On Fri, Mar 17, 2006 at 05:13:33PM +0200, Gabriel George POPA wrote:
> A wrote an e-mail yesterday saying something about a sysctl that I used
> on FreeBSD and is missing in OpenBSD. One of the members of
> this list showed himself very angry (do things, don't jut talk about
> them). He's partly right. But his opinion didn't help me... I
> requested some documentation to read in order to write myself that.
> Someone told me this is just a security feature. Yes, it is, but might
> be very important in some situations. Let me give you an example that
> showed how important is not to show your processes to all other users:
Actually, this shows that stupid users are still common, but I get your
point. ;-)
> I used wget to download some files by using HTTP (I needed a password
> and a user name - I was not careful and I gave the --http-user=...
> and --http-password=... options). Now, it's obvious that someone could
> read my password and user name for site authentification. Sure,
> it's the user's problem. But OpenBSD is the most secure (it really is)
> and this thing should not miss. Of course, OpenBSD is the best
> when dealing with routing etc., but user security is also important. I
> am decided to do something about this - I will write the code (probably
> there are under 100 lines to be written). But where should I start?
> Where is the doumentation? Should I read similar sources from FreeBSD?
> Should I read code written by other people for OpenBSD? Please tell me
> where to start.
You could trace the library calls (found in at least ps(1), top(1)) into
the libc, and from there the syscalls into the kernel.
> We do a lot of things with OpenBSD. It's really good. But I don't
> know why we eventually touch the speed problem (I am convinced OpenBSD
> is fast, but the users are doing some stupid things sometimes and slow
> it down without knowing that). I have two problems related to speed:
> 1) My hard drive is slow (Maxtor 120GB on a VIA controller - really
> noisy piece of hw - how can I determine if it is in DMA or not and if DMA
> is functioning properly?);
dmesg | grep -i dma should return a line like 'wd0: using PIO mode 4,
Ultra-DMA mode 3'.
> 2) THE MOST IMPORTANT: I have a lot of users with DHCP client on my
> network (Windows machines). The DHCP server is on my OpenBSD
> machine. Clients have speed up to 800kbps/download thread and I have
> (on the server!!!) 70kbps/download thread. How is that possible?
> I find this a nightmare. My OpenBSD server is also DHCP server and
> router (of course, like any router it has only one network interface,
> connected to the same switch as the clients and it's gateway (a CISCO
> router) HA!). The network card is a embedded into the motherboard
> (VIA Rhine II). Where should I look for a solution of this problem? I
> mention that I have this speed even with all clients OFF (!).
Are you telling me that you are using a router that can be bypassed
simply by changing the default gateway?
Anyway, that's not really the point here - there has to be some reason
for the low performance (though 70 kpbs seems cool to me). You mention
something about 'per download thread' - it is better to look at the
total bandwidth.
Netstat -in will show you if you have any errors while transmitting; it
might also be worthwhile checking that the OBSD box can get higher
speeds in a less complicated setup (two machines and a cross cable, for
instance), which would isolate the fault further.
Joachim
