DOCSLIB.ORG

Index from Book (PDF)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Index from Book (PDF) Index /etc/authpf/authpf.allow, address alias, 17 128 address family, 30, 41 /etc/authpf/authpf.conf, address pool, 99 126 addresses, 16, 27 /etc/authpf/authpf.message, addresses, dynamic, 16, 129 53 /etc/authpf/authpf.rules, ADSL, 87, 88 127, 131 af (address family), 30 /etc/authpf/banned/, 128 alias, 17 /etc/inetd.conf, 62 all, 17 /etc/login.conf, 129, 130 allow-opts, 45 /etc/pf.boot.conf, 8 allowing traffic, 31 /etc/pf.conf, 10, 11, 15, Alternate Queueing 131 (ALTQ), 82 /etc/pf.os, 44, 66 ALTQ, 82, 83 /etc/protocols, 18 altq, 83, 86 /etc/rc.conf, 10, 11 anchor, 125, 127 /etc/rc.conf.local, 5 anchors, 73, 74 /etc/rc.d/pf, 9, 11 anchors, loading, 74 /etc/rc.d/pf_boot, 8 angle brackets, 26 /etc/services, 17 antispoof, 40–42 /etc/sysctl.conf, 51 any, 17 /etc/syslog.conf, 115 ARP requests, 149 /var/log/pflog, 111, 113 asymmetric connections, 3-way handshake, 37 87 ACK flag, 31 Auth, 160 action, 29 authenticating PF, activating PF, 5 125–130, 132 175 Index authpf, 125–130, 132 commas, 20 authpf configuration, 126 comments, 16 authpf login message, configuration file, 15 129 congestion, 81 authpf_users table, 128 connection limiting, 37 connection redirection, 57 backup firewalls, 149 connections, asymmetric, backups, 149 87 balancing load, 99 const, 25 bandwidth, 84, 85 controlling PF, 12 banned users, 128 cron, 115 benchmarking, 118 crossover cable, 155 BGP, 101 bidirectional mapping, 54 debugging, 65 binat, 54 default deny, 31, 42 binat-anchor, 73 default filter, 31 block, 29 defragment, 15 block-policy, 30 Demilitarized Zone, 60 blocking packets, 31 destination address, 30 blocking spoofed destination port, 30 packets, 40 DHCP, 16 borrow, 85 dial-up, 16 brconfig(8), 110 direction, packet, 30 bridge, 7, 35, 110 DMZ, 60, 92 broadcast address, 17 DNS, 16, 61 DNS, split-horizon, 61 CARP, 149, 157, 158 DragonFly, 2, 3, 10–12, 51, carp, 158 83, 122, 137 CARP and pfsync, 155 drop, 65 carp password, 151 dynamic addresses, 16, CBQ, 78, 80, 82, 84 53 cbq, 83 dynamically assigned CIDR, 16, 17, 100 address, 160 Class Based Queueing (CBQ), 78 ECE, 39 classes, 78 ECN, 82, 83, 85, 86 classifying packets, 108 enabling PF, 5 176 Index ethernet frames, 110 gateway, authenticating, expansion, 23 125 Explicit Congestion global synchronization, Notification 81 (ECN), 82 grammar, 19, 42 greylist, 143 failover, 157, 158 greylisting, 140, 141 fdescfs, 127, 136 greytrapping, 142 features, 15 FIFO queue, 78 handshake proxy, 35 filtering, 107 hardware, 117 fingerprinting, passive Hartmeier, Daniel, 1 OS, 66 HFSC (Hierarchical Fair flags, 39 Service Curve), 83 flags, packet, 31, 38, 82 high availability, 149 floating, 67 hostname, 27 flush, 38 Hot Standby Router flushing rules, 76 Protocol (HSPR), forwarding, 51 149 fragment crop, 71 HSRP, 149 fragment drop-ovl, 71 fragment reassemble, 70 ICMP, 34, 50, 160, 165 fragment, don’t, 70 icmp, 18 fragment, unassembled icmp6, 18 timeout, 68 Ident, 160 fragmented packets, 69 ifconfig, 150, 153, 154, 156 fragments, duplicate, 71 IGMP, 45 fragments, overlapping, in, 30 71 inet, 30 FreeBSD, 2, 3, 9, 10, 51, inet6, 30 83, 122, 127, 136, inetd, 62 137, 151 Initial Sequence Number, FTP, 120, 122, 163 31, 34 FTP proxy, 120 interface group, 30 ftp-proxy, 120, 163 interface, network, 16, 21, 30 gateway, 50, 58, 88 inverse matching, 107 177 Index IP forwarding, 5, 51 macros, predefined, 105, IP options, 45 128 IPF, 1 macros, recursive, 21 ipsec, 154 managing PF, 12 IPv4, 30 marking packets, 105 IPv6, 27, 30 master, 149, 158 ISN, 31, 34 max-mss, 70 Maximum Segment Size KAME, 82 (MSS), 70 keep state, 30, 31, 33, 39 memory, 25, 26, 67, 68, 70, kldload, 9 113 memory pool, 66 list, 17, 19 min-ttl, 70 lists, 22, 23 modload, 6 lists, negated, 20 modulate state, 30, 31, 34 LKM, 6 MSS, 70 load balancing, 99, 101, multi-path routing 102, 152 protocol, 101 loading rules, 12 log, 30, 40, 52 log analysis, 112 named rulesets, 73 log-all, 111 NAT, 100, 122, 162 logging, 111, 115 nat, 52, 100 logging packets, 111 NAT and redirection, 62 logging, statistics, 162 NAT and state, 34 login, 125 NAT exceptions, 54 long lines, 16 NAT gateway, 50 loopback, 41, 62, 67, 162 NAT status, 54 low-delay TOS, 87 nat-anchor, 73, 127 negated, 28 MAC address, 110 negated address, 17 macro, 105 negation, 26 macros, 20–23, 27, 106, NetBSD, 3, 6–8, 83, 110, 161, 165 122, 137 macros and quotes, 21 netmask, 16 macros in anchors, 75 network, 16 178 Index Network Address pf.conf sections, 15 Translation, 162 pf_rules, 7, 10, 11 network block, 17 pfctl, 12, 13, 15, 19, 26, 44, network interface card 54, 55, 74, 76 (NIC), 117 pfctl(8), 5 nmap, 45 pfil(9), 7, 110 no rdr, 146 pflkm, 6 no-df, 70 pflog0 interface, 111, 112 normalization, 15, 40, 69, pflogd, 7, 30, 52, 111, 113 71 pfsync, 153, 154 pfsync0 device, 154 OpenBSD, 1, 5, 51, 82, physical interface, 158 110, 122, 137, 157, ping, 160 173 pkgsrc, 6, 9, 12 operating system point-to-point link, 17 detection, 44 policy filtering, 107 optimization, 32, 66 policy-based filtering, options, 30, 36, 37, 65–67, 105, 107, 108 69, 70, 162 pool, 99 ordering of pf.conf, 15 port, 52 OSFP, 44, 45 port forwarding, 57 out, 30 port range, inclusive, 18 packet logging, 111 port range, inverse, 18 packet normalization, 69 ports, 17 packet payloads, 112 ports, FreeBSD, 9, 10 packet tagging, 105 ppp, 30 packets, malformed, 69 PPPoE, 161 parentheses, 16, 17, 53 prioritization, 15 parenthesis, 111, 163 priority level, 79 pass, 29, 32 Priority Queueing, 80 passing traffic, 31 PRIQ, 80–82 Passive OS priq, 83 Fingerprinting, 44 Private Service Network, peer, 17 60 persist, 26 protocols, 18, 30 pf.conf, 15, 83 proxy, 120 179 Index PSN, 60 RFC 1631, 49 RFC 1918, 22, 49 qlimit, 84 RFC 2281, 149 Quality of Service, 85 RFC 3168, 82 queue, 78, 83, 84, 87, 88 RFC 3768, 149 queue and keep state, 88 RIO, 83, 85 queue name, 84 round-robin, 80, 99–102 queue priority, 79, 85 route-to, 101, 102 queue, assigning traffic routing, 5, 51 to, 83 RST flag, 38 queueing, 78, 87, 88 rule, last, 29 queueing, configuring, 83 ruleset, 5, 19, 20, 29, 31, queues, 79, 81 41, 74, 128, 132 quick, 30, 32, 33, 41 ruleset processing, 74 Random Early Detection, ruleset, simplifying, 43 81 ruleset, viewing, 13 random-id, 70 rulesets, sub, 73 rate limiting, 37 rdr, 57, 59, 60, 101, 120, scheduler, 83, 85 121, 163 scheduler, queueing, 83 rdr-anchor, 73 schedulers, 78, 83 reassemble tcp, 71 scrub, 40, 66, 69, 71, 162 RED, 81–83, 85, 86 scrubbing, 40, 69, 162 redirection, 57, 60, 120, securelevel, 25 121, 163 self, 27 redundancy, 149 set block-policy, 65, 162 redundancy group, 149 set debug, 65 redundant firewalls, 149 set fingerprints, 66 reload, 10, 11 set limit, 66 reserved words, 20 set loginterface, 66, 162 restart, 10, 11 set optimization, 66 resync, 10, 11 set skip, 162 return, 43, 65 set skip on, 67 return-icmp, 43 set state-policy, 67 return-rst, 43 set timeout, 68 RFC 1323, 71, 113 shortcuts, 42 180 Index SMTP, 143 syntax highlighting, 15 source address, 30 sysctl, 51, 152, 161 source port, 30 syslog, 114, 126 source-hash, 100 source-quench, 34 table, 20, 25, 26, 28, 127, source-track, 36 128 table file, 26 spam, 26 tables, 142, 146 spam trap, 143 tables, manipulating, 26 SpamAssassin, 135 tagged, 107 spamd, 9, 10, 12, 107, 135, tagging, 106, 110 141–143, 146, 172, tagging packets, 105 173 tags, 106 spamd, installing, 136 tail-drop, 78 spamd-setup, 144, 145 tarpit, 135 spamd.conf, 144 tbrsize, 84 spamdb, 141, 143 TCP, 33 spamlogd, 146, 147 tcp, 18 spoofed TCP SYN floods, TCP flags, 31, 38, 40 31, 35 TCP packet headers, 70 spoofing, 40 TCP proxy, 62 SSH, 160 TCP Syn Proxy, 165 sshd, 129 tcpdump, 44, 112–114, state, 31, 33, 67 153 state and queue, 88 Time to Live (TTL), 70 state limits, 66 timeout, 35 state lookups, 33 timeouts, 68 state table, 153 token bucket regulator, 84 stateful connections, 125 ToS, 87 stateful inspection, 33 translation, 59 statistics, 27, 66, 162 TTL, 70, 71 sticky connection, 101 Type of Service (ToS), 87 sticky-address, 100 substitution of variables, UDP, 34 20 udp, 18 SYN flag, 31 UDP and state, 35 synproxy state, 30, 31, 35 uptime, 71 181 Index user logins, 125, 130 variables, 20 variables substitution, 20 viewing ruleset, 13 Virtual Router Redundancy Protocol (VRRP), 149 VRRP, 149 Zalewski, Michal, 45 182.
Load more

Recommended publications
  • Active-Active Firewall Cluster Support in Openbsd
    Active-Active Firewall Cluster Support in OpenBSD David Gwynne School of Information Technology and Electrical Engineering, University of Queensland Submitted for the degree of Bachelor of Information Technology COMP4000 Special Topics Industry Project February 2009 to leese, who puts up with this stuff ii Acknowledgements I would like to thank Peter Sutton for allowing me the opportunity to do this work as part of my studies at the University of Queensland. A huge thanks must go to Ryan McBride for answering all my questions about pf and pfsync in general, and for the many hours working with me on this problem and helping me test and debug the code. Thanks also go to Theo de Raadt, Claudio Jeker, Henning Brauer, and everyone else at the OpenBSD network hackathons who helped me through this. iii Abstract The OpenBSD UNIX-like operating system has developed several technologies that make it useful in the role of an IP router and packet filtering firewall. These technologies include support for several standard routing protocols such as BGP and OSPF, a high performance stateful IP packet filter called pf, shared IP address and fail-over support with CARP (Common Address Redundancy Protocol), and a protocol called pfsync for synchronisation of the firewalls state with firewalls over a network link. These technologies together allow the deployment of two or more computers to provide redundant and highly available routers on a network. However, when performing stateful filtering of the TCP protocol with pf, the routers must be configured in an active-passive configuration due to the current semantics of pfsync.
    [Show full text]
  • Mellanox OFED for Freebsd for Connectx-4 and Above Adapter Cards User Manual
    Mellanox OFED for FreeBSD for ConnectX-4 and above Adapter Cards User Manual Rev 3.5.2 www.mellanox.com Mellanox Technologies NOTE: THIS HARDWARE, SOFTWARE OR TEST SUITE PRODUCT (“PRODUCT(S)”) AND ITS RELATED DOCUMENTATION ARE PROVIDED BY MELLANOX TECHNOLOGIES “AS-IS” WITH ALL FAULTS OF ANY KIND AND SOLELY FOR THE PURPOSE OF AIDING THE CUSTOMER IN TESTING APPLICATIONS THAT USE THE PRODUCTS IN DESIGNATED SOLUTIONS. THE CUSTOMER'S MANUFACTURING TEST ENVIRONMENT HAS NOT MET THE STANDARDS SET BY MELLANOX TECHNOLOGIES TO FULLY QUALIFY THE PRODUCT(S) AND/OR THE SYSTEM USING IT. THEREFORE, MELLANOX TECHNOLOGIES CANNOT AND DOES NOT GUARANTEE OR WARRANT THAT THE PRODUCTS WILL OPERATE WITH THE HIGHEST QUALITY. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL MELLANOX BE LIABLE TO CUSTOMER OR ANY THIRD PARTIES FOR ANY DIRECT, INDIRECT, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING, BUT NOT LIMITED TO, PAYMENT FOR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY FROM THE USE OF THE PRODUCT(S) AND RELATED DOCUMENTATION EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Mellanox Technologies 350 Oakmead Parkway Suite 100 Sunnyvale, CA 94085 U.S.A. www.mellanox.com Tel: (408) 970-3400 Fax: (408) 970-3403 © Copyright 2019. Mellanox Technologies Ltd. All Rights Reserved. Mellanox®, Mellanox logo, Mellanox Open Ethernet®, LinkX®, Mellanox Spectrum®, Mellanox Virtual Modular Switch®, MetroDX®, MetroX®, MLNX-OS®, ONE SWITCH.
    [Show full text]
  • Performance, Scalability on the Server Side
    Performance, Scalability on the Server Side John VanDyk Presented at Des Moines Web Geeks 9/21/2009 Who is this guy? History • Apple // • Macintosh • Windows 3.1- Server 2008R2 • Digital Unix (Tru64) • Linux (primarily RHEL) • FreeBSD Systems Iʼve worked with over the years. Languages • Perl • Userland Frontier™ • Python • Java • Ruby • PHP Languages Iʼve worked with over the years (Userland Frontier™ʼs integrated language is UserTalk™) Open source developer since 2000 Perl/Python/PHP MySQL Apache Linux The LAMP stack. Time to Serve Request Number of Clients Performance vs. scalability. network in network out RAM CPU Storage These are the basic laws of physics. All bottlenecks are caused by one of these four resources. Disk-bound •To o l s •iostat •vmstat Determine if you are disk-bound by measuring throughput. vmstat (BSD) procs memory page disk faults cpu r b w avm fre flt re pi po fr sr tw0 in sy cs us sy id 0 2 0 799M 842M 27 0 0 0 12 0 23 344 2906 1549 1 1 98 3 3 0 869M 789M 5045 0 0 0 406 0 10 1311 17200 5301 12 4 84 3 5 0 923M 794M 5219 0 0 0 5178 0 27 1825 21496 6903 35 8 57 1 2 0 931M 784M 909 0 0 0 146 0 12 955 9157 3570 8 4 88 blocked plenty of RAM, idle processes no swapping CPUs A disk-bound FreeBSD machine. b = blocked for resources fr = pages freed/sec cs = context switches avm = active virtual pages in = interrupts flt = memory page faults sy = system calls per interval vmstat (RHEL5) # vmstat -S M 5 25 procs ---------memory-------- --swap- ---io--- --system- -----cpu------ r b swpd free buff cache si so bi bo in cs us sy id wa st 1 0 0 1301 194 5531 0 0 0 29 1454 2256 24 20 56 0 0 3 0 0 1257 194 5531 0 0 0 40 2087 2336 34 27 39 0 0 2 0 0 1183 194 5531 0 0 0 53 1658 2763 33 28 39 0 0 0 0 0 1344 194 5531 0 0 0 34 1807 2125 29 19 52 0 0 no blocked busy but not processes overloaded CPU in = interrupts/sec cs = context switches/sec wa = time waiting for I/O Solving disk bottlenecks • Separate spindles (logs and databases) • Get rid of atime updates! • Minimize writes • Move temp writes to /dev/shm Overview of what weʼre about to dive into.
    [Show full text]
  • BSD UNIX Toolbox 1000+ Commands for Freebsd, Openbsd
    76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page i BSD UNIX® TOOLBOX 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iv BSD UNIX® Toolbox: 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD® Power Users Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-37603-4 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data is available from the publisher. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permis- sion should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
    [Show full text]
  • Linux Kernel and Driver Development Training Slides
    Linux Kernel and Driver Development Training Linux Kernel and Driver Development Training © Copyright 2004-2021, Bootlin. Creative Commons BY-SA 3.0 license. Latest update: October 9, 2021. Document updates and sources: https://bootlin.com/doc/training/linux-kernel Corrections, suggestions, contributions and translations are welcome! embedded Linux and kernel engineering Send them to [email protected] - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 1/470 Rights to copy © Copyright 2004-2021, Bootlin License: Creative Commons Attribution - Share Alike 3.0 https://creativecommons.org/licenses/by-sa/3.0/legalcode You are free: I to copy, distribute, display, and perform the work I to make derivative works I to make commercial use of the work Under the following conditions: I Attribution. You must give the original author credit. I Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. I For any reuse or distribution, you must make clear to others the license terms of this work. I Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. Document sources: https://github.com/bootlin/training-materials/ - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 2/470 Hyperlinks in the document There are many hyperlinks in the document I Regular hyperlinks: https://kernel.org/ I Kernel documentation links: dev-tools/kasan I Links to kernel source files and directories: drivers/input/ include/linux/fb.h I Links to the declarations, definitions and instances of kernel symbols (functions, types, data, structures): platform_get_irq() GFP_KERNEL struct file_operations - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 3/470 Company at a glance I Engineering company created in 2004, named ”Free Electrons” until Feb.
    [Show full text]
  • System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1
    SUSE Linux Enterprise Server 15 SP1 System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1 An administrator's guide for problem detection, resolution and optimization. Find how to inspect and optimize your system by means of monitoring tools and how to eciently manage resources. Also contains an overview of common problems and solutions and of additional help and documentation resources. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xiii
    [Show full text]
  • SAP HANA Server Installation and Update Guide Company
    PUBLIC SAP HANA Platform 2.0 SPS 05 Document Version: 1.1 – 2021-09-24 SAP HANA Server Installation and Update Guide company. All rights reserved. All rights company. affiliate THE BEST RUN 2021 SAP SE or an SAP SE or an SAP SAP 2021 © Content 1 SAP HANA Server Installation and Update Guide....................................9 2 SAP HANA Installation and Update Overview......................................10 2.1 SAP HANA Platform Software Components..........................................10 2.2 Software Download...........................................................11 2.3 Software Authenticity Verification.................................................13 3 Concepts and Requirements for an SAP HANA System...............................15 3.1 SAP HANA Hardware and Software Requirements.....................................15 3.2 Recommended File System Layout................................................18 3.3 SAP HANA System Concepts....................................................21 3.4 SAP HANA System Types...................................................... 22 3.5 SAP HANA Deployment Types...................................................25 3.6 SAP HANA and Virtualization....................................................27 3.7 Local Secure Store (LSS).......................................................28 4 Overview of SAP HANA Tenant Databases........................................30 4.1 Server Architecture of Tenant Databases............................................31 4.2 Scale-Out Architecture of Tenant Databases.........................................33
    [Show full text]
  • Sysctlinfo: a New Interface to Visit the Freebsd Sysctl MIB and to Pass the Objects Info to Userland
    sysctlinfo: a new interface to visit the FreeBSD sysctl MIB and to pass the objects info to userland Alfonso Sabato Siciliano [email protected] BSDCan 2020, Ottawa, Canada Abstract known as sysctl MIB-Tree or sysctl tree. The 4.4BSD operating system introduced the sysctl Listing 1: sysctl tree node system call to get or set the state of the system, the struct sysctl o i d f kernel exposes the available parameters for sysctl as struct sysctl o i d l i s t o i d c h i l d r e n ; objects of a Management Information Base. Nowa- struct sysctl o i d l i s t ∗ o i d p a r e n t ; days FreeBSD has thousands of sysctl parameters, SLIST ENTRY( s y s c t l o i d ) o i d l i n k ; moreover, they can also be added or deleted dynam- i n t oid number ; u i n t o i d k i n d ; ically, so the kernel has to provide additional fea- void ∗ o i d a r g 1 ; tures for exploring the MIB, converting the name intmax t o i d a r g 2 ; of a parameter in its corresponding MIB identifier const char ∗ oid name ; and getting the info of an object (e.g., name, de- i n t (∗ o i d h a n d l e r ) (SYSCTL HANDLER ARGS) ; scription, type, etc.). Currently the kernel provides const char ∗ oid fmt ; an undocumented interface to fulfill these tasks, it i n t o i d r e f c n t ; was introduced over twenty years ago, this paper u i n t o i d r u nn i n g ; presents a new interface providing new features and const char ∗ o i d d e s c r ; improving the efficiency to access to the MIB.
    [Show full text]
  • Red Hat Enterprise Linux 8 Managing, Monitoring and Updating the Kernel
    Red Hat Enterprise Linux 8 Managing, monitoring and updating the kernel A guide to managing the Linux kernel on Red Hat Enterprise Linux 8 Last Updated: 2019-11-05 Red Hat Enterprise Linux 8 Managing, monitoring and updating the kernel A guide to managing the Linux kernel on Red Hat Enterprise Linux 8 Legal Notice Copyright © 2019 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
    [Show full text]
  • Recent Filesystem Optimisations in Freebsd
    Recent Filesystem Optimisations in FreeBSD Ian Dowse <[email protected]> Corvil Networks. David Malone <[email protected]> CNRI, Dublin Institute of Technology. Abstract 2.1 Soft Updates In this paper we summarise four recent optimisations Soft updates is one solution to the problem of keeping to the FFS implementation in FreeBSD: soft updates, on-disk filesystem metadata recoverably consistent. Tra- dirpref, vmiodir and dirhash. We then give a detailed ex- ditionally, this has been achieved by using synchronous position of dirhash’s implementation. Finally we study writes to order metadata updates. However, the perfor- these optimisations under a variety of benchmarks and mance penalty of synchronous writes is high. Various look at their interactions. Under micro-benchmarks, schemes, such as journaling or the use of NVRAM, have combinations of these optimisations can offer improve- been devised to avoid them [14]. ments of over two orders of magnitude. Even real-world workloads see improvements by a factor of 2–10. Soft updates, proposed by Ganger and Patt [4], allows the reordering and coalescing of writes while maintain- ing consistency. Consequently, some operations which have traditionally been durable on system call return are 1 Introduction no longer so. However, any applications requiring syn- chronous updates can still use fsync(2) to force specific changes to be fully committed to disk. The implementa- Over the last few years a number of interesting tion of soft updates is relatively complicated, involving filesystem optimisations have become available under tracking of dependencies and the roll forward/back of FreeBSD. In this paper we have three goals.
    [Show full text]
  • Freebsd + Nginx: Best WWW Server for the Best OS Sergey A
    FreeBSD + nginx: Best WWW server for the best OS Sergey A. Osokin Moscow, Russia Ports committer FreeBSD Project [email protected] Abstract • modularity (more original and third-party mod- ules); Today the NGINX web server can be safely consid- • byte-ranges, chunked answers; ered mature. Launched 10 years ago the project is still • Server Side Includes (SSI); gaining popularity. This paper introduced the NGINX • SSL (secure socket layer). webserver, describes its implementation approach and Additional functions of HTTP server are: architectural goals. Also it demonstrates how NGINX works on FreeBSD operating system and reveals strate- • virtual servers (by IP and hostname); gies of the product usage, the ways to deploy and opti- • keep-alive support and pipelined connections; mize t and other challenges. • configuration flexibility (ability to change timeouts and size of buffers); 1 Introduction • ability to ¡¡hot update¿¿ of the main executable file on-the-fly, without any service disruption, the old You probably remember the tagline of one of the most process is stopped afterward; popular email mail user agent: All mail clients suck. This • log files customization; one just sucks less. OK. To paraphrase the message to • limit speed rate for answers; the topic of my speech I’d like to say: All web servers • URI modifications by using regular expression; suck. This one just sucks less. • customized error pages for 400 and 500 error codes; Now let’s be seriuos. • embedded perl. Today Internet is different from what it was 10-20 years ago. Those day it was a collection of a small num- Other functions are: ber of HTML pages sometimes interconnected by hy- • User redirection to IMAP/POP3 backend using an perlinks.
    [Show full text]
  • Debugging the Freebsd Kernel by Mark Johnston As I Write This, the Long-Awaited Freebsd 12.0 Release Is Within Days of Shipping
    SEE TEXT ONLY DeBUGGING the FreeBSD Kernel By Mark Johnston As I write this, the long-awaited FreeBSD 12.0 release is within days of shipping. Of course, FreeBSD developers have been meticulously polishing and testing 12.0's kernel for months and we're confident that every last bug has been squashed. or the typical FreeBSD user, the subject of kernel debugging is just an intellectual curiosity, right? This is how it should be, at least; FreeBSD's stability is one of its main selling points and contributes a lot Fto its reputation. The stability of an operating system kernel is especially important since a fault in the kernel will typically bring down the entire system. In truth, however, no matter how many bugs were fixed in the lead-up to 12.0, the harsh reality is that some are still lingering and will emerge later to bite users, often with a stress-inducing kernel panic. It is useful to have some familiarity with FreeBSD kernel debugging even if you are not a FreeBSD devel- oper. The permissiveness of the BSD license has allowed many companies to build products on top of the FreeBSD source tree, often directly extending the kernel. These extensions will, of course, contain bugs or may expose latent bugs in FreeBSD itself. Moreover, developers working on such a code base generally cannot work directly with the FreeBSD community and thus would need to do some debugging them- selves, perhaps before reporting the issue upstream. Another very common scenario is the case where developers do not have direct access to the system exhibiting a problem, so live debugging is not possible.
    [Show full text]