people who use the code, to make sure they don't
depend on the current 'feat
> http://www.freebsd.org/~des/software/grep-0.7.tar.gz>
Before importing, it must display a version number of 1.0 (or drop the
version number). This is not Linux where everything is version 0.xy.
--
-- David([EMAIL PROTECTED] -or- [EMAIL PROTECTED])
To Unsubscribe: send mail to [EMAIL
Due to the discussion of speed, I have been looking at it and it is really
slow. Even slower than I thought and I was thinking it was pretty slow.
So using gprof, I have discovered that it seems to spend a whole mess of
time in grep_malloc() and free(). So I pulled all the references to
malloc
In message <19755.933088...@axl.noc.iafrica.com> Sheldon Hearn writes:
: +#ifdef SUPPORT_DOT
: +/* Older configurations used '.' between user and group */
: +if ((group = strchr(q, ':')) != NULL ||
: +(group = strchr(q, '.')) != NULL) {
: +#else
:
On Wed, 28 Jul 1999 09:44:03 +0800
Peter Wemm wrote:
> > As far as I can tell, this is a RealTek 8139 board.
>
> Oh my, SMC must be really lowering their standards...
The SMC9432TX is still an EPIC/100. The newer revs of that board are
bug-free (unlike earlier models). I've had quite a l
In message <87126.933053...@axl.noc.iafrica.com> Sheldon Hearn writes:
: I have a feeling it'll be time soon enough for us to make each of the
: decisions that is normally affected by securelevel dependant on the
: value of sysctl knobs. Presumeably one or more of them would be
: "write-once" knobs
> A better patch would check to see if the text to the right of the '.'
> is a valid group... However, the above will still parse
>
> fred.jones:fred.jones
>
> in the most desirable way, so I suppose the validity checking is
> overkill.
This is what I plan to commit (w/in minutes):
-
If it will get ALL of you to give it a rest, how about:
per-rule logging limits
logging limit raising
logging limit resetting
Which would all NOT affect the statistics?
I am, yes, suggesting I will implement it.
Brian Fundakowski Feldman _ __ ___ ___ ___ ___
In message <[EMAIL PROTECTED]> Sheldon Hearn writes:
: +#ifdef SUPPORT_DOT
: +/* Older configurations used '.' between user and group */
: +if ((group = strchr(q, ':')) != NULL ||
: +(group = strchr(q, '.')) != NULL) {
: +#else
:
On Wed, 28 Jul 1999 09:44:03 +0800
Peter Wemm <[EMAIL PROTECTED]> wrote:
> > As far as I can tell, this is a RealTek 8139 board.
>
> Oh my, SMC must be really lowering their standards...
The SMC9432TX is still an EPIC/100. The newer revs of that board are
bug-free (unlike earlier models).
In message <[EMAIL PROTECTED]> Sheldon Hearn writes:
: I have a feeling it'll be time soon enough for us to make each of the
: decisions that is normally affected by securelevel dependant on the
: value of sysctl knobs. Presumeably one or more of them would be
: "write-once" knobs. :-)
Yes. That
If it will get ALL of you to give it a rest, how about:
per-rule logging limits
logging limit raising
logging limit resetting
Which would all NOT affect the statistics?
I am, yes, suggesting I will implement it.
Brian Fundakowski Feldman _ __ ___ ___ ___ ___
On Tue, Jul 27, 1999 at 01:37:35PM +0200, Dag-Erling Smorgrav wrote:
> Jamie Howard (howar...@wam.umd.edu), with a little help from yours
> truly, has written a BSD-licensed version of grep(1) which has all the
> functionality of our current (GPLed) implementation, plus a little
> more, in one seve
Jason Thorpe wrote:
> On Tue, 27 Jul 1999 14:14:33 -0700
> "Kelly D. Lucas" wrote:
>
> > Is there a FreeBSD driver the the SMC 1211TX 10/100 EZ Ethernet Card?
>
> As far as I can tell, this is a RealTek 8139 board.
Oh my, SMC must be really lowering their standards...
Cheers,
-Peter
To U
On Wednesday, 28 July 1999 at 3:04:25 +1000, Sue Blake wrote:
> I want to add some maintenance tasks to be run weekly (maybe daily ones too).
> There seem to be at least five ways to do this:
>
> Just add it to the system crontab
> - Can run at a different time, if necessary. Leaves periodic unmo
On Tue, Jul 27, 1999 at 01:37:35PM +0200, Dag-Erling Smorgrav wrote:
> Jamie Howard ([EMAIL PROTECTED]), with a little help from yours
> truly, has written a BSD-licensed version of grep(1) which has all the
> functionality of our current (GPLed) implementation, plus a little
> more, in one sevent
Jason Thorpe wrote:
> On Tue, 27 Jul 1999 14:14:33 -0700
> "Kelly D. Lucas" <[EMAIL PROTECTED]> wrote:
>
> > Is there a FreeBSD driver the the SMC 1211TX 10/100 EZ Ethernet Card?
>
> As far as I can tell, this is a RealTek 8139 board.
Oh my, SMC must be really lowering their standards...
Ch
On Wednesday, 28 July 1999 at 3:04:25 +1000, Sue Blake wrote:
> I want to add some maintenance tasks to be run weekly (maybe daily ones too).
> There seem to be at least five ways to do this:
>
> Just add it to the system crontab
> - Can run at a different time, if necessary. Leaves periodic unm
On Tue, 27 Jul 1999, James Howard wrote:
> On Tue, 27 Jul 1999, Doug wrote:
>
> > Ah, well, if the world were limited to just what I could imagine,
> > how boring would that be? The more complete the feature set, the better
> > off we are for my money.
>
> You misinterpretted, I didn't know
* From: Tim Vanderhoek
* I can claim a bit of the responsibility. It was done after Sue Blake
* complained that there was no way to distinguish packages requiring X
* from those that didn't. I wrote some extended message discussing
* different types of dependencies, and then Satoshi wrote
On 27 Jul 1999, Dag-Erling Smorgrav wrote:
> I move that we replace GNU grep in our source tree with this
> implementation, once it's been reviewed by all concerned parties.
Normally I don't post "me too" messages. I'll make an exception.
Me too.
--
- bill fumerola - bi...@chc-chimes.com - BF1
On Tue, Jul 27, 1999 at 05:12:49PM +0930, Greg Lehey wrote:
> each. But I think you could eliminate these ones:
>
> > /etc/gettytab
> > /etc/login.conf
> > /etc/ttys
>
I'm not shure on /etc/ttys - init reads it already for singleuser-mode
to check if /dev/console is secure.
--
B.Walter
On Tue, 27 Jul 1999, Doug wrote:
> Ah, well, if the world were limited to just what I could imagine,
> how boring would that be? The more complete the feature set, the better
> off we are for my money.
You misinterpretted, I didn't know you could do that therefore I didn't
implement that.
On Tue, 27 Jul 1999, James Howard wrote:
> On Tue, 27 Jul 1999, Doug wrote:
>
> > Ah, well, if the world were limited to just what I could imagine,
> > how boring would that be? The more complete the feature set, the better
> > off we are for my money.
>
> You misinterpretted, I didn't know
* From: Tim Vanderhoek <[EMAIL PROTECTED]>
* I can claim a bit of the responsibility. It was done after Sue Blake
* complained that there was no way to distinguish packages requiring X
* from those that didn't. I wrote some extended message discussing
* different types of dependencies, and
On Tue, 27 Jul 1999, Jordan K. Hubbard wrote:
> > But we can install from a single downloaded boot floppy, over the
> > Internet, which is better.
>
> 1. Irrelevant, since most people who want to try BSD/OS out probably
>aren't concerned about how FreeBSD installs itself; they're
>simply
On 27 Jul 1999, Dag-Erling Smorgrav wrote:
> I move that we replace GNU grep in our source tree with this
> implementation, once it's been reviewed by all concerned parties.
Normally I don't post "me too" messages. I'll make an exception.
Me too.
--
- bill fumerola - [EMAIL PROTECTED] - BF156
On Tue, Jul 27, 1999 at 05:12:49PM +0930, Greg Lehey wrote:
> each. But I think you could eliminate these ones:
>
> > /etc/gettytab
> > /etc/login.conf
> > /etc/ttys
>
I'm not shure on /etc/ttys - init reads it already for singleuser-mode
to check if /dev/console is secure.
--
B.Walter
Out of da blue Kelly D. Lucas aka (k...@securify.com) said:
> Is there a FreeBSD driver the the SMC 1211TX 10/100 EZ Ethernet Card?
Yes it's the real tek driver.
device rl0 # RealTek 8129/8139
>
> thanks,
>
> kdl
>
> --
> Kelly D. Lucas| Kroll-O'Gara
>
On Tue, 27 Jul 1999, Doug wrote:
> Ah, well, if the world were limited to just what I could imagine,
> how boring would that be? The more complete the feature set, the better
> off we are for my money.
You misinterpretted, I didn't know you could do that therefore I didn't
implement that.
On Tue, 27 Jul 1999 14:14:33 -0700
"Kelly D. Lucas" wrote:
> Is there a FreeBSD driver the the SMC 1211TX 10/100 EZ Ethernet Card?
As far as I can tell, this is a RealTek 8139 board.
-- Jason R. Thorpe
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-h
Is there a FreeBSD driver the the SMC 1211TX 10/100 EZ Ethernet Card?
thanks,
kdl
--
Kelly D. Lucas| Kroll-O'Gara
Security Consultant | Information Security Group
k...@securify.com | 650-812-9400 x 117
"Any opinions that I state are my own, and not Kroll-O'Gara's"
On Tue, 27 Jul 1999, Jamie Howard wrote:
> I do not have a copy of POSIX, but I do have Unix98 which is a superset of
> POSIX. Right now, excluding bugs, it is Unix 98 and therefore POSIX
> compliant
Good news, thanks for addressing this concern.
> except for -e. -e should permit mult
On Tue, 27 Jul 1999, Jordan K. Hubbard wrote:
> > But we can install from a single downloaded boot floppy, over the
> > Internet, which is better.
>
> 1. Irrelevant, since most people who want to try BSD/OS out probably
>aren't concerned about how FreeBSD installs itself; they're
>simply
On Tue, Jul 27, 1999 at 10:32:40AM -0700, Jordan K. Hubbard wrote:
>
> Just to clear up a misconception; this isn't actually a sysinstall
> problem. This is a ports bug which Satoshi or somebody introduced
> when they added a dependency on the XFree86 port very prematurely. It
I can claim a bit
On 1999-07-27 13:37:35 +0200, Dag-Erling Smorgrav wrote:
> Jamie Howard (howar...@wam.umd.edu), with a little help from yours
> truly, has written a BSD-licensed version of grep(1) which has all the
> functionality of our current (GPLed) implementation, plus a little
> more, in one seventh the sour
On Tue, 27 Jul 1999, Doug wrote:
> First, I'm all for this idea, and applaud you and Jamie for taking
> it on. I do have a few questions. Does POSIX say anything about grep, and
> if so, is this version compliant? Also, I'd like to put in another vote
> for full GNU grep feature compliance,
Out of da blue Kelly D. Lucas aka ([EMAIL PROTECTED]) said:
> Is there a FreeBSD driver the the SMC 1211TX 10/100 EZ Ethernet Card?
Yes it's the real tek driver.
device rl0 # RealTek 8129/8139
>
> thanks,
>
> kdl
>
> --
> Kelly D. Lucas| Kroll-O'Gara
On Tue, 27 Jul 1999 14:14:33 -0700
"Kelly D. Lucas" <[EMAIL PROTECTED]> wrote:
> Is there a FreeBSD driver the the SMC 1211TX 10/100 EZ Ethernet Card?
As far as I can tell, this is a RealTek 8139 board.
-- Jason R. Thorpe <[EMAIL PROTECTED]>
To Unsubscribe: send mail to [EMAIL PRO
On 27 Jul 1999, Dag-Erling Smorgrav wrote:
> I move that we replace GNU grep in our source tree with this
> implementation, once it's been reviewed by all concerned parties.
First, I'm all for this idea, and applaud you and Jamie for taking
it on. I do have a few questions. Does POSIX say
> I'd like to see people other than you, I, and Matt discussing this.
> Other people who use this feature of IPFW that have an opinion one way
> or the other should speak up.
I must admit being a bad boy - I'm using ipfw for firewalling and
accounting: "log" rules for catching bad guys (and I'm no
Is there a FreeBSD driver the the SMC 1211TX 10/100 EZ Ethernet Card?
thanks,
kdl
--
Kelly D. Lucas| Kroll-O'Gara
Security Consultant | Information Security Group
[EMAIL PROTECTED] | 650-812-9400 x 117
"Any opinions that I state are my own, and not Kroll-O'Gara's"
On Tue, 27 Jul 1999, Jamie Howard wrote:
> I do not have a copy of POSIX, but I do have Unix98 which is a superset of
> POSIX. Right now, excluding bugs, it is Unix 98 and therefore POSIX
> compliant
Good news, thanks for addressing this concern.
> except for -e. -e should permit mul
a system wide limit and each rule's logging counter individually resetable
back to 0.
On Tue, 27 Jul 1999, Joe Greco wrote:
>
> 1) Set a global VERBOSE_LIMIT mechanism and:
> a) allow your logging counter to be reset, or
> b) allow your limit to be raised to re-enable logging
> 2
On Tue, Jul 27, 1999 at 10:32:40AM -0700, Jordan K. Hubbard wrote:
>
> Just to clear up a misconception; this isn't actually a sysinstall
> problem. This is a ports bug which Satoshi or somebody introduced
> when they added a dependency on the XFree86 port very prematurely. It
I can claim a bi
On Tue, 27 Jul 1999, Kip Macy wrote:
> Is there anyone in particular to whom we should write at VMWare?
> I agree with his sentiments.
I picked a likely looking name from the "contact us" page. Make
sure that you only write if you are willing to pay for the product if they
make it, and t
> > > > > Again, it's not a fix, it's a feature. Not being able to mess with
> > > > > counters (logging or otherwise) is a feature. It may be a feature
> > > > > that
> > >
> > > > > you can do without, but that decision is not to be made lightly.
> > > >
> >
> > > > Again, it's not a fix, it's a feature. Not being able to mess with
> > > > counters (logging or otherwise) is a feature. It may be a feature that
> >
> > > > you can do without, but that decision is not to be made lightly.
> > >
> > > I'm _saying_ to cr
> > > Again, it's not a fix, it's a feature. Not being able to mess with
> > > counters (logging or otherwise) is a feature. It may be a feature that
>
> > > you can do without, but that decision is not to be made lightly.
> >
> > I'm _saying_ to create a compl
On Tue, 27 Jul 1999, Doug wrote:
> First, I'm all for this idea, and applaud you and Jamie for taking
> it on. I do have a few questions. Does POSIX say anything about grep, and
> if so, is this version compliant? Also, I'd like to put in another vote
> for full GNU grep feature compliance,
On 1999-07-27 13:37:35 +0200, Dag-Erling Smorgrav wrote:
> Jamie Howard ([EMAIL PROTECTED]), with a little help from yours
> truly, has written a BSD-licensed version of grep(1) which has all the
> functionality of our current (GPLed) implementation, plus a little
> more, in one seventh the source
> > > > I like the ability at secure level 3 to only reset the counters
> > > > forward..
> > > > It fits in with such things as the "append only" flag.
> > >
> > > Then we'd have to implement per-rule counters that default to
> > > IPFW_VERBOSE_LIMIT but that could be changed to anything. That'
> > Again, it's not a fix, it's a feature. Not being able to mess with
> > counters (logging or otherwise) is a feature. It may be a feature that
> > you can do without, but that decision is not to be made lightly.
>
> I'm _saying_ to create a completely separa
> > > > > One could argue that accounting numbers in a firewall shouldn't be
> > > > > trusted, but I won't argue that point since the firewall is often the
> > > > > most 'natural' place to stick network accounting software.
> > > >
> > > > If you can't trust something in the kernel, then you jus
On 27 Jul 1999, Dag-Erling Smorgrav wrote:
> I move that we replace GNU grep in our source tree with this
> implementation, once it's been reviewed by all concerned parties.
First, I'm all for this idea, and applaud you and Jamie for taking
it on. I do have a few questions. Does POSIX sa
> I'd like to see people other than you, I, and Matt discussing this.
> Other people who use this feature of IPFW that have an opinion one way
> or the other should speak up.
I must admit being a bad boy - I'm using ipfw for firewalling and
accounting: "log" rules for catching bad guys (and I'm n
* From: "Jordan K. Hubbard"
* Just to clear up a misconception; this isn't actually a sysinstall
* problem. This is a ports bug which Satoshi or somebody introduced
* when they added a dependency on the XFree86 port very prematurely. It
* was premature because no actual package exists for
a system wide limit and each rule's logging counter individually resetable
back to 0.
On Tue, 27 Jul 1999, Joe Greco wrote:
>
> 1) Set a global VERBOSE_LIMIT mechanism and:
> a) allow your logging counter to be reset, or
> b) allow your limit to be raised to re-enable logging
>
On Tue, 27 Jul 1999, Kip Macy wrote:
> Is there anyone in particular to whom we should write at VMWare?
> I agree with his sentiments.
I picked a likely looking name from the "contact us" page. Make
sure that you only write if you are willing to pay for the product if they
make it, and
> > > I like the ability at secure level 3 to only reset the counters forward..
> > > It fits in with such things as the "append only" flag.
> >
> > Then we'd have to implement per-rule counters that default to
> > IPFW_VERBOSE_LIMIT but that could be changed to anything. That's a very
> > differ
> > > > One could argue that accounting numbers in a firewall shouldn't be
> > > > trusted, but I won't argue that point since the firewall is often the
> > > > most 'natural' place to stick network accounting software.
> > >
> > > If you can't trust something in the kernel, then you just can't tr
> > > > > Again, it's not a fix, it's a feature. Not being able to mess with
> > > > > counters (logging or otherwise) is a feature. It may be a feature that
> > >
> > > > > you can do without, but that decision is not to be made lightly.
> > > >
> > > > I'm _
On Tue, 27 Jul 1999, Jordan K. Hubbard wrote:
> > the parts that they need. However right after 3.2-R came out there was a
> > flurry of -questions mail about broken pkg dependencies because sysinstall
> > wasn't properly registering the X install. If the port depending on the
>
> Just to clear u
> > > > Again, it's not a fix, it's a feature. Not being able to mess with
> > > > counters (logging or otherwise) is a feature. It may be a feature that
> >
> > > > you can do without, but that decision is not to be made lightly.
> > >
> > > I'm _saying_ to c
> > > Again, it's not a fix, it's a feature. Not being able to mess with
> > > counters (logging or otherwise) is a feature. It may be a feature that
>
> > > you can do without, but that decision is not to be made lightly.
> >
> > I'm _saying_ to create a comp
> > > How do you figure? Currently, the kernel will quit 'logging' denied
> > > packets when the counter reaches a specific (compiled-in) number.
> > ^
> > Then what is
> >
> > net.inet.ip.fw.verbose_limit: 0
>
> Well I'll be. You learn
> > I like the ability at secure level 3 to only reset the counters forward..
> > It fits in with such things as the "append only" flag.
>
> Then we'd have to implement per-rule counters that default to
> IPFW_VERBOSE_LIMIT but that could be changed to anything. That's a very
> different setup th
> > > > I like the ability at secure level 3 to only reset the counters forward..
> > > > It fits in with such things as the "append only" flag.
> > >
> > > Then we'd have to implement per-rule counters that default to
> > > IPFW_VERBOSE_LIMIT but that could be changed to anything. That's a very
> > > You get *better* information on per-rule limits than on a global limit.
> >
> > No, you simply get a finer-grained ability to select.
>
> Which is almost always better.
>
> > > > If I'm an admin, I'm going to think "Well lets see, I want to store a
> > > > month of bad packets in it.
> > >
> > Again, it's not a fix, it's a feature. Not being able to mess with
> > counters (logging or otherwise) is a feature. It may be a feature that
> > you can do without, but that decision is not to be made lightly.
>
> I'm _saying_ to create a completely separ
> > > > > One could argue that accounting numbers in a firewall shouldn't be
> > > > > trusted, but I won't argue that point since the firewall is often the
> > > > > most 'natural' place to stick network accounting software.
> > > >
> > > > If you can't trust something in the kernel, then you ju
* From: "Jordan K. Hubbard" <[EMAIL PROTECTED]>
* Just to clear up a misconception; this isn't actually a sysinstall
* problem. This is a ports bug which Satoshi or somebody introduced
* when they added a dependency on the XFree86 port very prematurely. It
* was premature because no actual
On Tue, 27 Jul 1999, Brian F. Feldman wrote:
> On Tue, 27 Jul 1999, Soren Schmidt wrote:
>
> > It seems Dag-Erling Smorgrav wrote:
> > >
> > > I move that we replace GNU grep in our source tree with this
> > > implementation, once it's been reviewed by all concerned parties.
> >
> > Go for it
> > > I like the ability at secure level 3 to only reset the counters forward..
> > > It fits in with such things as the "append only" flag.
> >
> > Then we'd have to implement per-rule counters that default to
> > IPFW_VERBOSE_LIMIT but that could be changed to anything. That's a very
> > diffe
> > > > One could argue that accounting numbers in a firewall shouldn't be
> > > > trusted, but I won't argue that point since the firewall is often the
> > > > most 'natural' place to stick network accounting software.
> > >
> > > If you can't trust something in the kernel, then you just can't t
On Tue, 27 Jul 1999, Jordan K. Hubbard wrote:
> > the parts that they need. However right after 3.2-R came out there was a
> > flurry of -questions mail about broken pkg dependencies because sysinstall
> > wasn't properly registering the X install. If the port depending on the
>
> Just to clear
> > > How do you figure? Currently, the kernel will quit 'logging' denied
> > > packets when the counter reaches a specific (compiled-in) number.
> > ^
> > Then what is
> >
> > net.inet.ip.fw.verbose_limit: 0
>
> Well I'll be. You learn
> > I like the ability at secure level 3 to only reset the counters forward..
> > It fits in with such things as the "append only" flag.
>
> Then we'd have to implement per-rule counters that default to
> IPFW_VERBOSE_LIMIT but that could be changed to anything. That's a very
> different setup t
> > > You get *better* information on per-rule limits than on a global limit.
> >
> > No, you simply get a finer-grained ability to select.
>
> Which is almost always better.
>
> > > > If I'm an admin, I'm going to think "Well lets see, I want to store a
> > > > month of bad packets in it.
> >
1 - 100 of 228 matches
Mail list logo
