also be running at elevated securelevel.
--
Crist J. Clark [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
|
|| |_|
|| | || |
|| | || |
|| | || |
|| | || |
|| |```|| |`
Please, not on another list.
--
Crist J. Clark [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
he wire. The data we are
concerned with has latencies of a few 100 ms, but calibrations on the
PSTN are a typically 50-ms-ish. We need to have a few significant
digits below that.
Any pointers?
--
Crist J. Clark | [EMAIL PROTECTED]
x box or touch the
routes on everything on LAN B to route 192.168.10.0/24 through
192.168.1.1.
> Of course you must run a
> route daemon in both machines (I supouse it's running now since they are
> working as gateways) and the previous route must be added to the route
> daemon
ksum verification.
Keeping a single host from polluting the whole network, and only its
LAN, with bad packets is considered worth the cost of every router
doing the check.
FWIW, this is one of the few places a standard demands that you not
even provide the option to disable
es
under its temproot. Make sure that any log files that you may have
added to your syslog.conf(5) are touched.
--
Crist J. Clark [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
To U
On Sun, Nov 11, 2001 at 02:28:41AM +, Christian Weisgerber wrote:
> Crist J. Clark <[EMAIL PROTECTED]> wrote:
[snip]
> > Even though the modification time of CVS/Entries is changed
> > everytime, those directories are not added.
>
> Like it or not, that'
erytime I update
the ports tree and it would be nice to know which are problems and
which, like these, are "false alarms."
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/|
Perhaps well tested patches to the rc(8) files and any source files
than need to be modified would make this go more smoothly.
--
Crist J. Clark [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL
With the period included, the list would conform to
> POSIX's definition of a valid user name.
The historical reason '.' is avoided is because it breaks,
# chown user.group file
Syntax. See the COMPATIBILITY section of chown(8).
--
Crist J. Clark | [EMAIL
k up their systems for them. After all, tools
like adduser(8) are aimed more towards the inexperienced admin. If any
administrative apps are going to do hand-holding, adduser(8) is one of
them.
--
Crist J. Clark | [EMAIL PROTECTED]
| [E
t;
> Thanks, Mark
>
>
> "Crist J . Clark" wrote:
> >
> > I did some more checking on how dump(8) works. If you dump to an
> > existing file, the file can never get smaller. That is, the file is
> > not truncated. I'll look at whether there is a good rea
should not be included (due to the nodump flag being set). This
> too would result in dump files larger than they "should" be...
>
> The PR includes a patch which is meant to fix this problem.
Yeah, I've been looking at these two together.
--
Cri
write(2) flags work. If our write(2) "does the right thing" with
O_TRUNC and tape devices, there is no reason not to let it do the
right thing on its own.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
On Wed, Dec 05, 2001 at 05:10:49PM +1000, Greg Black wrote:
> "Crist J . Clark" wrote:
>
> | On Wed, Dec 05, 2001 at 06:02:49AM +1000, Greg Black wrote:
> | > Matthew Dillon wrote:
> | >
> | > | :In message <[EMAIL PROTECTED]>, Bernd Walter writes:
&g
l people. So let's verify
> both of those and then revisit the issue.
4.5-RELEASE is only a month and a half away. By the time this "while"
passes, we'll be there. If people have lived this long with the bugs,
they can last until late January.
--
"It's always fun
On Wed, Dec 05, 2001 at 04:02:47PM +0100, Bernd Walter wrote:
> On Tue, Dec 04, 2001 at 11:26:39PM -0800, Crist J . Clark wrote:
[snip]
> > From what Ian said elsewhere in this thread, the O_TRUNC already does
> > not "act strange" on a tape device. I don't see any
boot it. Go into the BIOS
settings and see if there is a way to try to boot off of that
drive. If that fails, make up a boot floppy.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | [EMAIL PROTECTED]
sk to make it possible for the machine to
> >boot
> > > off what I have installed on the secondary master ? I used the fixit
> >disk
> > > to mount the drive and tried to edit things in /boot, but I cannot
> >figure
> > > out exactly what to chang
meone could point me in the direction of the code for
> this as opposed to or in addition to the answer.
The message is in src/sys/net/if_ethersubr.c. However, it was removed
in revision 1.34 which is probably why you cannot find it.
--
Crist J. Clark | [EMAIL PR
On Wed, Mar 19, 2003 at 10:24:45AM -0500, Steve Bertrand wrote:
[snip]
> Thank you very much. Just out of curiosity, if it was removed, why does
> the message still appear?
You're using an older kernel/module built from source that had it?
--
Crist J. Clark |
On Mon, Dec 24, 2001 at 07:10:09PM +0700, Igor M Podlesny wrote:
>
> well, not all the same, but partly. Take a look:
Yes. We know.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark
t from people unaware of the
built-in protection from loopback addresses informing us that we
should have rules like that by default. The rules don't hurt
anything (just _try_ to measure a performance impact), but you should
of course feel free to not include them in your own firewall scripts.
--
&quo
pical SYN flood or DDOS are real threats. This thread (and the
previous ones like the one Darren started a few months back) have
already expended more energy on the issue than the threat warrants.
--
"It's always funny until someone gets hurt.
On Mon, Jan 07, 2002 at 01:57:26PM +0200, Yonatan Bokovza wrote:
> > -Original Message-
> > From: Crist J. Clark [mailto:[EMAIL PROTECTED]]
> > Sent: Sunday, January 06, 2002 02:39
> > To: Leo Bicknell
> > Cc: Rogier R. Mulhuijzen; [EMAIL PROTECTED]
>
.so.2 is part of the base FreeBSD system. It is
part of the 'crypto' distribution.
This is much more of a -questions question than -hackers. Re-directed.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark
On Thu, Jan 24, 2002 at 11:52:09AM +0200, Ruslan Ermilov wrote:
> Sounds like that, but changing it now would be too backwards incompatible.
Then shouldn't we fix the documentation to reflect reality?
> On Wed, Jan 23, 2002 at 02:51:35AM -0800, Crist J . Clark wrote:
> > Here i
in
> that. This is solved in -CURRENT and is trivial to patch -STABLE to
> fix.
Or you can just use the 'kernel,' 'buildkernel,' and 'installkernel'
targets in the /usr/src Makefiles.
--
Crist J. Clark | [EMAIL PROTECTED]
make.conf) -j4 buildworld
> # make KERNCONF=FreeBEER KERNCONFDIR=/usr/local/etc/conf -j4 buildkernel
> # make KERNCONF=FreeBEER KERNCONFDIR=/usr/local/etc/conf installkernel
> and so on...
No, I was confused. I thought we were discussing how to do an "old
fashioned" kernel build in a read
tml). libcrypt
contains the code for doing DES, MD5, and Blowfish passwords. No need
for the old symlink kludge.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Un
me doing something they consider useful with the owned box and
establishing themselves so that they retain control (but neither is
impossible). The kernel-only box also has a HUGE security disadvantage
that pretty much makes it a non-starter IMHO, no logging.
--
Crist J. Clark |
Also have a look at jail(8).
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hacker
6.204.21:80
that came (out of|into) to the firewall via interface (fxp0|fxp1)"
That is, the 'via fxp?' at the end is telling you about the packet
that _triggered_ the rule, not where the packet was actually forwared
to. If you sniffed the connection, I expect that
What precise version of FreeBSD are you running, BTW?
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with
es/mysql323-client
^^
It's those two characters, 0x5453, at an offset of 0x200 bytes that
causes the match. Gotta love file(1).
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http:/
On Mon, Feb 18, 2002 at 12:01:17PM -0500, Michael R. Wayne wrote:
> On Mon, Feb 18, 2002 at 05:49:46AM -0800, Crist J. Clark wrote:
> > What precise version of FreeBSD are you running, BTW?
>
> 4.5 RELEASE, as stated in original message.
Do these patches help?
In
On Mon, Feb 18, 2002 at 09:38:52AM -0800, Luigi Rizzo wrote:
> On Mon, Feb 18, 2002 at 09:31:13AM -0800, Crist J. Clark wrote:
> > On Mon, Feb 18, 2002 at 12:01:17PM -0500, Michael R. Wayne wrote:
> > > On Mon, Feb 18, 2002 at 05:49:46AM -0800, Crist J. Clark wrote:
> >
On Mon, Feb 18, 2002 at 10:09:28AM -0800, Luigi Rizzo wrote:
> On Mon, Feb 18, 2002 at 10:04:58AM -0800, Crist J. Clark wrote:
> > > > Do these patches help?
> > >
> > > can you please summarise the problem and what the fix is trying to
> > > achieve ?
&
tch:
>
> ipfw add 100 fwd 1.2.3.4 tcp from any to 1.2.3.5 80 in recv fxp0
>
>
> On Mon, 18 Feb 2002, Luigi Rizzo wrote:
>
> > On Mon, Feb 18, 2002 at 09:31:13AM -0800, Crist J. Clark wrote:
> > > On Mon, Feb 18, 2002 at 12:01:17PM -0500, Michael R. Wayne w
you've
installed a new kernel.
[snip]
> After this manipulations all works fine.
> Why so problems? Why 1555 is not default permission ?
Ju-ust a little behind the times. See the UPDATING from 20001020.
--
Crist J. Clark | [EMAIL PROTECTED]
d have seen the original packet (the exception being very simple
switches, but anyone who really wanted to could see everything over
one of those anyway). If you are worried about this, don't buy
Cisco. The first time I noticed this was watching NIDS go off multip
dev, when I could just use a 321-meg sleep/dump partition.
>
> It *seems* to work, but that means absolutely nothing in the real world.
And what's the problem with the age-old solution of using your swap
partition?
--
Crist J. Clark | [EMAIL PROTEC
On Sat, Mar 02, 2002 at 08:45:18PM -0500, Michael Lucas wrote:
> On Sat, Mar 02, 2002 at 03:38:47PM -0800, Crist J. Clark wrote:
> > On Sat, Mar 02, 2002 at 03:28:58PM -0500, Michael Lucas wrote:
> > And what's the problem with the age-old solution of using your swap
>
83648
mktime(3) will choke on dates before Fri Dec 13 20:45:52 UTC 1901.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTEC
rward attacks. But I haven't done
exhaustive research.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
if I left the code in a working state. I'm sure I had
writing pcap(3) files working at one point.
Tarball of what I got attatched.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
dpcd.tgz
Description: application/tar-gz
closer
to the other BSD's.
(Just askin', not proposin'.)
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
les/Makefile?
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
f an issue) 4-STABLE
system. The two main reasons being /etc/master.passwd, et al, and the
problems with a read-only /dev. It takes extensive customizations and
kludges to get this to work.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL
mlinks with the passwd(1) and pwd_mkdb(8)
commands as they stand. The commands will bail when they try to create
a temporary file in /etc, /etc/pw.XX if /etc is read-only. If
/etc is not read-only, the symlinks will get removed and the files
actually written in /etc.
--
Crist J.
nal
> interface of the machine on a non-standard port and have it redirect
> the query to a loopback address/port and return the query the
> appropriate query result to me.
Why don't you just have each named(8) listen on the different port?
n i launch dig without port options to the server 192.168.10.22 it says
> that connection refused.
>
> I did same this sshd (put it in jail and forward its port) and
> it works fine.
>
> What's wrong?
Have you done a tcpdump(1) on the loopback to see
On Thu, Apr 18, 2002 at 11:18:30AM -0400, Michael Sinz wrote:
> "Crist J. Clark" wrote:
> >
> > On Mon, Apr 08, 2002 at 09:13:12PM -0700, Terry Lambert wrote:
> > [snip]
> >
> > > It's arguable that "/" and "/usr" themselves
he egregious violations of "correctness".
The issue is that the server is reporting a _transient_ failure. That
is, it's telling us that if we wait and try again later, we might get
a correct response. How do we know if it is a permanently broken
server or one that re
quite sure I understand why it would be needed. If there isn't
a route to send a packet out of an interface, it won't go out of the
interface. Under what conditions would you see yourself blocking
packets? Is this really an ackbassward way to filter routes from
routing daemons?
--
Crist J. Clark
reted as decimal).
People use this notation all of the time,
# ifconfig if0 172.16.1.10 netmask 0xff00
^^
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/
g a message to syslogd(8). Figure out what it is
and edit syslog.conf(5) appropriately. Are you using TCP wrappers or
something?
> then if they connect via rlogin or ssh, 'who', 'w', 'last', etc. all
> report that they are connected _from_ MY box, which th
he
actual output from the machine? What do,
$ w
$ w -n
$ who
$ last | head
$ netstat -an
Show? Do you get identical results with rlogin and ssh? Can we see
both?
> On Fri, 18 Oct 2002, Crist J. Clark wrote:
>
> > On Sun, Oct 13, 2002 at 11:00:26PM -0600, Scott Carmi
kernel configuration file:
>
> options ATAPI
> device wst0
And you did rebuild the kernel and reboot right? The dmesg output
should contain references to this device, wst0, besides just the fact
wcd1 found _something,_ no?
--
Crist J. Clark [EMAIL PROTECTED
rchives down, i can't do my own search, but i was
> hoping someone on these lists could give me some pointers.
Try www.deja.com and search the muc.lists.freebsd.* hierarchy.
Just one question I always ask people trying to get things working at
full-duplex, is the card plugged into a hub
On Sun, Feb 13, 2000 at 09:29:15PM -0500, Jim Mercer wrote:
> On Sun, Feb 13, 2000 at 06:05:55PM -0500, Crist J. Clark wrote:
> > > with the mailing list archives down, i can't do my own search, but i was
> > > hoping someone on these lists could give me some pointers.
gas-guzzling vehicles in the
region will continue to rise as will the miles driven per vehicle.
> It's the same the whole world over. Energy policies and fuel costs aren't
> driven by markets or even common sense. They are controlled by big
> cartels, big government, and poli
62 matches
Mail list logo
