You can subscribe to this list here.
2002 |
Jan
|
Feb
(56) |
Mar
(20) |
Apr
|
May
(4) |
Jun
(6) |
Jul
(4) |
Aug
(22) |
Sep
(5) |
Oct
(1) |
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
|
Feb
(3) |
Mar
(4) |
Apr
(13) |
May
(11) |
Jun
(63) |
Jul
(69) |
Aug
(59) |
Sep
(9) |
Oct
|
Nov
(5) |
Dec
(5) |
2004 |
Jan
(5) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: peceka <pe...@gm...> - 2005-07-05 14:54:18
|
hi, Is cerber still being developed? How does it work in FBSD 5.4? Is it stable? Regards, p. |
From: Dariusz K. <ce...@ta...> - 2004-01-09 07:44:42
|
Hello Simon, Thursday, January 8, 2004, 4:46:04 AM, you wrote: >> I was playing with openvpn, and bridging, I belive result of crash was >> when I unloaded bridging module. > Some modules does not handle being unloaded very well, so I don't think > it's unlikely that the problem is a FreeBSD bug and not Cerber. > I just tested on my 4.9 crashbox and that didn't panic when I unloaded > the bridge module, but of course the problem might have been solved > after 4.8. You know what, I was unloading bridging and if_tap, on the logs I had: rl0: promiscuous mode disabled tap0: promiscuous mode disabled so I belive that bridging unloaded successfully, but system crashed while I was unloading tap device. -- Best regards, Dariusz mailto:ce...@ta... http://eggdrop.takeda.tk - eggdrop help |
From: Dariusz K. <ce...@ta...> - 2004-01-09 07:35:05
|
Hello Pawel, Thursday, January 8, 2004, 12:49:06 AM, you wrote: > Could you show backtrace? > There is a description in developers-handbook how to get backtrace > and how to load kld module symbols. Ehh, I was trying couple of the times, and it didn't give me any backtrace, I checked logs and I noticed this: Jan 7 16:15:21 freebsd /kernel: dumpon: Jan 7 16:15:21 freebsd /kernel: sysctl: kern.dumpdev Jan 7 16:15:21 freebsd /kernel: : Jan 7 16:15:21 freebsd /kernel: No space left on device Jan 7 16:15:21 freebsd /kernel: swapon: adding /dev/ad0s1b as swap device Jan 7 16:15:21 freebsd /kernel: Loading cerb... Ehh, sorry :((( Since last restart I installed more memory, but didn't increase swap, since I didn't wanted to destroy slices, damn. -- Best regards, Dariusz mailto:ce...@ta... http://eggdrop.takeda.tk - eggdrop help |
From: Simon L. N. <simon@FreeBSD.org> - 2004-01-08 12:46:13
|
On 2004.01.07 16:31:03 -0800, Dariusz Kulinski wrote: > Hello, >=20 > I don't know it that was cerb related or not, but I only have cerb as > third party module, so either is cerb or bug in freebsd (mine is > 4.8) >=20 [snip] > I was playing with openvpn, and bridging, I belive result of crash was > when I unloaded bridging module. Some modules does not handle being unloaded very well, so I don't think it's unlikely that the problem is a FreeBSD bug and not Cerber. I just tested on my 4.9 crashbox and that didn't panic when I unloaded the bridge module, but of course the problem might have been solved after 4.8. --=20 Simon L. Nielsen FreeBSD Documentation Team |
From: Pawel J. D. <ni...@ga...> - 2004-01-08 08:48:57
|
On Wed, Jan 07, 2004 at 04:31:03PM -0800, Dariusz Kulinski wrote: +> Fatal trap 12: page fault while in kernel mode +> fault virtual address =3D 0x26 +> fault code =3D supervisor read, page not present +> instruction pointer =3D 0x8:0xc01ccf37 +> stack pointer =3D 0x10:0xcda45e30 +> frame pointer =3D 0x10:0xcda45e4c +> code segment =3D base 0x0, limit 0xfffff, type 0x1b +> =3D DPL 0, pres 1, def32 1, gran 1 +> processor eflags =3D interrupt enabled, resume, IOPL =3D 0 +> current process =3D 89886 (python) +> interrupt mask =3D +> trap number =3D 12 +> panic: page fault +>=20 +> syncing disks... 56 45 35 16 +> done +> Uptime: 91d3h55m20s +> Automatic reboot in 15 seconds - press a key on the console to abort +>=20 +> I was playing with openvpn, and bridging, I belive result of crash was +> when I unloaded bridging module. +>=20 +> My kernel was compiled with debugging symbols, but I don't know what +> to do to get more informations. +> I have also /var/crash/vmcore.0 file from crash. Could you show backtrace? There is a description in developers-handbook how to get backtrace and how to load kld module symbols. --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Dariusz K. <ce...@ta...> - 2004-01-08 00:31:13
|
Hello, I don't know it that was cerb related or not, but I only have cerb as third party module, so either is cerb or bug in freebsd (mine is 4.8) rl0: promiscuous mode disabled tap0: promiscuous mode disabled Fatal trap 12: page fault while in kernel mode fault virtual address = 0x26 fault code = supervisor read, page not present instruction pointer = 0x8:0xc01ccf37 stack pointer = 0x10:0xcda45e30 frame pointer = 0x10:0xcda45e4c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 89886 (python) interrupt mask = trap number = 12 panic: page fault syncing disks... 56 45 35 16 done Uptime: 91d3h55m20s Automatic reboot in 15 seconds - press a key on the console to abort I was playing with openvpn, and bridging, I belive result of crash was when I unloaded bridging module. My kernel was compiled with debugging symbols, but I don't know what to do to get more informations. I have also /var/crash/vmcore.0 file from crash. -- Best regards, Dariusz mailto:ce...@ta... |
From: <pawmal@FreeBSD.lublin.pl> - 2003-12-11 20:29:41
|
On 3 Dec 2003 at 15:51, Dariusz Kulinski wrote: > Is it only me who thinks, that 5.x isn't stable yet, an upgrading to You are not alone. PM |
From: Mikhail A. B. <bm...@bm...> - 2003-12-04 19:24:42
|
During use CerbNG I have found such problem: variable rdir and jdir are calculated coming from the current chroot and accordingly rdir always == "/", but jdir without chroot == NULL, but in chroot == rdir == "/". Possible this so and is conceived :) But I have written patch which must correct this problem. -- Mikhail A. Babich BMA8-RIPN, BMA-RIPE -------------------- TSUoCSR, CTT. |
From: Dariusz K. <ce...@ta...> - 2003-12-03 23:52:16
|
Hello Pawel, Wednesday, December 3, 2003, 12:38:41 AM, you wrote: > What I don't want to do is: > 1. Create release 1.0 for FreeBSD 4.x without futher support. Is it only me who thinks, that 5.x isn't stable yet, an upgrading to it is not worth it? C'mon there is ready code for 4.x, I think it's pretty good, only few bugs should have been fixed and it should be enough, no new features, this only slows down final release. -- Best regards, Dariusz mailto:ce...@ta... http://eggdrop.takeda.tk - eggdrop help |
From: Pawel J. D. <ni...@ga...> - 2003-12-03 08:38:56
|
On Tue, Dec 02, 2003 at 10:14:29AM +0100, Pawel Rutkowski wrote: +> PJD Could You tell us what will be future of cerb ?=20 +> Short and long term plans ?=20 Plans are quite good defined, but there are few additional problems. Release v1.0-RC3 is almost complete, but there are still some documentation and cbctl issues, because of Slawek's (and mine) leak of time. I'm not sure if I want to made release 1.0 for FreeBSD 4.x, because most of my machines are running FreeBSD 5.x now and I'll not be able to maintain this version of cerb. All I can do is to push release 1.0-RC3 without any guarantees. Long term plans are of course releated to porting cerb to FreeBSD 5.x. There are some hard points here. First of all I'm waiting for audit implementation from TrustedBSD. I hope I'll be able to find some helpful functionality and stop doing VM-tricks in cerb. What I don't want to do is: 1. Create release 1.0 for FreeBSD 4.x without futher support. 2. Create release 1.0 without complete documentation. 3. Port cerb to 5.x with VM-tricks inside. 4. Push release 1.0 without good testing. This is security software, I don't want to end up with something that will decrease security of your system. --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Pawel R. <so...@rs...> - 2003-12-02 09:14:54
|
Hi, PJD Could You tell us what will be future of cerb ? Short and long term plans ? Regards -- Pawel Rutkowski Centauri RSC +48 22 847 68 52 http://www.rsc.pl |
From: <pawmal@FreeBSD.lublin.pl> - 2003-11-29 20:09:17
|
On 29 Nov 2003 at 10:01, Pawel Rutkowski wrote: > > Is this list working if it is, was I unsubscribed, since I didn't > > receive any message for long time. > List is working but there is no posts :) Please don't lie, there were at least three messages during this day. ;)) cheers, -- PM |
From: Pawel R. <pa...@rs...> - 2003-11-29 09:01:43
|
> Is this list working if it is, was I unsubscribed, since I didn't > receive any message for long time. List is working but there is no posts :) -- Pawel Rutkowski Centauri RSC +48 22 847 6852 http://www.rsc.pl |
From: Dariusz K. <ce...@ta...> - 2003-11-29 07:38:13
|
Hello, Is this list working if it is, was I unsubscribed, since I didn't receive any message for long time. -- Best regards, Dariusz mailto:ta...@ta... |
From: Pawel J. D. <ni...@ga...> - 2003-11-03 09:35:56
|
On Mon, Nov 03, 2003 at 10:12:54AM +0100, Michal Belczyk wrote: +> some time ago I noticed that my syslogd consumes lots of memory, say +> 50M, and after each: +> echo aaa | logger +> grows another 4K. +> I have the syslogd.cb policy enabled. When it's disabled the problem +> disappears. In fact it only happens when logging into /dev/ttyv? is +> enabled in my /etc/syslog.conf. +>=20 +> Could anyone confirm the issue ? You can dump current memory allocations by doing: # sysctl cerb.mem.stat=3D1 You can also try to unload cerb? If there is a memory leak you should seen information about this (of course if you've CERB_SAFEMALLOC compiled in, which is compiled in by default). --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Michal B. <di...@bs...> - 2003-11-03 09:12:13
|
Hello, some time ago I noticed that my syslogd consumes lots of memory, say 50M, and after each: echo aaa | logger grows another 4K. I have the syslogd.cb policy enabled. When it's disabled the problem disappears. In fact it only happens when logging into /dev/ttyv? is enabled in my /etc/syslog.conf. Could anyone confirm the issue ? --=20 Michal Belczyk |
From: Pawel J. D. <ni...@ga...> - 2003-09-30 11:21:12
|
Hello. I just MFCed changes to RELEASE_1_0_RC3 and RELEASE_1_0 branches. If you use one of this branch, please test those changes. CerbNG v1.0-RC3 should be avaliable soon, it is delayed, because of my leak of time. --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Pawel R. <so...@rs...> - 2003-09-03 07:38:09
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Are you sure this was because of kcerb/ucerb desynch? No - i'm almost sure it wasn't. > Maybe there was desynch between cerb and kernel? Or maybe there is a Look at subject :) I was writing about desynch beetwen kcerb and kernel. > bug in cerb? Probably not - after reboot i've recompiled kcerb and ucerb and everything looks normal now. - -- Pawel Rutkowski Centauri RSC +48 22 847 68 52 http://www.rsc.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/VZpRaDcb2WrrB7QRAtu8AKCNNDIfNuqnv96epOsNDHWvm89YawCgtuve KA9BrLoSCRm5IucH7gHqLSI= =GDFY -----END PGP SIGNATURE----- |
From: Dariusz K. <ta...@ta...> - 2003-09-03 07:07:04
|
Hello Pawel, Tuesday, September 2, 2003, 11:22:13 PM, you wrote: +>> I think there is bug in cerb, I don't know if you readed my previous +>> posts, but I got same error, and for sure there was no desynch between +>> kcerb and kernel, because I still keep 4.8 kernel code, problems +>> appeared while I recompiled new cerb. > I'll try to reproduce it in that case. Are you talking about HEAD branch > or about RC3 branch as well? HEAD, I belive RC3 is ok. At first I tried to use only RC3, but then I noticed that some bugfixes were only in HEAD so I though that RC3 branch was forgotten, and tried to use HEAD. I also had issues with reading new rules, but it's possible that I didn't upgrade cbctl... +>> But I'm about 90% sure that I did that, also I couldn't set active +>> rules using sysctl, so I doubt it's cbctl issue (but I don't know cerb +>> that much) > This is because one of my last commits. > Rules cannot be loaded if cbctl is using syscall which is currently > catched. So I susspect that cbctl should turn cerb off in first place > and then try to load rules. I'll work on this as well. How should it turn it off? If you're talking about cbctl -s, I can say that this also wasn't working. I tried to unload/load cerber but that didn't solve problem, only system reboot. -- Best regards, Dariusz mailto:ta...@ta... SCSA, SCNA, LPI, CCNA, MCP certified |
From: Pawel J. D. <ni...@ga...> - 2003-09-03 06:20:09
|
On Tue, Sep 02, 2003 at 10:48:27PM -0700, Dariusz Kulinski wrote: +> +>> After loading mismatched cerb, my machine started to do strange thin= gs - +> +>> i was unable to modify cerb rules or unload module (device in use). +> +>> Only reboot helped. +> > Are you sure this was because of kcerb/ucerb desynch? +> > Maybe there was desynch between cerb and kernel? Or maybe there is a +> > bug in cerb? +>=20 +> I think there is bug in cerb, I don't know if you readed my previous +> posts, but I got same error, and for sure there was no desynch between +> kcerb and kernel, because I still keep 4.8 kernel code, problems +> appeared while I recompiled new cerb. I'll try to reproduce it in that case. Are you talking about HEAD branch or about RC3 branch as well? +> But I'm about 90% sure that I did that, also I couldn't set active +> rules using sysctl, so I doubt it's cbctl issue (but I don't know cerb +> that much) This is because one of my last commits. Rules cannot be loaded if cbctl is using syscall which is currently catched. So I susspect that cbctl should turn cerb off in first place and then try to load rules. I'll work on this as well. Thanks! --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Dariusz K. <ta...@ta...> - 2003-09-03 05:56:54
|
Hello Pawel, Tuesday, September 2, 2003, 1:35:00 PM, you wrote: +>> After loading mismatched cerb, my machine started to do strange things - +>> i was unable to modify cerb rules or unload module (device in use). +>> Only reboot helped. > Are you sure this was because of kcerb/ucerb desynch? > Maybe there was desynch between cerb and kernel? Or maybe there is a > bug in cerb? I think there is bug in cerb, I don't know if you readed my previous posts, but I got same error, and for sure there was no desynch between kcerb and kernel, because I still keep 4.8 kernel code, problems appeared while I recompiled new cerb. In my situation, there could be one thing, that you mentioned and I could fail. I'm not sure now if I upgraded cbctl together with kcerb. But I'm about 90% sure that I did that, also I couldn't set active rules using sysctl, so I doubt it's cbctl issue (but I don't know cerb that much) -- Best regards, Dariusz mailto:ta...@ta... SCSA, SCNA, LPI, CCNA, MCP certified |
From: Pawel J. D. <ni...@ga...> - 2003-09-02 20:45:02
|
On Tue, Sep 02, 2003 at 09:31:03PM +0200, Pawel Rutkowski wrote: +> Is it possible to limit number of processes in jail using cerb ?=20 +> After limit is reached, system should disallow any more creation of proc= esses. +> Any ideas ?=20 This is not possible. There are two problems: 1. Cerb cannot catch process' exit, so you will not be able to decrease your counter. 2. I susspect that fork(2)/vfork(2) syscalls are problematic for cerb right now. I need to look at this closer. --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Pawel J. D. <ni...@ga...> - 2003-09-02 20:33:03
|
On Tue, Sep 02, 2003 at 09:36:02PM +0200, Pawel Rutkowski wrote: +> Well, i know that someone must be half brained to do such thing, but it +> happend few times to me. +> Pawel, maybe You should add some kind of checking if the cerb and kernel +> are compiled from the same sources. If not - log message and disallow lo= ading +> of module. There is such check in cbctl, look at ucerb/libcerb.c:1016. Additionally cerb.ko made some checks as well, but when I've check this last time, there is no chance to prevent module from loading - I get panic if I want to return an error (this is FreeBSD bug). So for now only warning message is logged. +> After loading mismatched cerb, my machine started to do strange things -= =20 +> i was unable to modify cerb rules or unload module (device in use). +> Only reboot helped. Are you sure this was because of kcerb/ucerb desynch? Maybe there was desynch between cerb and kernel? Or maybe there is a bug in cerb? --=20 Pawel Jakub Dawidek pa...@da... UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net |
From: Pawel R. <so...@rs...> - 2003-09-02 19:36:17
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, i know that someone must be half brained to do such thing, but it happend few times to me. Pawel, maybe You should add some kind of checking if the cerb and kernel are compiled from the same sources. If not - log message and disallow loading of module. After loading mismatched cerb, my machine started to do strange things - i was unable to modify cerb rules or unload module (device in use). Only reboot helped. This is just my sugestion. - -- Pawel Rutkowski Centauri RSC +48 22 847 68 52 http://www.rsc.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/VPEiaDcb2WrrB7QRAiT4AKCDQH2PtceCC2Aa/PH7vZhbxJEjHgCgtG4K UzhpBNi+VDWmiTku0aVs4ok= =0Iln -----END PGP SIGNATURE----- |
From: Pawel R. <so...@rs...> - 2003-09-02 19:32:33
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is it possible to limit number of processes in jail using cerb ? After limit is reached, system should disallow any more creation of processes. Any ideas ? - -- Pawel Rutkowski Centauri RSC +48 22 847 68 52 http://www.rsc.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/VO/3aDcb2WrrB7QRAqZZAJ934rgacpuPo/FZSUK23mef74EAnACfWTA+ vmZRR434u6RsX/it14hmLRk= =4h5q -----END PGP SIGNATURE----- |