What's New in Netbsd in 2006 ?
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
The Title Title: Subtitle March 2007
sub title The Title Title: Subtitle March 2007 Copyright c 2006-2007 BSD Certification Group, Inc. Permission to use, copy, modify, and distribute this documentation for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE DOCUMENTATION IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS DOCUMENTATION INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CON- SEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEG- LIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS DOCUMENTATION. NetBSD and pkgsrc are registered trademarks of the NetBSD Foundation, Inc. FreeBSD is a registered trademark of the FreeBSD Foundation. Contents Introduction vii 1 Installing and Upgrading the OS and Software 1 1.1 Recognize the installation program used by each operating system . 2 1.2 Recognize which commands are available for upgrading the operating system 6 1.3 Understand the difference between a pre-compiled binary and compiling from source . 8 1.4 Understand when it is preferable to install a pre-compiled binary and how to doso ...................................... 9 1.5 Recognize the available methods for compiling a customized binary . 10 1.6 Determine what software is installed on a system . 11 1.7 Determine which software requires upgrading . 12 1.8 Upgrade installed software . 12 1.9 Determine which software have outstanding security advisories . -
Active-Active Firewall Cluster Support in Openbsd
Active-Active Firewall Cluster Support in OpenBSD David Gwynne School of Information Technology and Electrical Engineering, University of Queensland Submitted for the degree of Bachelor of Information Technology COMP4000 Special Topics Industry Project February 2009 to leese, who puts up with this stuff ii Acknowledgements I would like to thank Peter Sutton for allowing me the opportunity to do this work as part of my studies at the University of Queensland. A huge thanks must go to Ryan McBride for answering all my questions about pf and pfsync in general, and for the many hours working with me on this problem and helping me test and debug the code. Thanks also go to Theo de Raadt, Claudio Jeker, Henning Brauer, and everyone else at the OpenBSD network hackathons who helped me through this. iii Abstract The OpenBSD UNIX-like operating system has developed several technologies that make it useful in the role of an IP router and packet filtering firewall. These technologies include support for several standard routing protocols such as BGP and OSPF, a high performance stateful IP packet filter called pf, shared IP address and fail-over support with CARP (Common Address Redundancy Protocol), and a protocol called pfsync for synchronisation of the firewalls state with firewalls over a network link. These technologies together allow the deployment of two or more computers to provide redundant and highly available routers on a network. However, when performing stateful filtering of the TCP protocol with pf, the routers must be configured in an active-passive configuration due to the current semantics of pfsync. -
EMC Host Connectivity Guide for Oracle Solaris
Dell EMC Host Connectivity Guide for Oracle Solaris P/N 300-000-607 REV 56 MAY 2020 Copyright © 2007 – 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.” DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the propertyof their respective owners. Published in the USA. Dell EMC Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.DellEMC.com 2 Dell EMC Host Connectivity Guide for Oracle Solaris CONTENTS Preface ....................................................................................................................................... 13 Part 1 Connecting Solaris to Dell EMC Storage Chapter 1 Solaris Operating System Solaris operating system overview........................................................................ 20 Multipathing software ........................................................................................... 21 MPxIO/STMS ............................................................................................... -
Fibre Channel and Iscsi Configuration Guide for the Data ONTAP® 8.0 Release Family
Fibre Channel and iSCSI Configuration Guide for the Data ONTAP® 8.0 Release Family NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501 Support telephone: +1 (888) 463-8277 Web: www.netapp.com Feedback: [email protected] Part number: 215-08164_A0 August 2013 Table of Contents | 3 Contents iSCSI configurations .................................................................................... 6 Single-network HA pair in an iSCSI SAN .................................................................. 6 Multi-network HA pair in an iSCSI SAN ................................................................... 7 Direct-attached single-controller configurations in an iSCSI SAN ............................ 8 VLANs for iSCSI configurations ................................................................................ 9 Static VLANs ................................................................................................ 10 Dynamic VLANs ........................................................................................... 10 Fibre Channel configurations .................................................................... 11 FC onboard and expansion port combinations .......................................................... 11 Fibre Channel supported hop count .......................................................................... 12 Fibre Channel supported speeds ................................................................................ 13 Fibre Channel switch -
Pf3e Index.Pdf
INDEX Note: Pages numbers followed by f, n, priority-based queues, 136–145 or t indicate figures, notes, and tables, match rule for queue assignment, respectively. 137–138 overview, 134–135 Symbols performance improvement, 136–137 # (hash mark), 13, 15 queuing for servers in DMZ, ! (logical NOT) operator, 42 142–144 setting up, 135–136 A on FreeBSD, 135–136 on NetBSD, 136 Acar, Can Erkin, 173 on OpenBSD, 135 ACK (acknowledgment) packets transitioning to priority and class-based bandwidth allocation, queuing system, 131–133 139–140 anchors, 35–36 HFSC algorithm, 124, 126, 142 authpf program, 61, 63 priority queues, 132, 137–138 listing current contents of, 92 two-priority configuration, loading rules into, 92 120–121, 120n1 manipulating contents, 92 adaptive.end value, 188 relayd daemon, 74 adaptive firewalls, 97–99 restructuring rule set with, 91–94 adaptive.start value, 188 tagging to help policy routing, 93 advbase parameter, 153–154 ancontrol command, 46n1 advskew parameter, 153–154, 158–159 antispoof tool, 27, 193–195, 194f aggressive value, 192 ARP balancing, 151, 157–158 ALTQ (alternate queuing) framework, atomic rule set load, 21 9, 133–145, 133n2 authpf program, 59–63, 60 basic concepts, 134 basic authenticating gateways, class-based bandwidth allocation, 60–62 139–140 public networks, 62–63 overview, 135 queue definition, 139–140 tying queues into rule set, 140 B handling unwanted traffic, 144–145 bandwidth operating system-based queue actual available, 142–143 assignments, 145 class-based allocation of, 139–140 overloading to -
Hotmobile 2006
After lunch (at a pub), John- Dan Langille ended the confer- find that the paper summaries Mark Garner ([email protected]) ence by giving away books and contained in this overview are gave a presentation about writ- T-shirts. Some books were given extremely brief and are intended ing device drivers in FreeBSD. Of to people chosen randomly [by only to help you identify those course, you can’t learn how to using random() to assign num- papers you would like to read in write device drivers in an hour, bers to all attendees, then sort- full. Those readers interested in a but Garner did a good job of pro- ing] and for various feats. Some- longer summary should refer to viding an overview of the frame- one won a book by spending the Digest of Proceedings that work available. I finally learned over six hours trying to get appears at the end of the work- what has happened to minor de- through Canadian customs. shop proceedings. This digest in- vices (made unnecessary because (There was actually someone cludes a summary of the discus- of devfs). Garner also talked who had spent longer, but he sions that followed each of the about softc, a newer, more effi- had already won a book.) presentations. cient framework for writing de- This overview is based on the vice drivers, about how re- HotMobile 2006: 7th IEEE written notes taken by two stu- sources (memory, IRQs, and Workshop on Mobile Comput- dent volunteers, Tapan Parikh ports) should be handled, and ing Systems and Applications and Alex Varshavsky. -
The Journal of AUUG Inc. Volume 25 ¯ Number 3 September 2004
The Journal of AUUG Inc. Volume 25 ¯ Number 3 September 2004 Features: mychart Charting System for Recreational Boats 8 Lions Commentary, part 1 17 Managing Debian 24 SEQUENT: Asynchronous Distributed Data Exchange 51 Framework News: Minutes to AUUG board meeting of 5 May 2004 13 Liberal license for ancient UNIX sources 16 First Australian UNIX Developer’s Symposium: CFP 60 First Digital Pest Symposium 61 Regulars: Editorial 1 President’s Column 3 About AUUGN 4 My Home Network 5 AUUG Corporate Members 23 A Hacker’s Diary 29 Letters to AUUG 58 Chapter Meetings and Contact Details 62 AUUG Membership AppLication Form 63 ISSN 1035-7521 Print post approved by Australia Post - PP2391500002 AUUGN The journal of AUUG Inc. Volume 25, Number 3 September 2004 Editor ial Gr eg Lehey <[email protected]> After last quarter's spectacularly late delivery of For those newcomers who don't recall the “Lions AUUGN, things aregradually getting back to nor- Book”, this is the “Commentary on the Sixth Edi- mal. I had hoped to have this on your desk by tion UNIX Operating System” that John Lions the end of September,but it wasn't to be. Given wr ote for classes at UNSW back in 1977. Suppos- that that was only a couple of weeks after the “Ju- edly they werethe most-photocopied of all UNIX- ly” edition, this doesn’t seem to be such a prob- related documents. Ihad mislaid my photocopy, lem. I'm fully expecting to get the December is- poor as it was (weren't they all?) some time earli- sue out in time to keep you from boredom over er,soIwas delighted to have an easy to read ver- the Christmas break. -
Iscsi Testing: What Are the Test Challenges Under the Hood of a 10 Gb Iscsi Storage Product Certification?
iSCSI testing: What are the test Challenges Under the Hood of a 10 Gb iSCSI Storage Product Certification? Dr. M. K. Jibbe Distinguished Engineer Manager and Technical Lead of Test Architect and Product Certification in India LSI Corporation (Engenio Storage Group) Storage Developer Conference 2009 © 2009 Insert Copyright Information Here. All Rights Reserved. 1 Abstract iSCSI RAID Storage Testing The certification of a 10 Gb iSCSI RAID Storage System elicits a lot of challenges at the development level and the Test / Quality Assurance level. The challenges are due to the fact that a 10 Gb iSCSI is a newly deployed iSCSI host interface in the RAID Storage environment. As a result the size of a development module level test should be designed very carefully to establish a test coverage beyond basic implementation verification, standard RAID testing, or the iSCSI plug fest. These module level tests must tackle the test time windows associated with the following iSCSI characteristics: NIC vs. CNA Device discovery, 10 GB switch traffic control and congestion, Security mechanisms with different Operating systems, Operational parameters associated with I/O retries and recovery Management, Administration, and Integration with Storage products Design For Testability “DFT” mechanisms Diagnostics, problem Isolations IPV4 vs. IPV6 However a number of the module tests above can be leveraged from the certification a 1 Gb iSCSI RAID products. There are specific features such as backup, snapshot, remote mirroring, and cluster application compatibility that must be supported by the RAID product and must be verified during the testing of the RAID controller host interface. Storage Developer Conference 2009 © 2009 Insert Copyright Information Here. -
Implementing Ipv6: Experiences at KAME Project
Implementing IPv6: experiences at KAME project Jun-ichiro Hagino, IIJ research laboratory itojun@{iijlab.net,kame.net} Outline What is IPv6, and why IPv6 (brief summary) What is KAME project Some technical insights observed at KAME Implmentation status What are the TODOs, issues from both specification/implementation What is IPv6? Expansion of address space - 32bit -> 128bit 32bit: 4.3 billion nodes maximum not sufficient, blocking new IP-based applications from appearing 128bit: 3.4 x 10^38 nodes maximum Make new technologies mandatory IPv4: designed in 1970’s IPv6: designed in 1990’s autoconfiguration, multicast, security, ... Why? - IPv4 address space is filled up, NAT is killing us all When? - Already there, so you should How? - (next slide) How to operate IPv6? IPv6 is "IP with bigger address space", almost no difference with IPv4 bigger address space makes a huge difference Base spec NAT-free 128bit address, simpler base header, extensible header format Enables many future application deployment and uses Routing - OSPFv3, RIPng, BGP4+ QoS - diffserv, RSVP (separate effort from IPv6 itself) more friendly than IPv4 Mobility - mobile-ip6 No foreign agent necessary Security - IPsec (separate effort from IPv6 itself) A "fully conformant IPv6 implementation" must have IPsec code Autoconfiguration stateless autoconf, DHCPv6 Multicast - PIM, MLD (= IGMP) Applications - HTTP, FTP, VoIP, whatever you do with IPv4 New applications would appear when IPv6 hits the critical mass Problem we had in 1995... IPv6 specification is out, but there’s -
Iscsi SAN Configuration Guide Update 2 and Later for ESX Server 3.5, ESX Server 3I Version 3.5, Virtualcenter 2.5 Iscsi SAN Configuration Guide
iSCSI SAN Configuration Guide Update 2 and later for ESX Server 3.5, ESX Server 3i version 3.5, VirtualCenter 2.5 iSCSI SAN Configuration Guide iSCSI SAN Configuration Guide Revision: 20090313 Item: EN-000035-01 You can find the most up-to-date technical documentation on our Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: [email protected] © 2007–2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware, the VMware “boxes” logo and design, Virtual SMP and VMotion are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc. Contents About This Book 7 1 Using ESX Server with a Storage Area Network 11 Understanding Virtualization 12 Network Virtualization 12 Storage Virtualization 12 Storage Area Network Concepts 15 Ports 16 Multipathing and Path Failover 17 Storage System Types 17 Target Compared to LUN Representations 17 iSCSI Naming Conventions 19 Overview of Using ESX Server with a SAN 20 Benefits of Using ESX Server with a SAN 20 Use Cases 21 Finding SAN Configuration Information 21 Basics of Using SAN Storage Systems with an ESX Server 22 Network Configuration and Authentication 22 Sharing a VMFS Across ESX Servers 22 Metadata Updates 24 Volume Display and Rescan 24 Levels of Indirection 24 Data Access: VMFS or RDM 25 Third‐Party Management Applications 26 Discovery, Authentication, and Access Control 26 Error Correction 27 Understanding VMFS and SAN Storage Choices 27 Choosing Larger or Smaller LUNs 27 Making LUN Decisions 28 Tips for Making LUN Decisions 29 VMware, Inc. -
Free, Functional, and Secure
Free, Functional, and Secure Dante Catalfamo What is OpenBSD? Not Linux? ● Unix-like ● Similar layout ● Similar tools ● POSIX ● NOT the same History ● Originated at AT&T, who were unable to compete in the industry (1970s) ● Given to Universities for educational purposes ● Universities improved the code under the BSD license The License The license: ● Retain the copyright notice ● No warranty ● Don’t use the author's name to promote the product History Cont’d ● After 15 years, the partnership ended ● Almost the entire OS had been rewritten ● The university released the (now mostly BSD licensed) code for free History Cont’d ● AT&T launching Unix System Labories (USL) ● Sued UC Berkeley ● Berkeley fought back, claiming the code didn’t belong to AT&T ● 2 year lawsuit ● AT&T lost, and was found guilty of violating the BSD license History Cont’d ● BSD4.4-Lite released ● The only operating system ever released incomplete ● This became the base of FreeBSD and NetBSD, and eventually OpenBSD and MacOS History Cont’d ● Theo DeRaadt ○ Originally a NetBSD developer ○ Forked NetBSD into OpenBSD after disagreement the direction of the project *fork* Innovations W^X ● Pioneered by the OpenBSD project in 3.3 in 2002, strictly enforced in 6.0 ● Memory can either be write or execute, but but both (XOR) ● Similar to PaX Linux kernel extension (developed later) AnonCVS ● First project with a public source tree featuring version control (1995) ● Now an extremely popular model of software development anonymous anonymous anonymous anonymous anonymous IPSec ● First free operating system to implement an IPSec VPN stack Privilege Separation ● First implemented in 3.2 ● Split a program into processes performing different sub-functions ● Now used in almost all privileged programs in OpenBSD like httpd, bgpd, dhcpd, syslog, sndio, etc. -
Recent Security Enhancements in Netbsd
Recent Security Enhancements in NetBSD Elad Efrat < [email protected] > September 2006 Abstract Over the years, NetBSD obtained the position of the BSD focusing on portability. While it is true that NetBSD offers an easily portable operating system, care is also given to other areas, such as security. This paper presents the NetBSD philosophy of security, design decisions, and currently offered security features. Finally, some of the current and future research will be revealed. 1. Introduction Running on almost twenty different architectures, and easily portable to others, NetBSD gained its reputation as the most portable operating system on the planet. While that may indicate high quality code, the ever demanding networked world cares about more than just that. Over the past year, NetBSD evolved quite a bit in various areas; this paper, however, will focus on the aspect relating to security. This paper was written and structured to present a full overview of the recent security enhancements in NetBSD in an easily readable and balanced form that will satisfy new, intermediate, and experienced users. References were sprinkled across the text to provide more information to those who want the gory details, while preserving the continuity. Section 2 will present the bigger picture of security in NetBSD: how NetBSD perceives security, the design decisions of NetBSD software in general and the security infrastructure and features more specifically. Section 3 will present a detailed overview of the recent enhancements in the security infrastructure and features of NetBSD including, where relevant, details about the design, implementation, and possible future development. Section 4 will present current security-related research and development in NetBSD, and section 5 will discuss how the described enhancements work together to provide a more secure platform.