There are currently three active/semi-active branches in the FreeBSD +
目前有三個活躍/半活躍的分支在 FreeBSD 的
To make a release you need to do three things: First, you need to
- be running a kernel with the 做 release 包括下面這三個步驟:首先,做出有 Second, you have to have the whole CVS repository at hand.
- To get this you can use 接著,你手上要有整個 CVS repository。可以參考 Then run 然後執行 Finally, you need a chunk of empty space to build into. Let's
- say it's in /some/big/filesystem, and from the example
- above you've got the CVS repository in /home/ncvs:
+ 最後,硬碟要有相當大的空間來做 release。假設你想把它放在
+ /some/big/filesystem 這裡,上面這個例子也把 CVS
+ repository 放在 /home/ncvs 了,接著:
An entire release will be built in
- /some/big/filesystem/release and you will have a full FTP-type
- installation in /some/big/filesystem/release/R/ftp when you're
- done. If you want to build your SNAP along some other branch than
- -current, you can also add 整個 release 會做在 /some/big/filesystem/release。結束
+ 時 /some/big/filesystem/release/R/ftp 這個目錄可以直接用
+ 來做為 FTP 安裝方式的來源。如果想做出 -current 以外分支的 SNAP,
+ 在上面 make release 這一行加
- The entire process of creating installation disks and source and
- binary archives is automated by various targets in
- /usr/src/release/Makefile. The information there should
- be enough to get you started. However, it should be said that this
- involves doing a ``make world'' and will therefore take up a lot of
- time and disk space.
+ 建立安裝磁片、還有做出 source/binary archive,都是由
+ /usr/src/release/Makefile 裡面的各種 target 自動產生,這
+ 個檔案裡的資訊應該足以開始。但是這個過程牽涉到 make world,所以會
+ 用到相當多的時間和硬碟空間。
Yes, this is the general idea; as its name might suggest,
- ``make world'' rebuilds every system binary from scratch, so you can be
- certain of having a clean and consistent environment at the end (which
- is why it takes so long).
+ 沒錯,就是這樣子。如名字所示,``make world'' 會重新編譯系統內建
+ 的每個 binary 檔,這樣在結束時就可確定有個一致且乾淨的環境(所以要
+ 花上好一段時間)。
- If the environment variable ${DESTDIR}.
- Some random combination of shared libraries modifications and
- program rebuilds can cause this to fail in ``在執行 ``${DESTDIR} 下的同樣目錄樹中。但在某些修
+ 改 shared library 和重建 binary 的無特定情況下,這樣做可能會使
+ ``
The Adaptec 1542 SCSI host adapters allow the user to configure
- their bus access speed in software. Previous versions of the
- 1542 driver tried to determine the fastest usable speed and set
- the adapter to that. We found that this breaks some users'
- systems, so you now have to define the ``Adaptec 1542 SCSI 卡允許使用者用軟體調整匯流排的存取速度。早
+ 期的 1542 驅動程式試圖將它設成可用的最快速度,但後來發現在一些
+ 機器上不能用,所以現在要在 kernel 設定中加 ``
Yes, you can do this
+ 可以,藉著 Newer BSD based systems have a ``在以 BSD 為主的較新系統中,split 有個 ``Here is an example from /usr/src/Makefile.
+ 這裡是 /usr/src/Makefile 中的一個例子:
Please take a look at 請看一下 And thanks for the thought!
+ 同時也感謝你的費心!
By: In a nutshell, there a few I/O ports that all of the PnP boards
- respond to when the host asks if anyone is out there. So when
- the PnP probe routine starts, he asks if there are any PnP boards
- present, and all the PnP boards respond with their model # to
- a I/O read of the same port, so the probe routine gets a wired-OR
- ``yes'' to that question. At least one bit will be on in that
- reply. Then the probe code is able to cause boards with board
- model IDs (assigned by Microsoft/Intel) lower than X to go
- ``off-line''. It then looks to see if any boards are still
- responding to the query. If the answer was ``The IDs are two 32-bit fields (hence 2ˆ64) + 8 bit checksum.
- The first 32 bits are a vendor identifier. They never come out
- and say it, but it appears to be assumed that different types of
- boards from the same vendor could have different 32-bit vendor
- ids. The idea of needing 32 bits just for unique manufacturers
- is a bit excessive.
-
- The lower 32 bits are a serial #, ethernet address, something
- that makes this one board unique. The vendor must never produce
- a second board that has the same lower 32 bits unless the upper
- 32 bits are also different. So you can have multiple boards of
- the same type in the machine and the full 64 bits will still be
- unique.
-
- The 32 bit groups can never be all zero. This allows the
- wired-OR to show non-zero bits during the initial binary search.
-
- Once the system has identified all the board IDs present, it will
- reactivate each board, one at a time (via the same I/O ports),
- and find out what resources the given board needs, what interrupt
- choices are available, etc. A scan is made over all the boards
- to collect this information.
-
- This info is then combined with info from any ECU files on the
- hard disk or wired into the MLB BIOS. The ECU and BIOS PnP
- support for hardware on the MLB is usually synthetic, and the
- peripherals don't really do genuine PnP. However by examining
- the BIOS info plus the ECU info, the probe routines can cause the
- devices that are PnP to avoid those devices the probe code cannot
- relocate.
-
- Then the PnP devices are visited once more and given their I/O,
- DMA, IRQ and Memory-map address assignments. The devices will
- then appear at those locations and remain there until the next
- reboot, although there is nothing that says you can't move them
- around whenever you want.
-
- There is a lot of oversimplification above, but you should get
- the general idea.
-
- Microsoft took over some of the primary printer status ports to
- do PnP, on the logic that no boards decoded those addresses for
- the opposing I/O cycles. I found a genuine IBM printer board
- that did decode writes of the status port during the early PnP
- proposal review period, but MS said ``tough''. So they do a
- write to the printer status port for setting addresses, plus that
- use that address + ISA 的 Plug N Play 卡是怎麼偵測和初始化的?
+
+ 由 簡單的說,當主機發出是否有 PnP 卡的詢問訊號時,所有的 PnP
+ 會在幾個固定的 I/O port 作回應。所以當偵測 PnP 的程式開始時,它
+ 會先問有沒有 PnP 卡在,接著所有 PnP 卡會在它所讀的 port 以自己
+ 的型號 # 作回答,這樣偵測程式就會得到一個 wired-OR ``yes''
+ 的數字,其中至少會有一個 bit 是打開的。然後偵測程式會要求型號
+ (由 Microsoft/Intel指定)小於 X 的卡``離線'',再去看是否還有卡回
+ 答同樣的詢問,如果得到 ``一張卡的 ID 由兩個 32-bit(所以上面是 2ˆ64) + 8bit 偵錯
+ 碼組成,第一個 32 bits 是用來區分各家廠商的。這些廠商沒有出來澄
+ 清過,但看來應假設同一家出的不同種類的卡的廠商 ID 有可能不同。
+ 用 32 bits 只來表示不同廠商的想法實在有點過頭了。
+
+ 第二個 32 bits 則是型號 &num、乙太網路位址、或一些使這張卡獨
+ 特的資料。除非第一個 32 bits 不同,否則廠商不可能作出第二個 32
+ bit 相同的兩張卡。所以在一台機器中可以有同樣的好幾張卡,然而他們
+ 整個 64 bits 還是會都不一樣。
+
+ 這兩個 32 bit 永遠都不可能為零,這使得最開始 binary search 中
+ 的 wired-OR 會得到一個非零數字。
+
+ 一旦系統區分出所有卡的 ID,接著會經由同樣的 port 一個個重新啟
+ 動每張卡,接著找出已知介面卡所需的資源、有那些可以選的 interrupt
+ 等等。所有卡都會被掃描一次,來收集這些資料。
+
+ 這些資訊接著和硬碟上的 ECU 檔案、或 MLB BIOS 裡的資料結合在一
+ 起,通常是綜合 ECU 和 MLB 裡的 BIOS PnP 資料,這些週邊並不支援真
+ 正的 PnP,然而偵測程式在檢查 BIOS 和 ECU 資料後,它可以避免 PnP
+ 週邊和那些偵測不到的相衝突。
+
+ 接著再度拜訪這些 PnP 週邊,這次會把可用的 I/O、DMA、IRQ 和記
+ 憶體映射的位址都指定給它們。這些週邊就會出現在所指定的地方,直到
+ 下一次重新開機為止,不過也沒有人說不能把它們隨時移來移去。
+
+ 上面有相當多的簡化,但你應該已經了解大致的過程。
+
+ Microsoft 把表示印表機狀態的幾個主要 port 拿來作 PnP,他們的
+ 邏輯是沒有一張卡會在這些地方解碼作相反的 I/O cycles。但是我找到
+ 一款早期仍在評估 PnP 提案時的 IBM 原廠 printer board,它的確去解
+ 對這些狀態 port 的寫入資料,但是 MS ``說了就算''。所以它們的確有
+ 對印表機狀態 port 寫入,還有讀取該位址 +
- Several groups of people have expressed interest in working on
- multi-architecture ports for FreeBSD and the FreeBSD/AXP (ALPHA)
- port is one such effort which has been quite successful, now
- available in 3.0 SNAPshot release form at This depends on whether or not you plan on making the driver
- publicly available. If you do, then please send us a copy of the
- driver source code, plus the appropriate modifications to
- files.i386, a sample configuration file entry, and the
- appropriate 這要看你是否打算將這個驅動程式公開使用,如果是的話,請把它的原始
+ 碼送一份給我們,還有 files.i386 修改的部份、kernel 設定
+ 檔樣本、以及用來產生設備檔的
- In answer to the question of alternative layout policies for
- directories, the scheme that is currently in use is unchanged
- from what I wrote in 1983. I wrote that policy for the original
- fast filesystem, and never revisited it. It works well at keeping
- cylinder groups from filling up. As several of you have noted,
- it works poorly for find. Most filesystems are created from
- archives that were created by a depth first search (aka ftw).
- These directories end up being striped across the cylinder groups
- thus creating a worst possible senario for future depth first
- searches. If one knew the total number of directories to be
- created, the solution would be to create (total / fs_ncg) per
- cylinder group before moving on. Obviously, one would have to
- create some heuristic to guess at this number. Even using a
- small fixed number like say 10 would make an order of magnitude
- improvement. To differentiate restores from normal operation
- (when the current algorithm is probably more sensible), you
- could use the clustering of up to 10 if they were all done
- within a ten second window. Anyway, my conclusion is that this
- is an area ripe for experimentation. 在回答有關目錄放置方式不同的問題上,我在 1983 年寫好目前的作法
+ 後就沒有再改變過,這種方式是針對原先的 FFS 檔案系統,後來也沒
+ 有對它作任何更動。它在避免 cylinder group 被填滿這方面做得相當
+ 成功,但是就像有些人已經注意到,它和 `find' 就配合得不大好。大
+ 部份的檔案系統是由那些用 depth first search(aka ftw) 產生的
+ archive 製造出來,解出來的目錄 inode 會橫跨好幾個 cylinder
+ group,如果以後要做 depth first search 的話,這是最糟糕的情況之
+ 一。如果我們知道總共會產生多少目錄的話,解法是在做任何存取/寫
+ 入動作之前,在每個 cylinder group 上先造出(所有目錄數/cylinder
+ greoup 的數目)這麼多的目錄。很明顯的,我們必須要有根據地去猜這
+ 個數字,就算一個像 10 的很小固定數目也會使效率以級數成長。區分
+ restore (即解開上述的 archive) 和一般檔案操作的方法可以是(現在
+ 用的演算法可能要更敏感):如果一些目錄(最多 10 個)都在 10 秒內產
+ 生的話,那麼就把這些目錄聚集在同一個 cylinder group。不管怎樣,
+ 我的經驗指出這是一個已經充份實驗過的部份。 Kirk McKusick, September 1998
- [This section was extracted from a mail written by
- [<ben@rosengart.com> posted the following panic
- message]
+ [<ben@rosengart.com> 發表了下面的 panic 訊息]
[When] you see a message like this, it's not enough to just
- reproduce it and send it in. The instruction pointer value that
- I highlighted up there is important; unfortunately, it's also
- configuration dependent. In other words, the value varies
- depending on the exact kernel image that you're using. If you're
- using a GENERIC kernel image from one of the snapshots, then
- it's possible for somebody else to track down the offending
- function, but if you're running a custom kernel then only
- What you should do is this:
+ 當你看到像這樣的訊息時,只把它拷一份送上來是不夠的。我在上
+ 面特地標明的 instruction pointer 值相當重要,不幸的是它會因設
+ 定而不同。換句話說,這個值會跟你用的 kernel image 檔而變動。如
+ 果是用某個 snapshot 版本的 GENERIC kernel,也許其他人可以追蹤
+ 到出問題的函式,但如果你是用自訂的 kernel,那麼只有要做的事包括這些:
I see people constantly show panic messages like this but
- rarely do I see someone take the time to match up the
- instruction pointer with a function in the kernel symbol table.
+ 我常常看到人們顯示一大片 panic 訊息,但很少看到有人花一點時間
+ 把 instruction pointer 和 kernel symbol table 中的函式比較一下。
- The best way to track down the cause of a panic is by
- capturing a crash dump, then using 要追蹤出造成 panic 原因的最好方法是先做出 crash dump,然後用
+
- In any case, the method I normally use is this:
+ 不管是那一種,我通常是用這個方法:
[Note: Now that FreeBSD 3.x kernels are Elf by default,
- you should use
-
- Note that YOU DO To make sure you capture a crash dump, you need edit
- /etc/rc.conf and set /etc/rc.conf, the /var/crash.
-
- NOTE: FreeBSD crash dumps are usually the same size as the
- physical RAM size of your machine. That is, if you have 64MB of
- RAM, you will get a 64MB crash dump. Therefore you must make sure
- there's enough space in /var/crash to hold the dump.
- Alternatively, you run Once you have recovered the crash dump, you can get a stack
- trace with [注意:現在 FreeBSD 3.x kernel 內定是 ELF 格式,所以應該
+ 用
+
+ 注意你要確定能抓到 crash dump,先編輯 /etc/rc.conf,將
+ /etc/rc.conf
+ 裡有設 /var/crash。
+
+ 注意:FreeBSD 的 crash dump 通常和機器裡的實際記憶體一樣大,
+ 就像如果有 64MB 記憶體,crash dump 大小就是 64MB。所以要確定
+ /var/crash 下有足夠的空間,或是可以手動執行 一旦發現有了 crash dump,就可以用
Note that there may be several screens worth of information;
- ideally you should use Now, if you're really insane and have a second computer, you
- can also configure [Bill adds: "I forgot to mention one thing: if you have
- DDB enabled and the kernel drops into the debugger, you can
- force a panic (and a crash dump) just by typing 'panic' at the
- ddb prompt. It may stop in the debugger again during the panic
- phase. If it does, type 'continue' and it will finish the crash
- dump." -ed]
+ 要注意可能會出現好幾個螢幕的可用資訊,你可以用 好啦,如果你有第二台電腦而且有夠瘋狂,可以將 [Bill 附注:我忘了提到一點:如果你有啟動 DDB 而 kernel 也
+ 已經進入除錯器,可以在 DDB 命令列下打 `panic',強迫產生 panic(還
+ 有 crash dump)。也有可能在 panic 階段時再進入除錯器,如果這樣的話
+ ,輸入 `continue',接著它就會完成 crash dump。 -ed]
+
+ 在 ELF 一系列的工具中,內定是不會讓 dynamic linker 看到執行檔
+ 裡定義了那些 symbol。所以 dlsym() 沒有辦法用藉由呼叫
+ dlopen(NULL, flags) 取得的 handle,用它去搜尋有那些
+ symbol 一定會失敗。
+
+ 如果你想要用 dlsym() 找出某個 process 的主執行檔中
+ 有那些 symbol,則要在 link 時對
+ 系統的內定是,FreeBSD 3.x kernel 能定址到 256 MB,4.x 則是
+ 1 GB。如果是網路負荷相當重的伺服器(就像大型 FTP 或 HTTP 伺服器),
+ 256 MB 可能會不大夠。
+
+ 要怎麼增加定址空間呢? 要從兩方面著手。首先告訴 kernel 本身要
+ 保留較大空間; 其次,既然是在定址空間的最上面載入 kernel,所以還
+ 要調低載入的位址,否則就會超過定址範圍。
+
+ 增加 src/sys/i386/include/pmap.h 裡的
+#ifndef NKPDE
+#ifdef SMP
+#define NKPDE 254 /* addressable number of page tables/pde's */
+#else
+#define NKPDE 255 /* addressable number of page tables/pde's */
+#endif /* SMP */
+#endif
+
+
+ 要算出 要解決第二個問題,必須自行算出 kernel 被載入的位址:求出
+ 0x100100000 減掉定址空間大小的值(以 byte 為單位),如 1 GB 大小就
+ 是 0xc0100000。把 src/sys/i386/conf/Makefile.i386 裡的
+ src/sys/i386/conf/kernel.script 中),如下:
+
+ 然後重新 config 和做出新的 kernel。在執行像 /usr/include/vm/
+ 下,再手動編譯 注意:kernel 所能定址的空間大小必須是 4 megabytes 的倍數。
+
+ [
無磁碟開機就是讓 FreeBSD 主機從網路上開機,並且從網路上的 server 上讀取
其他必要的檔案,而非由主機的硬碟上取得這些檔案。 詳細的資料可以參考
- 由於網際網路的標準化和程式設計的充分經驗之賜,我們
能夠在 FreeBSD 系統內建封包轉傳 (packet fowarding) 的功能。你可以
將這個功能打開,只要將這個變數設定為
這個檔案中
這個選項會將 基本上, 會問這種問題的人在家裡至少有兩台電腦, 一台跑 FreeBSD
另外一台跑 Win95; 這個主意是將 FreeBSD 主機連上 Internet
,然後透過這台 FreeBSD 主機,讓跑 Win95 的電腦能夠上網。
這個問題算是前一個問題的一個特例。
這邊有重要的文件,教你怎麼把 FreeBSD 的主機設定成
另外可以參考 .
在 ``compat/include/sys/cdefs.h 砍掉就可以了。
是的。 你可以查查 man pages 中關於
這些程式有詳細的說明,你可以在
- 如果你只能藉由"shell account"的方式上網的話,
你可能會想看看 如果你有一個近端的子網路(有一台以上的機器), 但是你的 Internet provider
卻只分配一個 IP number 給你
(或者你只分配到一個動態的 IP number), 你可以參考
你應該先看看 這個命令可以在 而且/var/log/ppp.log 這個檔案存在。 如此一來
你可以從 log 檔案中知道到底發生了什麼事情。
先不用擔心檔案的內容你看不懂, 如果你要向人求救的話
, 救你的人會看得懂的。
如果你系統上的那份 ppp 不提供 "set log"
的指令的話, 你應該去下載
會發生這種情形通常是你的 hostname 沒有辦法解出來。 解決這個問題
最好的辦法是確定 /etc/hosts 會被你的 resolver 第一個參考到。
你可以修改/etc/host.conf
並且把hosts 放到最前面. 接著, 只要把你的機器名稱放到
/etc/hosts 裡面就可以了。 如果你沒有
local network 的話, 修改 localhost 這一行:
如果你順利的完成這些動作, 你應該可以成功的執行 ping -c1 `hostname`
.
首先確定你的內定路由 (default route) 是否有設定。 下 這些設定是假設您使用的 address 跟 handbook 裡面的設定,
- 或是與 man page 的範例抑或是 ppp.conf.sample 這個檔案裡的設定相同.
- 如果您沒有設定 default route, 那麼有可能您現在使用舊版本的
- 這一行成為
+ 成為
default route 這行沒有出現的另一個原因是
- 你設錯了 default router , 這個設定在
- default route 這行沒有出現的另一個原因是你設錯了 default
+ router,這個設定在 在 ppp.conf中. 如果發生這種情形, 回到 handbook
- 如果發生這種情形, 回到 handbook This error is usually due to a missin這個狀況通常是因為缺少了這段設定
+ 這個狀況通常是因為缺少了這段設定
請檢查您的 /etc/ppp/ppp.linkup 檔案中是否有這些設定. 只有在您
- 使用動態 IP (dynamic IP) 或不知道您 gateway 的 IP 時才需要設定這個.
- 如果您是使用互動模式(interactive mode) 的話, 您可以
- type the following after entering 請檢查您的 /etc/ppp/ppp.linkup 檔案中是否有這些設定。
+ 只有在您使用動態 IP(dynamic IP) 或不知道您 gateway 的 IP 時才需要
+ 設定這個。如果您是使用 interactive mode 的話, 您可以在進入 packet
+ mode 後輸入如下命令(如果 ppp 提示符號變成大寫的 您可以參考 handbook 中 您可以參考 handbook 中 ppp 預設的 timeout 值是三分鐘. 可以用以下這行命令調整
+ ppp 預設的 timeout 值是三分鐘。可以用以下這行命令調整
這代表如果在 如果您設定了 Link Quality Reporting (LQR) , 就有可能
- 發生您和對方主機之間有太多的 LQR 封包遺失的現象.
- Ppp 會因此判斷電話線路有問題.
- , 並且決定切斷連線. 在 FreeBSD 2.2.5 版以前,
- LQR 內定值是 enabled . 現在的內定值是 disabled.
- LQR 可以用這一行命令取消
+ 如果您設定要用 Link Quality Reporting(LQR),您和對方主機之間就
+ 有可能遺失太多的 LQR 封包。Ppp 會因此判斷電話線路有問題,然後就會
+ 切斷連線。在 FreeBSD 2.2.5 版以前,內定會使用 LQR,現在的內定值是
+ 不用。LQR 可以用這一行命令取消
有時候如果線路上有太多噪訊,甚至如果您使用了話中插撥的服務的話.
- , 您的 modem 將或 hang 住,因為他誤認這些訊息是 lost carrier.
+ 有時候如果線路上有太多雜訊,甚至如果您使用了電話插撥服務的話,
+ 您的數據機將會掛斷電話,因為它誤認這些訊息是 lost carrier。
- 大部分的 modem 都有容忍暫時失去 carrier 的設定.
- . 以 USR Sportster 為例, this is measured by the S10 register in
- tenths of a second. 如果要讓您的 modem 能容忍更大的錯誤, 你可以在您的 dial string
- 裡面加入以下的 send-expect 命令:
+ 大部分的數據機都有容忍暫時失去 carrier 的設定。以 USR Sportster
+ 為例,失去 carrier 和掛斷電話之間的時間,是以 1/10 秒為單位存在
+ S10 暫存器中。如果要讓您的數據機能容忍更長的時間,你可以在 dial
+ string 裡面加入以下 "送出命令 - 等待字串" 的部份:
參考您的 modem 內附的說明書以取得更詳細的資料.
+ 參考數據機內附的說明書以取得更詳細的資料。
+
+ 許多人的連線會毫無來由的卡住,首先要做的是找出連線那一方當掉。
+
+ 如果用的是外接數據機,就用 知道是本地或對方出問題後,就有兩種可能:
+
+ 在這方面能作的相當有限,大部份的 ISP 會因為你不是用 Microsoft
+ 作業系統而不願幫忙。可以在 首先,用下面兩道命令關掉所有本地的壓縮功能:
+
+ 然後重新連線,確定這樣不會有所不同。如果反而有進步或甚至將問題
+ 解決掉,就用試誤法來找出是那個設定造成的。這樣在聯絡 ISP 時就可以
+ 提供相當有用的資料(雖然會很容易看出你不是用 Microsoft 的產品)。
+
+ 在聯絡 ISP 之前,打開本地的非同步記錄功能,接著就等連線再度當掉,
+ 這可能會用到相當大的硬碟空間。最後從連接埠讀進的資料可能會相當有用,
+ 它通常是 ASCII 文字,甚至有可能會說明問題出在那裡(``Memory fault,
+ core dumped''?)。
+
+ 如果 ISP 願意協助的話,應該會在他們那一端也打開記錄功能,那麼在
+ 下次連線當掉時,就可以告訴你為何會出問題。很歡迎將詳細內容送到 這裡能做的最多就是重新編譯 ppp:在 Makefile 最後面加上
+ 將結果送到 在 FreeBSD 2.2.5 以前的版本上, 一但連線建立完成以後,
- Occasionally, just after connecting, you may see messages in
- the log that say "magic is the same". Sometimes, these
- messages are harmless, and sometimes one side or the other
- exits. Most ppp implementations cannot survive this problem, and
- even if the link seems to come up, you'll see repeated configure
- requests and configure acknowledgements in the log file until
- ppp eventually gives up and closes the connection.
-
- This normally happens on server machines with slow disks that
- are spawning a getty on the port, and executing ppp from a
- login script or program after login. I've also heard reports
- of it happening consistently when using slirp. The reason is
- that in the time taken between getty exiting and ppp starting, the
- client-side ppp starts sending Line Control Protocol (LCP)
- packets. Because ECHO is still switched on for the port on
- the server, the client ppp sees these packets "reflect" back.
-
- One part of the LCP negotiation is to establish a magic number
- for each side of the link so that "reflections" can be detected.
- The protocol says that when the peer tries to negotiate
- the same magic number, a NAK should be sent and a new magic
- number should be chosen. During the period that the server
- port has ECHO turned on, the client ppp sends LCP packets,
- sees the same magic in the reflected packet and NAKs it. It
- also sees the NAK reflect (which also means ppp must change
- its magic). This produces a potentially enormous number of
- magic number changes, all of which are happily piling into
- the server's tty buffer. As soon as ppp starts on the server,
- it's flooded with magic number changes and almost immediately
- decides it's tried enough to negotiate LCP and gives up.
- Meanwhile, the client, who no longer sees the reflections,
- becomes happy just in time to see a hangup from the server.
-
- This can be avoided by allowing the peer to start negotiating
- with the following line in your ppp.conf file:
+ 有時就在連上之後,在記錄檔會看到 "magic is the same" 的訊息。通
+ 常這些是無害的,有時候某一端則會斷線。大多數的 ppp 實作無法解決這個
+ 問題,就算似乎連上了,在記錄檔也可以看到一直重複的 configure request
+ 和 configure acknowledgement 之類的溝通訊息,ppp 最後會放棄而關掉連
+ 線。
+
+ 會發生這種問題的通常情況是,伺服器用速度慢的硬碟、在通訊埠上執行
+ getty、並且等到使用者登入後才用 script 或程式執行 ppp;也有聽說用
+ slirp 就一定會發生類似問題的報告。原因是在 getty 結束和 ppp 開始執行
+ 的這段時間內,client 端的 ppp 開始送出 Line Control Protocol(LCP) 封
+ 包,由於伺服器通訊埠的 ECHO 仍在打開狀態,client 端的 ppp 就會看到送
+ 出去的封包被 "反彈" 回來。
+
+ 在用 LCP 溝通時,有部份是要連線兩邊分別建立自己的 magic number,
+ 來偵測及避免封包被 "反彈" 回來的狀況。協定標準中說當對方試圖用和自己
+ 相同的 magic number 溝通時,要送給對方一個 NAK 的訊號(表示不接受),
+ 接著對方就會選另一個數字。但在伺服器通訊埠 ECHO 仍打開的這段期間,
+ client 端的 ppp 送出 LCP 封包,看到相同的 magic number,於是送出
+ NAK 訊號。這個 NAK 也會被 "反彈" 回來,被誤認由對方送出,因此 client
+ 端會改變自己的 magic number。這樣 magic number 的變動次數會非常地多,
+ 並且也全都存在對方的終端機緩衝區中。當伺服器啟動 ppp 時,它馬上就
+ 被 magic number 的大量更動所淹沒,並且(幾乎是立刻)決定已經試夠了
+ LCP 而放棄;在這期間,client 端雖然再也看不到被反彈的封包,但卻來得
+ 及看到伺服器把電話線掛掉。
+
+ 允許讓對方來作 LCP 溝通可以避免這種情形,在 ppp.conf 中加下面這
+ 一行:
This tells ppp to wait for the server to initiate LCP
- negotiations. Some servers however may never initiate negotiations.
- If this is the case, you can do something like:
+ 這行告訴 ppp 由對方來啟動 LCP,不過有些伺服器永遠都不會主動溝通
+ ,在這種情況下,可以這麼設定:
This tells ppp to be passive for 3 seconds, and then to start
- sending LCP requests. If the peer starts sending requests during
- this period, ppp will immediately respond rather than waiting for
- the full 3 second period.
+ 這是要 ppp 等個三秒鐘,然後再開始送 LCP 相關要求。如果對方在這
+ 段時間送出 LCP 封包,ppp 就不會等足三秒而立刻回應。
There is currently an implementation mis-feature in The best way to avoid this is to configure one side to be
- 目前 避免這種情況的最好方式,是將某一端設成 Prior to version 2.2.5 of FreeBSD, it was possible that your
- link was disabled shortly after connection due to When you execute the 在用 If you wish to execute commands like this, use the
- 如果想執行程式,用
- There is no way for LQR is accepted by default if negotiated by the peer.
+ 內定是會接受 LQR,如果對方用它來溝通的話。
If 要找出原因,先用這個命令:
This will log all traffic through the connection. The next
- time the line comes up unexpectedly, you will see the reason
- logged with a convenient timestamp next to it.
+ 這樣會記錄經由連線的所有資料。下次如果又無故播號,就可以從記錄
+ 旁邊的時間很快找到原因。
- You can now disable dialing under these circumstances. Usually,
- this sort of problem arises due to DNS lookups. To prevent
- DNS lookups from establishing a connection (this will This is not always suitable, as it will effectively break your
- demand-dial capabilities - most programs will need a DNS lookup
- before doing any other network related things.
+ 這種做法並不永遠適用,因為它事實上使得你無法用 demand-dial 功能
+ - 大部份程式在做網路相關動作前都會用到 DNS 查詢。
- In the DNS case, you should try to determine what is actually
- trying to resolve a host name. A lot of the time,
- This will make sendmail queue everything until the queue is
- run (usually, sendmail is invoked with ``-bd -q30m'', telling it
- to run the queue every 30 minutes) or until a ``sendmail -q''
- is done (perhaps from your ppp.linkup file).
+ 這會使 sendmail 先擋著所有信件,直到送信時再一齊送出去(通常
+ sendmail 執行時是用 ``-bd -q30m'' 這個參數,告訴它每三十分鐘才送信)
+ 或是有人執行 ``sendmail -q''(也許可以放在 ppp.linkup 裡)。
I keep seeing the following errors in my log file:
+ 我在 log 檔一直看到這些錯誤訊息:
This is because ppp is trying to negotiate Predictor1
- compression, and the peer does not want to negotiate any
- compression at all. The messages are harmless, but if you
- wish to remove them, you can disable Predictor1 compression
- locally too:
+ 這是因為 ppp 試圖作 Predictor1 壓縮方面的溝通,但對方的機器卻完
+ 全不用壓縮功能。這些訊息是無害的,但如果不想看到它的話,可以把本地
+ ppp 的 Predictor1 壓縮也一起關掉:
Under FreeBSD 2.2.2 and before, there was a bug in the tun
- driver that prevents incoming packets of a size larger than
- the tun interface's MTU size. Receipt of a packet greater than
- the MTU size results in an IO error being logged via syslogd.
+ 在 FreeBSD 2.2.2 及先前的版本中,tun 的驅動程式有個問題,它不會
+ 接收那些大過 tun 介面 MTU 的封包。如果收到比 MTU 大的封包,它會用
+ syslogd 記錄為 IO 錯誤。
- The ppp specification says that an MRU of 1500 should
- 但 ppp 規格中有提到,不管 LCP 溝通的結果如何,MRU 最小的可接受
+ 值 The problem can be circumvented by never setting an MTU of
- less than 1500 under FreeBSD 2.2.2 or before.
+ 在 FreeBSD 2.2.2 及之前的版本中,永遠不要將 MTU 調低於 1500,就
+ 可以解決這個問題。
In order to log all lines of your modem ``conversation'',
- you must enable the following:
+ 如果要記錄電腦和數據機間的每一行 ``對話'',用下一行打開:
This will make
- 這會使 If you wish to see your connect speed and are using PAP or CHAP
- (and therefore don't have anything to "chat" after the CONNECT
- in the dial script - no "set login" script), you must make sure that
- you instruct ppp to "expect" the whole CONNECT line, something like
- this:
+ 如果使用 PAP 或 CHAP (因為沒有 "set login" 命令,所以設定檔中
+ CONNECT 之後就不會看到任何對話),想要看到連線速度的話,確定 ppp
+ 等待的數據機傳回值是 CONNECT 這一整行,像這樣:
Here, we get our CONNECT, send nothing, then expect a line-feed,
- forcing Ppp parses each line in your config files so that it can
- interpret strings such as Ppp 會去分析設定檔中的每一行,這樣它才會正確解讀像是
+ When the chat interpreter parses each argument, it re-interprets
- the argument in order to find any special escape sequences such
- as ``\P'' or ``\T'' (see the man page). As a result of this
- double-parsing, you must remember to use the correct number of
- escapes.
+ 當解譯程式分析每個參數時,為了找出字串中所有像是 ``\P'' ``\T''
+ 的跳脫字元(見 man page),必須重新解譯該參數。在這種雙重分析之下,
+ 你必須記得用正確的跳脫數目。
- If you wish to actually send a ``\'' character to (say) your
- modem, you'd need something like:
+ 假設要對數據機送出 ``\'' 這個字元,應該像是:
resulting in the following sequence:
+ 這樣則會得到下面這串:
or
+ 如果是
resulting in the following sequence:
+ 則會得到下面結果:
Ppp (or any other program for that matter) should never
- dump core. Because ppp runs with an effective user id of 0,
- the operating system will not write ppps core image to disk
- before terminating it. If, however ppp You will now have a debuggable version of ppp installed. You
- will have to be root to run ppp as all of its privileges have
- been revoked. When you start ppp, take a careful note of what
- your current directory was at the time.
+ 你現在已經裝上可以用來除錯的 ppp 版本,由於權限上沒有作特別設定,
+ 所以必須以 root 來執行 ppp,順便也要注意是在那個目錄執行的。
- Now, if and when ppp receives the segmentation violation, it
- will dump a core file called ppp.core. You should then do the
- following:
+ 現在如果 ppp 碰到了 segmentation violation,就會將 coredump 存在
+ ppp.core 檔中,接下來就是:
All of this information should be given alongside your
- question, making it possible to diagnose the problem.
- If you're familiar with gdb, you may wish to find out some
- other bits and pieces such as what actually caused the dump and
- the addresses & values of the relevant variables.
+ 根據你的問題來取得相關資料,就可以診斷問題出在那裡。
+
+ 如果熟悉 gdb,也許會想找出其他的詳細資料,像是那個動作造成
+ dump、及相關變數的位址及數值等。
This was a known problem with The reason games and the like don't work when libalias is
- in use is that the machine on the outside will try to open a
- connection or send (unsolicited) UDP packets to the machine
- on the inside. The packet alias software doesn't know that
- it should send these packets to the interior machine.
-
- To make things work, make sure that the only thing running
- is the software that you're having problems with, then either
- run tcpdump on the tun interface of the gateway or enable ppp
- tcp/ip logging (``set log +tcp/ip'') on the gateway.
-
- When you start the offending software, you should see packets
- passing through the gateway machine. When something comes back
- from the outside, it'll be dropped (that's the problem). Note
- the port number of these packets then shut down the offending
- software. Do this a few times to see if the port numbers are
- consistent. If they are, then the following line in the relevant
- section of /etc/ppp/ppp.conf will make the software functional:
+ 遊戲或類似程式不能和 libalias 搭配使用的原因是,外面的機器試著對
+ 著內部的機器開啟連線、或(不請自來地)送出 UDP 封包,而 alias 封包的
+ 軟體不知道它應該把這些封包送到裡面的機器去。
+
+ 解決的方式是,先確定現在只有執行那個會出問題的程式,然後在
+ gateway 機器上對 tun 界面執行 tcpdump、或在上面打開記錄 tcp/ip 的功
+ 能(``set log +tcp/ip'')。
+
+ 在啟動出問題的程式時,應該會在 gateway 機器上看到有封包通過,當外
+ 界有傳回封包時則會被丟掉(這就是問題所在)。記下這些封包要送到目的地
+ 的那個埠,然後關掉程式。重複幾次,看看是否都要送到同樣固定的埠,如果
+ 是的話,在 /etc/ppp/ppp.conf 相關位置加上這一行,就可使程式正確運作:
where ``proto'' is either ``tcp'' or ``udp'',
- ``internalmachine'' is the machine that you want the packets
- to be sent to and ``port'' is the destination port number of
- the packets.
+ 其中 ``proto'' 是 ``tcp'' 或 ``udp'',``internalmachine'' 是要接
+ 收這些封包的機器,``port'' 則是這些封包要送到那個埠。
- You won't be able to use the software on other machines
- without changing the above command, and running the software
- on two internal machines at the same time is out of the question
- - after all, the outside world is seeing your entire internal
- network as being just a single machine.
+ 如果要在其他機器上執行同樣程式,必須重複同樣過程修改上一行設定,
+ 否則就不能正常使用;也不可能在兩台內部機器上同時使用-畢竟外界只是把
+ 這個內部網路看成一台機器而已。
- If the port numbers aren't consistent, there are three more
- options:
+ 如果封包不一定送到同樣的埠,你有三種選擇:
- This is the most difficult solution, but it is the best and
- will make the software work with multiple machines.
+ 這是最困難的解法,但也是最好的,並且還可以在多台機器上用同樣程式。
- 現在還沒有,但可以將這些弄成一個名單(如果有人感興趣的話):
+
+ Quake 是說用 UDP 6112 這個埠,所以如果 Quake 伺服器的 IP 是
+ hostmachine,那麼
+ alias port udp hostmachine:6112 6112 這一行應該就可以正
+ 常運作。如果想用其他方式, FCS stands for If your link is bad (or if your serial driver is dropping
- packets), you will see the occasional FCS error. This is not
- usually worth worrying about although it does slow down the
- compression protocols substantially. If you have an external
- modem, make sure your cable is properly shielded from
- interference - this may eradicate the problem.
-
- If your link freezes as soon as you've connected and you see
- a large number of FCS errors, this may be because your link is
- not 8 bit clean. Make sure your modem is not using software
- flow control (XON/XOFF). If your datalink Another reason for seeing too many FCS errors may be that
- the remote end has stopped talking If nothing in your log file indicates why the link might
- have been terminated, you should ask the remote administrator
- (your ISP?) why the session was terminated.
+ FCS 是 不良線路(或封包被串列埠的驅動程式丟掉)有時候就會發生 FCS 錯誤,
+ 雖然它的確會大大拖慢壓縮協定,不過通常這沒什麼大不了。如果你用的
+ 是外接數據機,確定有保護線路不受外界干擾 - 這樣說不定就解決了。
+
+ 如果在連上時馬上就凍住、並且還看到一大堆 FCS 錯誤的話,有可能
+ 是因為你的連線並非是 8 bit clean。確定數據機不是用軟體流程控制
+ (XON/XOFF),如果你的連線 看到一大堆 FCS 錯誤的另一個原因,是連線另一端不再使用 如果記錄檔裡沒有任何資訊可以指示連線為何斷掉,那麼就該問問另一
+ 端的管理員(你的 ISP?) 怎麼會這樣結束。
If all else fails, send as much information as you can,
- including your config files, how you're starting 如果上面說的都沒用,就盡可能找出所有資訊,這包括了設定檔、如何
+ 啟動 在 Berkeley 網路架構中, 只有 kernel 程式碼可以直接存取網路界面卡.
請參考 /etc/rc.network 這個檔案和 manual pages 取得與其他不同網路程式
更進一步的資訊. 如果你覺得你完全搞混了的話, 您應該找一本與其他 BSD 相關
作業系統網路管理有關書來參考; 除了少數顯著的不同外, FreeBSD 的網路管理
基本上和 SunOS 4.0 和 Ultrix 是一樣的.
把 ``
命令列中,例如:
如果您想使用其他的 port, 你必須在
某些 PC 的網路卡比其他的好(含蓄的說來)
這種狀況在造成 NFS 這種對網路敏感的程式有時會出現問題.
- 參考 參考 某些版本的 Linux NFS 程式碼只接受 privileged port 的 mount request
; 試用這行指令看看
跑 SunOS 4.X 的 Sun 工作站只接受來自 privileged port 的 mount request
; 試用這行指令看看
把 TCP extensions 取消, 這個設定在 Xylogic 的 Annex 主機也有相同的問題,您要做相同的修改才能連上
這些主機.
Multicast host operations are fully supported in FreeBSD 2.0 and
later by default. 如果您想將您的主機設定成 multicast router 的話,
您必須重新 compile 您的 kernel, 加入 MROUTING
的選項,並且執行 /etc/rc.conf 裡面的
MBONE 的各種工具可以在他們 ports 下所屬叫做 mbone目錄中找到.
如果您在找視訊會議的工具如 如果需要更進一部的訊息,找找
以下是 You will probably find that the host is actually in a different
- domain; for example, if you are in foo.bar.edu and you wish to reach
- a host called ``mumble'' in the bar.edu domain, you will have to
- refer to it by the fully-qualified domain name, ``mumble.bar.edu'',
- instead of just ``mumble''.
-
- Traditionally, this was allowed by BSD BIND resolvers. However
- the current version of This is different from the previous behavior, where the
- search continued across mumble.bar.edu, and
- mumble.edu. Have a look at RFC 1535 for why this
- was considered bad practice, or even a security hole.
-
- As a good workaround, you can place the line
+ 你也許會發現要連的機器其實是在另一個網域。舉個例子,假設你是在
+ foo.bar.edu 這個網域中,想要連到在 bar.edu 裡一台叫 ``mumble'' 的
+ 機器,則必須用 Fully-Qualified Domain Name,也就是
+ ``mumble.bar.edu'',而不是只用 ``mumble'' 來指向它。
+
+ 傳統的 BSD BIND resolver 允許用這種方式解出機器的位址,但是
+ FreeBSD 內附 這和先前的做法不同,也就是不用 mumble.bar.edu 和
+ mumble.edu 繼續搜尋。看一下 RFC 1535,裡面有提到為什麼之
+ 前的做法不好,甚至算是個安全漏洞。
+
+ 這裡有個不錯的解法,把
+ instead of the previous
+ 換成這一行:
into your If you have compiled your kernel with the 如果在編譯 kernel 時加了 If you had unintentionally misconfigured your system for
- firewalling, you can restore network operability by typing
- the following while logged in as root:
+ 如果不小心弄錯了 firewall 的設定,以 root 身份執行這個命令,接著
+ 網路功能就會正常:
You can also set "firewall_type='open'" in /etc/rc.conf.
+ 也可以在 /etc/rc.conf 設 "firewall_type='open'" 這個選項。
- For further information on configuring a FreeBSD firewall,
- see the 如果想知道如何設定 FreeBSD firewall,請看 The answer to this depends mostly on your rule set and processor
- speed. For most applications dealing with ethernet and small
- rule sets, the answer is, negligible. For those of you that need
- actual measurements to satisfy your curiosity, read on.
+ 這個問題的答案大多要看你怎麼訂 firewall 規則、還有 CPU 速度。對大
+ 多數在 ethernet 上的程式及規則不多的情況下,延遲小到可以忽略。但如果
+ 你想要精確數字來滿足好奇心,繼續往下讀。
- The following measurements were made using 2.2.5-STABLE on
- a 486-66. IPFW was modified to measure the time spent within
- the 下面是在 486-66 2.2.5-STABLE 上所作的測量,我們修改了 IPFW 原始碼
+ 來測量在 Two rule sets, each with 1000 rules were tested. The first set
- was designed to demonstrate a worst case scenario by repeating the
- rule:
+ 測試了兩組,每組各有 1000 個規則。第一組重複下面規則,故意設計成
+ 最糟的情況:
This demonstrates worst case by causing most of IPFW's packet
- check routine to be executed before finally deciding that the
- packet does not match the rule (by virtue of the port number).
- Following the 999th iteration of this rule was an allow ip
- from any to any.
+ 藉由檢查 port number,這樣會使 IPFW 在決定某個封包不符合條件前執
+ 行大部份的檢查程式,因此造成最差的狀況。在重複這個規則 999 次後,接
+ 著是 allow ip from any to any。
- The second set of rules were designed to abort the rule
- check quickly:
+ 第二組設計成以極快的速度跳過檢查規則:
The nonmatching source IP address for the above rule causes
- these rules to be skipped very quickly. As before, the 1000th
- rule was an allow ip from any to any.
+ 一碰到封包的來源不符合規則所述,會很快跳過檢查讓封包通過。和上面
+ 一樣,第 1000 個規則是 allow ip from any to any。
- The per-packet processing overhead in the former case was
- approximately 2.703ms/packet, or roughly 2.7 microseconds per
- rule. Thus the theoretical packet processing limit with these
- rules is around 370 packets per second. Assuming 10Mbps ethernet
- and a ~1500 byte packet size, we would only be able to achieve a
- 55.5% bandwidth utilization.
+ 在第一種情況中,處理每一個封包所造成的延遲大約是 2.703 ms,所以每
+ 個規則大概會造成 2.7 microsecond 的延遲。所以在這些規則之下,理論上每
+ 秒最多可以處理 370 個封包。在 10Mbps ethernet 和一個封包大概 1500 byte
+ 的假設下,大概只會用到 55.5% 的網路頻寬。
- For the latter case each packet was processed in
- approximately 1.172ms, or roughly 1.2 microseconds per rule.
- The theoretical packet processing limit here would be about
- 853 packets per second, which could consume 10Mbps ethernet
- bandwidth.
+ 第二種情況,每個封包花了大約 1.172ms,所以每條規則大約用了 1.2
+ microsecond。理論上每秒最多可以處理 853 個封包,耗盡 10Mbps 的頻寬。
- The excessive number of rules tested and the nature of those
- rules do not provide a real-world scenario -- they were used only
- to generate the timing information presented here. Here are a
- few things to keep in mind when building an efficient rule set:
+ 上面測試用到的大量規則、及這些規則本身並不代表真實世界的情況,他們
+ 只是用來產生所表示的數據。若想要訂出一套有效率的規則,記得這幾件事:
You can redirect FTP (and other service) request with the 'socket'
- package, available in the ports tree in category 'sysutils'.
- Simply replace the service's commandline to call socket instead, like so:
+ 在 ports 目錄的 sysutils 種類中有個叫 'socket' 的 package,可以幫
+ 你轉向 FTP 或其他類似的網路服務。只要把該網路服務的命令改成呼叫 socket
+ 即可,如下(在 /etc/inetd.conf 裡):
where 'ftp.foo.com' and 'ftp' are the host and port to redirect to,
- respectively.
-
+ 其中 'ftp.foo.com' 和 'ftp' 分別是被轉到的機器和 port 名稱。
+
There are two bandwidth management tools available for FreeBSD.
+ FreeBSD 上有兩套頻寬管理工具:
The Berkeley Packet Filter 柏克萊封包過濾器(Berkeley Packet Filter) Secondly, after rebooting you will have to create the device
- node. This can be accomplished by a change to the /dev
- directory, followed by the execution of:
+ 在重新開機之後,還要做出 device node,在 /dev 下執行:
如果想要更進一步知道如何做出各種 device node,請看 Please see the
There are currently three active/semi-active branches in the FreeBSD +
目前有三個活躍/半活躍的分支在 FreeBSD 的
To make a release you need to do three things: First, you need to
- be running a kernel with the 做 release 包括下面這三個步驟:首先,做出有 Second, you have to have the whole CVS repository at hand.
- To get this you can use 接著,你手上要有整個 CVS repository。可以參考 Then run 然後執行 Finally, you need a chunk of empty space to build into. Let's
- say it's in /some/big/filesystem, and from the example
- above you've got the CVS repository in /home/ncvs:
+ 最後,硬碟要有相當大的空間來做 release。假設你想把它放在
+ /some/big/filesystem 這裡,上面這個例子也把 CVS
+ repository 放在 /home/ncvs 了,接著:
An entire release will be built in
- /some/big/filesystem/release and you will have a full FTP-type
- installation in /some/big/filesystem/release/R/ftp when you're
- done. If you want to build your SNAP along some other branch than
- -current, you can also add 整個 release 會做在 /some/big/filesystem/release。結束
+ 時 /some/big/filesystem/release/R/ftp 這個目錄可以直接用
+ 來做為 FTP 安裝方式的來源。如果想做出 -current 以外分支的 SNAP,
+ 在上面 make release 這一行加
- The entire process of creating installation disks and source and
- binary archives is automated by various targets in
- /usr/src/release/Makefile. The information there should
- be enough to get you started. However, it should be said that this
- involves doing a ``make world'' and will therefore take up a lot of
- time and disk space.
+ 建立安裝磁片、還有做出 source/binary archive,都是由
+ /usr/src/release/Makefile 裡面的各種 target 自動產生,這
+ 個檔案裡的資訊應該足以開始。但是這個過程牽涉到 make world,所以會
+ 用到相當多的時間和硬碟空間。
Yes, this is the general idea; as its name might suggest,
- ``make world'' rebuilds every system binary from scratch, so you can be
- certain of having a clean and consistent environment at the end (which
- is why it takes so long).
+ 沒錯,就是這樣子。如名字所示,``make world'' 會重新編譯系統內建
+ 的每個 binary 檔,這樣在結束時就可確定有個一致且乾淨的環境(所以要
+ 花上好一段時間)。
- If the environment variable ${DESTDIR}.
- Some random combination of shared libraries modifications and
- program rebuilds can cause this to fail in ``在執行 ``${DESTDIR} 下的同樣目錄樹中。但在某些修
+ 改 shared library 和重建 binary 的無特定情況下,這樣做可能會使
+ ``
The Adaptec 1542 SCSI host adapters allow the user to configure
- their bus access speed in software. Previous versions of the
- 1542 driver tried to determine the fastest usable speed and set
- the adapter to that. We found that this breaks some users'
- systems, so you now have to define the ``Adaptec 1542 SCSI 卡允許使用者用軟體調整匯流排的存取速度。早
+ 期的 1542 驅動程式試圖將它設成可用的最快速度,但後來發現在一些
+ 機器上不能用,所以現在要在 kernel 設定中加 ``
Yes, you can do this
+ 可以,藉著 Newer BSD based systems have a ``在以 BSD 為主的較新系統中,split 有個 ``Here is an example from /usr/src/Makefile.
+ 這裡是 /usr/src/Makefile 中的一個例子:
Please take a look at 請看一下 And thanks for the thought!
+ 同時也感謝你的費心!
By: In a nutshell, there a few I/O ports that all of the PnP boards
- respond to when the host asks if anyone is out there. So when
- the PnP probe routine starts, he asks if there are any PnP boards
- present, and all the PnP boards respond with their model # to
- a I/O read of the same port, so the probe routine gets a wired-OR
- ``yes'' to that question. At least one bit will be on in that
- reply. Then the probe code is able to cause boards with board
- model IDs (assigned by Microsoft/Intel) lower than X to go
- ``off-line''. It then looks to see if any boards are still
- responding to the query. If the answer was ``The IDs are two 32-bit fields (hence 2ˆ64) + 8 bit checksum.
- The first 32 bits are a vendor identifier. They never come out
- and say it, but it appears to be assumed that different types of
- boards from the same vendor could have different 32-bit vendor
- ids. The idea of needing 32 bits just for unique manufacturers
- is a bit excessive.
-
- The lower 32 bits are a serial #, ethernet address, something
- that makes this one board unique. The vendor must never produce
- a second board that has the same lower 32 bits unless the upper
- 32 bits are also different. So you can have multiple boards of
- the same type in the machine and the full 64 bits will still be
- unique.
-
- The 32 bit groups can never be all zero. This allows the
- wired-OR to show non-zero bits during the initial binary search.
-
- Once the system has identified all the board IDs present, it will
- reactivate each board, one at a time (via the same I/O ports),
- and find out what resources the given board needs, what interrupt
- choices are available, etc. A scan is made over all the boards
- to collect this information.
-
- This info is then combined with info from any ECU files on the
- hard disk or wired into the MLB BIOS. The ECU and BIOS PnP
- support for hardware on the MLB is usually synthetic, and the
- peripherals don't really do genuine PnP. However by examining
- the BIOS info plus the ECU info, the probe routines can cause the
- devices that are PnP to avoid those devices the probe code cannot
- relocate.
-
- Then the PnP devices are visited once more and given their I/O,
- DMA, IRQ and Memory-map address assignments. The devices will
- then appear at those locations and remain there until the next
- reboot, although there is nothing that says you can't move them
- around whenever you want.
-
- There is a lot of oversimplification above, but you should get
- the general idea.
-
- Microsoft took over some of the primary printer status ports to
- do PnP, on the logic that no boards decoded those addresses for
- the opposing I/O cycles. I found a genuine IBM printer board
- that did decode writes of the status port during the early PnP
- proposal review period, but MS said ``tough''. So they do a
- write to the printer status port for setting addresses, plus that
- use that address + ISA 的 Plug N Play 卡是怎麼偵測和初始化的?
+
+ 由 簡單的說,當主機發出是否有 PnP 卡的詢問訊號時,所有的 PnP
+ 會在幾個固定的 I/O port 作回應。所以當偵測 PnP 的程式開始時,它
+ 會先問有沒有 PnP 卡在,接著所有 PnP 卡會在它所讀的 port 以自己
+ 的型號 # 作回答,這樣偵測程式就會得到一個 wired-OR ``yes''
+ 的數字,其中至少會有一個 bit 是打開的。然後偵測程式會要求型號
+ (由 Microsoft/Intel指定)小於 X 的卡``離線'',再去看是否還有卡回
+ 答同樣的詢問,如果得到 ``一張卡的 ID 由兩個 32-bit(所以上面是 2ˆ64) + 8bit 偵錯
+ 碼組成,第一個 32 bits 是用來區分各家廠商的。這些廠商沒有出來澄
+ 清過,但看來應假設同一家出的不同種類的卡的廠商 ID 有可能不同。
+ 用 32 bits 只來表示不同廠商的想法實在有點過頭了。
+
+ 第二個 32 bits 則是型號 &num、乙太網路位址、或一些使這張卡獨
+ 特的資料。除非第一個 32 bits 不同,否則廠商不可能作出第二個 32
+ bit 相同的兩張卡。所以在一台機器中可以有同樣的好幾張卡,然而他們
+ 整個 64 bits 還是會都不一樣。
+
+ 這兩個 32 bit 永遠都不可能為零,這使得最開始 binary search 中
+ 的 wired-OR 會得到一個非零數字。
+
+ 一旦系統區分出所有卡的 ID,接著會經由同樣的 port 一個個重新啟
+ 動每張卡,接著找出已知介面卡所需的資源、有那些可以選的 interrupt
+ 等等。所有卡都會被掃描一次,來收集這些資料。
+
+ 這些資訊接著和硬碟上的 ECU 檔案、或 MLB BIOS 裡的資料結合在一
+ 起,通常是綜合 ECU 和 MLB 裡的 BIOS PnP 資料,這些週邊並不支援真
+ 正的 PnP,然而偵測程式在檢查 BIOS 和 ECU 資料後,它可以避免 PnP
+ 週邊和那些偵測不到的相衝突。
+
+ 接著再度拜訪這些 PnP 週邊,這次會把可用的 I/O、DMA、IRQ 和記
+ 憶體映射的位址都指定給它們。這些週邊就會出現在所指定的地方,直到
+ 下一次重新開機為止,不過也沒有人說不能把它們隨時移來移去。
+
+ 上面有相當多的簡化,但你應該已經了解大致的過程。
+
+ Microsoft 把表示印表機狀態的幾個主要 port 拿來作 PnP,他們的
+ 邏輯是沒有一張卡會在這些地方解碼作相反的 I/O cycles。但是我找到
+ 一款早期仍在評估 PnP 提案時的 IBM 原廠 printer board,它的確去解
+ 對這些狀態 port 的寫入資料,但是 MS ``說了就算''。所以它們的確有
+ 對印表機狀態 port 寫入,還有讀取該位址 +
- Several groups of people have expressed interest in working on
- multi-architecture ports for FreeBSD and the FreeBSD/AXP (ALPHA)
- port is one such effort which has been quite successful, now
- available in 3.0 SNAPshot release form at This depends on whether or not you plan on making the driver
- publicly available. If you do, then please send us a copy of the
- driver source code, plus the appropriate modifications to
- files.i386, a sample configuration file entry, and the
- appropriate 這要看你是否打算將這個驅動程式公開使用,如果是的話,請把它的原始
+ 碼送一份給我們,還有 files.i386 修改的部份、kernel 設定
+ 檔樣本、以及用來產生設備檔的
- In answer to the question of alternative layout policies for
- directories, the scheme that is currently in use is unchanged
- from what I wrote in 1983. I wrote that policy for the original
- fast filesystem, and never revisited it. It works well at keeping
- cylinder groups from filling up. As several of you have noted,
- it works poorly for find. Most filesystems are created from
- archives that were created by a depth first search (aka ftw).
- These directories end up being striped across the cylinder groups
- thus creating a worst possible senario for future depth first
- searches. If one knew the total number of directories to be
- created, the solution would be to create (total / fs_ncg) per
- cylinder group before moving on. Obviously, one would have to
- create some heuristic to guess at this number. Even using a
- small fixed number like say 10 would make an order of magnitude
- improvement. To differentiate restores from normal operation
- (when the current algorithm is probably more sensible), you
- could use the clustering of up to 10 if they were all done
- within a ten second window. Anyway, my conclusion is that this
- is an area ripe for experimentation. 在回答有關目錄放置方式不同的問題上,我在 1983 年寫好目前的作法
+ 後就沒有再改變過,這種方式是針對原先的 FFS 檔案系統,後來也沒
+ 有對它作任何更動。它在避免 cylinder group 被填滿這方面做得相當
+ 成功,但是就像有些人已經注意到,它和 `find' 就配合得不大好。大
+ 部份的檔案系統是由那些用 depth first search(aka ftw) 產生的
+ archive 製造出來,解出來的目錄 inode 會橫跨好幾個 cylinder
+ group,如果以後要做 depth first search 的話,這是最糟糕的情況之
+ 一。如果我們知道總共會產生多少目錄的話,解法是在做任何存取/寫
+ 入動作之前,在每個 cylinder group 上先造出(所有目錄數/cylinder
+ greoup 的數目)這麼多的目錄。很明顯的,我們必須要有根據地去猜這
+ 個數字,就算一個像 10 的很小固定數目也會使效率以級數成長。區分
+ restore (即解開上述的 archive) 和一般檔案操作的方法可以是(現在
+ 用的演算法可能要更敏感):如果一些目錄(最多 10 個)都在 10 秒內產
+ 生的話,那麼就把這些目錄聚集在同一個 cylinder group。不管怎樣,
+ 我的經驗指出這是一個已經充份實驗過的部份。 Kirk McKusick, September 1998
- [This section was extracted from a mail written by
- [<ben@rosengart.com> posted the following panic
- message]
+ [<ben@rosengart.com> 發表了下面的 panic 訊息]
[When] you see a message like this, it's not enough to just
- reproduce it and send it in. The instruction pointer value that
- I highlighted up there is important; unfortunately, it's also
- configuration dependent. In other words, the value varies
- depending on the exact kernel image that you're using. If you're
- using a GENERIC kernel image from one of the snapshots, then
- it's possible for somebody else to track down the offending
- function, but if you're running a custom kernel then only
- What you should do is this:
+ 當你看到像這樣的訊息時,只把它拷一份送上來是不夠的。我在上
+ 面特地標明的 instruction pointer 值相當重要,不幸的是它會因設
+ 定而不同。換句話說,這個值會跟你用的 kernel image 檔而變動。如
+ 果是用某個 snapshot 版本的 GENERIC kernel,也許其他人可以追蹤
+ 到出問題的函式,但如果你是用自訂的 kernel,那麼只有要做的事包括這些:
I see people constantly show panic messages like this but
- rarely do I see someone take the time to match up the
- instruction pointer with a function in the kernel symbol table.
+ 我常常看到人們顯示一大片 panic 訊息,但很少看到有人花一點時間
+ 把 instruction pointer 和 kernel symbol table 中的函式比較一下。
- The best way to track down the cause of a panic is by
- capturing a crash dump, then using 要追蹤出造成 panic 原因的最好方法是先做出 crash dump,然後用
+
- In any case, the method I normally use is this:
+ 不管是那一種,我通常是用這個方法:
[Note: Now that FreeBSD 3.x kernels are Elf by default,
- you should use
-
- Note that YOU DO To make sure you capture a crash dump, you need edit
- /etc/rc.conf and set /etc/rc.conf, the /var/crash.
-
- NOTE: FreeBSD crash dumps are usually the same size as the
- physical RAM size of your machine. That is, if you have 64MB of
- RAM, you will get a 64MB crash dump. Therefore you must make sure
- there's enough space in /var/crash to hold the dump.
- Alternatively, you run Once you have recovered the crash dump, you can get a stack
- trace with [注意:現在 FreeBSD 3.x kernel 內定是 ELF 格式,所以應該
+ 用
+
+ 注意你要確定能抓到 crash dump,先編輯 /etc/rc.conf,將
+ /etc/rc.conf
+ 裡有設 /var/crash。
+
+ 注意:FreeBSD 的 crash dump 通常和機器裡的實際記憶體一樣大,
+ 就像如果有 64MB 記憶體,crash dump 大小就是 64MB。所以要確定
+ /var/crash 下有足夠的空間,或是可以手動執行 一旦發現有了 crash dump,就可以用
Note that there may be several screens worth of information;
- ideally you should use Now, if you're really insane and have a second computer, you
- can also configure [Bill adds: "I forgot to mention one thing: if you have
- DDB enabled and the kernel drops into the debugger, you can
- force a panic (and a crash dump) just by typing 'panic' at the
- ddb prompt. It may stop in the debugger again during the panic
- phase. If it does, type 'continue' and it will finish the crash
- dump." -ed]
+ 要注意可能會出現好幾個螢幕的可用資訊,你可以用 好啦,如果你有第二台電腦而且有夠瘋狂,可以將 [Bill 附注:我忘了提到一點:如果你有啟動 DDB 而 kernel 也
+ 已經進入除錯器,可以在 DDB 命令列下打 `panic',強迫產生 panic(還
+ 有 crash dump)。也有可能在 panic 階段時再進入除錯器,如果這樣的話
+ ,輸入 `continue',接著它就會完成 crash dump。 -ed]
+
+ 在 ELF 一系列的工具中,內定是不會讓 dynamic linker 看到執行檔
+ 裡定義了那些 symbol。所以 dlsym() 沒有辦法用藉由呼叫
+ dlopen(NULL, flags) 取得的 handle,用它去搜尋有那些
+ symbol 一定會失敗。
+
+ 如果你想要用 dlsym() 找出某個 process 的主執行檔中
+ 有那些 symbol,則要在 link 時對
+ 系統的內定是,FreeBSD 3.x kernel 能定址到 256 MB,4.x 則是
+ 1 GB。如果是網路負荷相當重的伺服器(就像大型 FTP 或 HTTP 伺服器),
+ 256 MB 可能會不大夠。
+
+ 要怎麼增加定址空間呢? 要從兩方面著手。首先告訴 kernel 本身要
+ 保留較大空間; 其次,既然是在定址空間的最上面載入 kernel,所以還
+ 要調低載入的位址,否則就會超過定址範圍。
+
+ 增加 src/sys/i386/include/pmap.h 裡的
+#ifndef NKPDE
+#ifdef SMP
+#define NKPDE 254 /* addressable number of page tables/pde's */
+#else
+#define NKPDE 255 /* addressable number of page tables/pde's */
+#endif /* SMP */
+#endif
+
+
+ 要算出 要解決第二個問題,必須自行算出 kernel 被載入的位址:求出
+ 0x100100000 減掉定址空間大小的值(以 byte 為單位),如 1 GB 大小就
+ 是 0xc0100000。把 src/sys/i386/conf/Makefile.i386 裡的
+ src/sys/i386/conf/kernel.script 中),如下:
+
+ 然後重新 config 和做出新的 kernel。在執行像 /usr/include/vm/
+ 下,再手動編譯 注意:kernel 所能定址的空間大小必須是 4 megabytes 的倍數。
+
+ [
無磁碟開機就是讓 FreeBSD 主機從網路上開機,並且從網路上的 server 上讀取
其他必要的檔案,而非由主機的硬碟上取得這些檔案。 詳細的資料可以參考
- 由於網際網路的標準化和程式設計的充分經驗之賜,我們
能夠在 FreeBSD 系統內建封包轉傳 (packet fowarding) 的功能。你可以
將這個功能打開,只要將這個變數設定為
這個檔案中
這個選項會將 基本上, 會問這種問題的人在家裡至少有兩台電腦, 一台跑 FreeBSD
另外一台跑 Win95; 這個主意是將 FreeBSD 主機連上 Internet
,然後透過這台 FreeBSD 主機,讓跑 Win95 的電腦能夠上網。
這個問題算是前一個問題的一個特例。
這邊有重要的文件,教你怎麼把 FreeBSD 的主機設定成
另外可以參考 .
在 ``compat/include/sys/cdefs.h 砍掉就可以了。
是的。 你可以查查 man pages 中關於
這些程式有詳細的說明,你可以在
- 如果你只能藉由"shell account"的方式上網的話,
你可能會想看看 如果你有一個近端的子網路(有一台以上的機器), 但是你的 Internet provider
卻只分配一個 IP number 給你
(或者你只分配到一個動態的 IP number), 你可以參考
你應該先看看 這個命令可以在 而且/var/log/ppp.log 這個檔案存在。 如此一來
你可以從 log 檔案中知道到底發生了什麼事情。
先不用擔心檔案的內容你看不懂, 如果你要向人求救的話
, 救你的人會看得懂的。
如果你系統上的那份 ppp 不提供 "set log"
的指令的話, 你應該去下載
會發生這種情形通常是你的 hostname 沒有辦法解出來。 解決這個問題
最好的辦法是確定 /etc/hosts 會被你的 resolver 第一個參考到。
你可以修改/etc/host.conf
並且把hosts 放到最前面. 接著, 只要把你的機器名稱放到
/etc/hosts 裡面就可以了。 如果你沒有
local network 的話, 修改 localhost 這一行:
如果你順利的完成這些動作, 你應該可以成功的執行 ping -c1 `hostname`
.
首先確定你的內定路由 (default route) 是否有設定。 下 這些設定是假設您使用的 address 跟 handbook 裡面的設定,
- 或是與 man page 的範例抑或是 ppp.conf.sample 這個檔案裡的設定相同.
- 如果您沒有設定 default route, 那麼有可能您現在使用舊版本的
- 這一行成為
+ 成為
default route 這行沒有出現的另一個原因是
- 你設錯了 default router , 這個設定在
- default route 這行沒有出現的另一個原因是你設錯了 default
+ router,這個設定在 在 ppp.conf中. 如果發生這種情形, 回到 handbook
- 如果發生這種情形, 回到 handbook This error is usually due to a missin這個狀況通常是因為缺少了這段設定
+ 這個狀況通常是因為缺少了這段設定
請檢查您的 /etc/ppp/ppp.linkup 檔案中是否有這些設定. 只有在您
- 使用動態 IP (dynamic IP) 或不知道您 gateway 的 IP 時才需要設定這個.
- 如果您是使用互動模式(interactive mode) 的話, 您可以
- type the following after entering 請檢查您的 /etc/ppp/ppp.linkup 檔案中是否有這些設定。
+ 只有在您使用動態 IP(dynamic IP) 或不知道您 gateway 的 IP 時才需要
+ 設定這個。如果您是使用 interactive mode 的話, 您可以在進入 packet
+ mode 後輸入如下命令(如果 ppp 提示符號變成大寫的 您可以參考 handbook 中 您可以參考 handbook 中 ppp 預設的 timeout 值是三分鐘. 可以用以下這行命令調整
+ ppp 預設的 timeout 值是三分鐘。可以用以下這行命令調整
這代表如果在 如果您設定了 Link Quality Reporting (LQR) , 就有可能
- 發生您和對方主機之間有太多的 LQR 封包遺失的現象.
- Ppp 會因此判斷電話線路有問題.
- , 並且決定切斷連線. 在 FreeBSD 2.2.5 版以前,
- LQR 內定值是 enabled . 現在的內定值是 disabled.
- LQR 可以用這一行命令取消
+ 如果您設定要用 Link Quality Reporting(LQR),您和對方主機之間就
+ 有可能遺失太多的 LQR 封包。Ppp 會因此判斷電話線路有問題,然後就會
+ 切斷連線。在 FreeBSD 2.2.5 版以前,內定會使用 LQR,現在的內定值是
+ 不用。LQR 可以用這一行命令取消
有時候如果線路上有太多噪訊,甚至如果您使用了話中插撥的服務的話.
- , 您的 modem 將或 hang 住,因為他誤認這些訊息是 lost carrier.
+ 有時候如果線路上有太多雜訊,甚至如果您使用了電話插撥服務的話,
+ 您的數據機將會掛斷電話,因為它誤認這些訊息是 lost carrier。
- 大部分的 modem 都有容忍暫時失去 carrier 的設定.
- . 以 USR Sportster 為例, this is measured by the S10 register in
- tenths of a second. 如果要讓您的 modem 能容忍更大的錯誤, 你可以在您的 dial string
- 裡面加入以下的 send-expect 命令:
+ 大部分的數據機都有容忍暫時失去 carrier 的設定。以 USR Sportster
+ 為例,失去 carrier 和掛斷電話之間的時間,是以 1/10 秒為單位存在
+ S10 暫存器中。如果要讓您的數據機能容忍更長的時間,你可以在 dial
+ string 裡面加入以下 "送出命令 - 等待字串" 的部份:
參考您的 modem 內附的說明書以取得更詳細的資料.
+ 參考數據機內附的說明書以取得更詳細的資料。
+
+ 許多人的連線會毫無來由的卡住,首先要做的是找出連線那一方當掉。
+
+ 如果用的是外接數據機,就用 知道是本地或對方出問題後,就有兩種可能:
+
+ 在這方面能作的相當有限,大部份的 ISP 會因為你不是用 Microsoft
+ 作業系統而不願幫忙。可以在 首先,用下面兩道命令關掉所有本地的壓縮功能:
+
+ 然後重新連線,確定這樣不會有所不同。如果反而有進步或甚至將問題
+ 解決掉,就用試誤法來找出是那個設定造成的。這樣在聯絡 ISP 時就可以
+ 提供相當有用的資料(雖然會很容易看出你不是用 Microsoft 的產品)。
+
+ 在聯絡 ISP 之前,打開本地的非同步記錄功能,接著就等連線再度當掉,
+ 這可能會用到相當大的硬碟空間。最後從連接埠讀進的資料可能會相當有用,
+ 它通常是 ASCII 文字,甚至有可能會說明問題出在那裡(``Memory fault,
+ core dumped''?)。
+
+ 如果 ISP 願意協助的話,應該會在他們那一端也打開記錄功能,那麼在
+ 下次連線當掉時,就可以告訴你為何會出問題。很歡迎將詳細內容送到 這裡能做的最多就是重新編譯 ppp:在 Makefile 最後面加上
+ 將結果送到 在 FreeBSD 2.2.5 以前的版本上, 一但連線建立完成以後,
- Occasionally, just after connecting, you may see messages in
- the log that say "magic is the same". Sometimes, these
- messages are harmless, and sometimes one side or the other
- exits. Most ppp implementations cannot survive this problem, and
- even if the link seems to come up, you'll see repeated configure
- requests and configure acknowledgements in the log file until
- ppp eventually gives up and closes the connection.
-
- This normally happens on server machines with slow disks that
- are spawning a getty on the port, and executing ppp from a
- login script or program after login. I've also heard reports
- of it happening consistently when using slirp. The reason is
- that in the time taken between getty exiting and ppp starting, the
- client-side ppp starts sending Line Control Protocol (LCP)
- packets. Because ECHO is still switched on for the port on
- the server, the client ppp sees these packets "reflect" back.
-
- One part of the LCP negotiation is to establish a magic number
- for each side of the link so that "reflections" can be detected.
- The protocol says that when the peer tries to negotiate
- the same magic number, a NAK should be sent and a new magic
- number should be chosen. During the period that the server
- port has ECHO turned on, the client ppp sends LCP packets,
- sees the same magic in the reflected packet and NAKs it. It
- also sees the NAK reflect (which also means ppp must change
- its magic). This produces a potentially enormous number of
- magic number changes, all of which are happily piling into
- the server's tty buffer. As soon as ppp starts on the server,
- it's flooded with magic number changes and almost immediately
- decides it's tried enough to negotiate LCP and gives up.
- Meanwhile, the client, who no longer sees the reflections,
- becomes happy just in time to see a hangup from the server.
-
- This can be avoided by allowing the peer to start negotiating
- with the following line in your ppp.conf file:
+ 有時就在連上之後,在記錄檔會看到 "magic is the same" 的訊息。通
+ 常這些是無害的,有時候某一端則會斷線。大多數的 ppp 實作無法解決這個
+ 問題,就算似乎連上了,在記錄檔也可以看到一直重複的 configure request
+ 和 configure acknowledgement 之類的溝通訊息,ppp 最後會放棄而關掉連
+ 線。
+
+ 會發生這種問題的通常情況是,伺服器用速度慢的硬碟、在通訊埠上執行
+ getty、並且等到使用者登入後才用 script 或程式執行 ppp;也有聽說用
+ slirp 就一定會發生類似問題的報告。原因是在 getty 結束和 ppp 開始執行
+ 的這段時間內,client 端的 ppp 開始送出 Line Control Protocol(LCP) 封
+ 包,由於伺服器通訊埠的 ECHO 仍在打開狀態,client 端的 ppp 就會看到送
+ 出去的封包被 "反彈" 回來。
+
+ 在用 LCP 溝通時,有部份是要連線兩邊分別建立自己的 magic number,
+ 來偵測及避免封包被 "反彈" 回來的狀況。協定標準中說當對方試圖用和自己
+ 相同的 magic number 溝通時,要送給對方一個 NAK 的訊號(表示不接受),
+ 接著對方就會選另一個數字。但在伺服器通訊埠 ECHO 仍打開的這段期間,
+ client 端的 ppp 送出 LCP 封包,看到相同的 magic number,於是送出
+ NAK 訊號。這個 NAK 也會被 "反彈" 回來,被誤認由對方送出,因此 client
+ 端會改變自己的 magic number。這樣 magic number 的變動次數會非常地多,
+ 並且也全都存在對方的終端機緩衝區中。當伺服器啟動 ppp 時,它馬上就
+ 被 magic number 的大量更動所淹沒,並且(幾乎是立刻)決定已經試夠了
+ LCP 而放棄;在這期間,client 端雖然再也看不到被反彈的封包,但卻來得
+ 及看到伺服器把電話線掛掉。
+
+ 允許讓對方來作 LCP 溝通可以避免這種情形,在 ppp.conf 中加下面這
+ 一行:
This tells ppp to wait for the server to initiate LCP
- negotiations. Some servers however may never initiate negotiations.
- If this is the case, you can do something like:
+ 這行告訴 ppp 由對方來啟動 LCP,不過有些伺服器永遠都不會主動溝通
+ ,在這種情況下,可以這麼設定:
This tells ppp to be passive for 3 seconds, and then to start
- sending LCP requests. If the peer starts sending requests during
- this period, ppp will immediately respond rather than waiting for
- the full 3 second period.
+ 這是要 ppp 等個三秒鐘,然後再開始送 LCP 相關要求。如果對方在這
+ 段時間送出 LCP 封包,ppp 就不會等足三秒而立刻回應。
There is currently an implementation mis-feature in The best way to avoid this is to configure one side to be
- 目前 避免這種情況的最好方式,是將某一端設成 Prior to version 2.2.5 of FreeBSD, it was possible that your
- link was disabled shortly after connection due to When you execute the 在用 If you wish to execute commands like this, use the
- 如果想執行程式,用
- There is no way for LQR is accepted by default if negotiated by the peer.
+ 內定是會接受 LQR,如果對方用它來溝通的話。
If 要找出原因,先用這個命令:
This will log all traffic through the connection. The next
- time the line comes up unexpectedly, you will see the reason
- logged with a convenient timestamp next to it.
+ 這樣會記錄經由連線的所有資料。下次如果又無故播號,就可以從記錄
+ 旁邊的時間很快找到原因。
- You can now disable dialing under these circumstances. Usually,
- this sort of problem arises due to DNS lookups. To prevent
- DNS lookups from establishing a connection (this will This is not always suitable, as it will effectively break your
- demand-dial capabilities - most programs will need a DNS lookup
- before doing any other network related things.
+ 這種做法並不永遠適用,因為它事實上使得你無法用 demand-dial 功能
+ - 大部份程式在做網路相關動作前都會用到 DNS 查詢。
- In the DNS case, you should try to determine what is actually
- trying to resolve a host name. A lot of the time,
- This will make sendmail queue everything until the queue is
- run (usually, sendmail is invoked with ``-bd -q30m'', telling it
- to run the queue every 30 minutes) or until a ``sendmail -q''
- is done (perhaps from your ppp.linkup file).
+ 這會使 sendmail 先擋著所有信件,直到送信時再一齊送出去(通常
+ sendmail 執行時是用 ``-bd -q30m'' 這個參數,告訴它每三十分鐘才送信)
+ 或是有人執行 ``sendmail -q''(也許可以放在 ppp.linkup 裡)。
I keep seeing the following errors in my log file:
+ 我在 log 檔一直看到這些錯誤訊息:
This is because ppp is trying to negotiate Predictor1
- compression, and the peer does not want to negotiate any
- compression at all. The messages are harmless, but if you
- wish to remove them, you can disable Predictor1 compression
- locally too:
+ 這是因為 ppp 試圖作 Predictor1 壓縮方面的溝通,但對方的機器卻完
+ 全不用壓縮功能。這些訊息是無害的,但如果不想看到它的話,可以把本地
+ ppp 的 Predictor1 壓縮也一起關掉:
Under FreeBSD 2.2.2 and before, there was a bug in the tun
- driver that prevents incoming packets of a size larger than
- the tun interface's MTU size. Receipt of a packet greater than
- the MTU size results in an IO error being logged via syslogd.
+ 在 FreeBSD 2.2.2 及先前的版本中,tun 的驅動程式有個問題,它不會
+ 接收那些大過 tun 介面 MTU 的封包。如果收到比 MTU 大的封包,它會用
+ syslogd 記錄為 IO 錯誤。
- The ppp specification says that an MRU of 1500 should
- 但 ppp 規格中有提到,不管 LCP 溝通的結果如何,MRU 最小的可接受
+ 值 The problem can be circumvented by never setting an MTU of
- less than 1500 under FreeBSD 2.2.2 or before.
+ 在 FreeBSD 2.2.2 及之前的版本中,永遠不要將 MTU 調低於 1500,就
+ 可以解決這個問題。
In order to log all lines of your modem ``conversation'',
- you must enable the following:
+ 如果要記錄電腦和數據機間的每一行 ``對話'',用下一行打開:
This will make
- 這會使 If you wish to see your connect speed and are using PAP or CHAP
- (and therefore don't have anything to "chat" after the CONNECT
- in the dial script - no "set login" script), you must make sure that
- you instruct ppp to "expect" the whole CONNECT line, something like
- this:
+ 如果使用 PAP 或 CHAP (因為沒有 "set login" 命令,所以設定檔中
+ CONNECT 之後就不會看到任何對話),想要看到連線速度的話,確定 ppp
+ 等待的數據機傳回值是 CONNECT 這一整行,像這樣:
Here, we get our CONNECT, send nothing, then expect a line-feed,
- forcing Ppp parses each line in your config files so that it can
- interpret strings such as Ppp 會去分析設定檔中的每一行,這樣它才會正確解讀像是
+ When the chat interpreter parses each argument, it re-interprets
- the argument in order to find any special escape sequences such
- as ``\P'' or ``\T'' (see the man page). As a result of this
- double-parsing, you must remember to use the correct number of
- escapes.
+ 當解譯程式分析每個參數時,為了找出字串中所有像是 ``\P'' ``\T''
+ 的跳脫字元(見 man page),必須重新解譯該參數。在這種雙重分析之下,
+ 你必須記得用正確的跳脫數目。
- If you wish to actually send a ``\'' character to (say) your
- modem, you'd need something like:
+ 假設要對數據機送出 ``\'' 這個字元,應該像是:
resulting in the following sequence:
+ 這樣則會得到下面這串:
or
+ 如果是
resulting in the following sequence:
+ 則會得到下面結果:
Ppp (or any other program for that matter) should never
- dump core. Because ppp runs with an effective user id of 0,
- the operating system will not write ppps core image to disk
- before terminating it. If, however ppp You will now have a debuggable version of ppp installed. You
- will have to be root to run ppp as all of its privileges have
- been revoked. When you start ppp, take a careful note of what
- your current directory was at the time.
+ 你現在已經裝上可以用來除錯的 ppp 版本,由於權限上沒有作特別設定,
+ 所以必須以 root 來執行 ppp,順便也要注意是在那個目錄執行的。
- Now, if and when ppp receives the segmentation violation, it
- will dump a core file called ppp.core. You should then do the
- following:
+ 現在如果 ppp 碰到了 segmentation violation,就會將 coredump 存在
+ ppp.core 檔中,接下來就是:
All of this information should be given alongside your
- question, making it possible to diagnose the problem.
- If you're familiar with gdb, you may wish to find out some
- other bits and pieces such as what actually caused the dump and
- the addresses & values of the relevant variables.
+ 根據你的問題來取得相關資料,就可以診斷問題出在那裡。
+
+ 如果熟悉 gdb,也許會想找出其他的詳細資料,像是那個動作造成
+ dump、及相關變數的位址及數值等。
This was a known problem with The reason games and the like don't work when libalias is
- in use is that the machine on the outside will try to open a
- connection or send (unsolicited) UDP packets to the machine
- on the inside. The packet alias software doesn't know that
- it should send these packets to the interior machine.
-
- To make things work, make sure that the only thing running
- is the software that you're having problems with, then either
- run tcpdump on the tun interface of the gateway or enable ppp
- tcp/ip logging (``set log +tcp/ip'') on the gateway.
-
- When you start the offending software, you should see packets
- passing through the gateway machine. When something comes back
- from the outside, it'll be dropped (that's the problem). Note
- the port number of these packets then shut down the offending
- software. Do this a few times to see if the port numbers are
- consistent. If they are, then the following line in the relevant
- section of /etc/ppp/ppp.conf will make the software functional:
+ 遊戲或類似程式不能和 libalias 搭配使用的原因是,外面的機器試著對
+ 著內部的機器開啟連線、或(不請自來地)送出 UDP 封包,而 alias 封包的
+ 軟體不知道它應該把這些封包送到裡面的機器去。
+
+ 解決的方式是,先確定現在只有執行那個會出問題的程式,然後在
+ gateway 機器上對 tun 界面執行 tcpdump、或在上面打開記錄 tcp/ip 的功
+ 能(``set log +tcp/ip'')。
+
+ 在啟動出問題的程式時,應該會在 gateway 機器上看到有封包通過,當外
+ 界有傳回封包時則會被丟掉(這就是問題所在)。記下這些封包要送到目的地
+ 的那個埠,然後關掉程式。重複幾次,看看是否都要送到同樣固定的埠,如果
+ 是的話,在 /etc/ppp/ppp.conf 相關位置加上這一行,就可使程式正確運作:
where ``proto'' is either ``tcp'' or ``udp'',
- ``internalmachine'' is the machine that you want the packets
- to be sent to and ``port'' is the destination port number of
- the packets.
+ 其中 ``proto'' 是 ``tcp'' 或 ``udp'',``internalmachine'' 是要接
+ 收這些封包的機器,``port'' 則是這些封包要送到那個埠。
- You won't be able to use the software on other machines
- without changing the above command, and running the software
- on two internal machines at the same time is out of the question
- - after all, the outside world is seeing your entire internal
- network as being just a single machine.
+ 如果要在其他機器上執行同樣程式,必須重複同樣過程修改上一行設定,
+ 否則就不能正常使用;也不可能在兩台內部機器上同時使用-畢竟外界只是把
+ 這個內部網路看成一台機器而已。
- If the port numbers aren't consistent, there are three more
- options:
+ 如果封包不一定送到同樣的埠,你有三種選擇:
- This is the most difficult solution, but it is the best and
- will make the software work with multiple machines.
+ 這是最困難的解法,但也是最好的,並且還可以在多台機器上用同樣程式。
- 現在還沒有,但可以將這些弄成一個名單(如果有人感興趣的話):
+
+ Quake 是說用 UDP 6112 這個埠,所以如果 Quake 伺服器的 IP 是
+ hostmachine,那麼
+ alias port udp hostmachine:6112 6112 這一行應該就可以正
+ 常運作。如果想用其他方式, FCS stands for If your link is bad (or if your serial driver is dropping
- packets), you will see the occasional FCS error. This is not
- usually worth worrying about although it does slow down the
- compression protocols substantially. If you have an external
- modem, make sure your cable is properly shielded from
- interference - this may eradicate the problem.
-
- If your link freezes as soon as you've connected and you see
- a large number of FCS errors, this may be because your link is
- not 8 bit clean. Make sure your modem is not using software
- flow control (XON/XOFF). If your datalink Another reason for seeing too many FCS errors may be that
- the remote end has stopped talking If nothing in your log file indicates why the link might
- have been terminated, you should ask the remote administrator
- (your ISP?) why the session was terminated.
+ FCS 是 不良線路(或封包被串列埠的驅動程式丟掉)有時候就會發生 FCS 錯誤,
+ 雖然它的確會大大拖慢壓縮協定,不過通常這沒什麼大不了。如果你用的
+ 是外接數據機,確定有保護線路不受外界干擾 - 這樣說不定就解決了。
+
+ 如果在連上時馬上就凍住、並且還看到一大堆 FCS 錯誤的話,有可能
+ 是因為你的連線並非是 8 bit clean。確定數據機不是用軟體流程控制
+ (XON/XOFF),如果你的連線 看到一大堆 FCS 錯誤的另一個原因,是連線另一端不再使用 如果記錄檔裡沒有任何資訊可以指示連線為何斷掉,那麼就該問問另一
+ 端的管理員(你的 ISP?) 怎麼會這樣結束。
If all else fails, send as much information as you can,
- including your config files, how you're starting 如果上面說的都沒用,就盡可能找出所有資訊,這包括了設定檔、如何
+ 啟動 在 Berkeley 網路架構中, 只有 kernel 程式碼可以直接存取網路界面卡.
請參考 /etc/rc.network 這個檔案和 manual pages 取得與其他不同網路程式
更進一步的資訊. 如果你覺得你完全搞混了的話, 您應該找一本與其他 BSD 相關
作業系統網路管理有關書來參考; 除了少數顯著的不同外, FreeBSD 的網路管理
基本上和 SunOS 4.0 和 Ultrix 是一樣的.
把 ``
命令列中,例如:
如果您想使用其他的 port, 你必須在
某些 PC 的網路卡比其他的好(含蓄的說來)
這種狀況在造成 NFS 這種對網路敏感的程式有時會出現問題.
- 參考 參考 某些版本的 Linux NFS 程式碼只接受 privileged port 的 mount request
; 試用這行指令看看
跑 SunOS 4.X 的 Sun 工作站只接受來自 privileged port 的 mount request
; 試用這行指令看看
把 TCP extensions 取消, 這個設定在 Xylogic 的 Annex 主機也有相同的問題,您要做相同的修改才能連上
這些主機.
Multicast host operations are fully supported in FreeBSD 2.0 and
later by default. 如果您想將您的主機設定成 multicast router 的話,
您必須重新 compile 您的 kernel, 加入 MROUTING
的選項,並且執行 /etc/rc.conf 裡面的
MBONE 的各種工具可以在他們 ports 下所屬叫做 mbone目錄中找到.
如果您在找視訊會議的工具如 如果需要更進一部的訊息,找找
以下是 You will probably find that the host is actually in a different
- domain; for example, if you are in foo.bar.edu and you wish to reach
- a host called ``mumble'' in the bar.edu domain, you will have to
- refer to it by the fully-qualified domain name, ``mumble.bar.edu'',
- instead of just ``mumble''.
-
- Traditionally, this was allowed by BSD BIND resolvers. However
- the current version of This is different from the previous behavior, where the
- search continued across mumble.bar.edu, and
- mumble.edu. Have a look at RFC 1535 for why this
- was considered bad practice, or even a security hole.
-
- As a good workaround, you can place the line
+ 你也許會發現要連的機器其實是在另一個網域。舉個例子,假設你是在
+ foo.bar.edu 這個網域中,想要連到在 bar.edu 裡一台叫 ``mumble'' 的
+ 機器,則必須用 Fully-Qualified Domain Name,也就是
+ ``mumble.bar.edu'',而不是只用 ``mumble'' 來指向它。
+
+ 傳統的 BSD BIND resolver 允許用這種方式解出機器的位址,但是
+ FreeBSD 內附 這和先前的做法不同,也就是不用 mumble.bar.edu 和
+ mumble.edu 繼續搜尋。看一下 RFC 1535,裡面有提到為什麼之
+ 前的做法不好,甚至算是個安全漏洞。
+
+ 這裡有個不錯的解法,把
+ instead of the previous
+ 換成這一行:
into your If you have compiled your kernel with the 如果在編譯 kernel 時加了 If you had unintentionally misconfigured your system for
- firewalling, you can restore network operability by typing
- the following while logged in as root:
+ 如果不小心弄錯了 firewall 的設定,以 root 身份執行這個命令,接著
+ 網路功能就會正常:
You can also set "firewall_type='open'" in /etc/rc.conf.
+ 也可以在 /etc/rc.conf 設 "firewall_type='open'" 這個選項。
- For further information on configuring a FreeBSD firewall,
- see the 如果想知道如何設定 FreeBSD firewall,請看 The answer to this depends mostly on your rule set and processor
- speed. For most applications dealing with ethernet and small
- rule sets, the answer is, negligible. For those of you that need
- actual measurements to satisfy your curiosity, read on.
+ 這個問題的答案大多要看你怎麼訂 firewall 規則、還有 CPU 速度。對大
+ 多數在 ethernet 上的程式及規則不多的情況下,延遲小到可以忽略。但如果
+ 你想要精確數字來滿足好奇心,繼續往下讀。
- The following measurements were made using 2.2.5-STABLE on
- a 486-66. IPFW was modified to measure the time spent within
- the 下面是在 486-66 2.2.5-STABLE 上所作的測量,我們修改了 IPFW 原始碼
+ 來測量在 Two rule sets, each with 1000 rules were tested. The first set
- was designed to demonstrate a worst case scenario by repeating the
- rule:
+ 測試了兩組,每組各有 1000 個規則。第一組重複下面規則,故意設計成
+ 最糟的情況:
This demonstrates worst case by causing most of IPFW's packet
- check routine to be executed before finally deciding that the
- packet does not match the rule (by virtue of the port number).
- Following the 999th iteration of this rule was an allow ip
- from any to any.
+ 藉由檢查 port number,這樣會使 IPFW 在決定某個封包不符合條件前執
+ 行大部份的檢查程式,因此造成最差的狀況。在重複這個規則 999 次後,接
+ 著是 allow ip from any to any。
- The second set of rules were designed to abort the rule
- check quickly:
+ 第二組設計成以極快的速度跳過檢查規則:
The nonmatching source IP address for the above rule causes
- these rules to be skipped very quickly. As before, the 1000th
- rule was an allow ip from any to any.
+ 一碰到封包的來源不符合規則所述,會很快跳過檢查讓封包通過。和上面
+ 一樣,第 1000 個規則是 allow ip from any to any。
- The per-packet processing overhead in the former case was
- approximately 2.703ms/packet, or roughly 2.7 microseconds per
- rule. Thus the theoretical packet processing limit with these
- rules is around 370 packets per second. Assuming 10Mbps ethernet
- and a ~1500 byte packet size, we would only be able to achieve a
- 55.5% bandwidth utilization.
+ 在第一種情況中,處理每一個封包所造成的延遲大約是 2.703 ms,所以每
+ 個規則大概會造成 2.7 microsecond 的延遲。所以在這些規則之下,理論上每
+ 秒最多可以處理 370 個封包。在 10Mbps ethernet 和一個封包大概 1500 byte
+ 的假設下,大概只會用到 55.5% 的網路頻寬。
- For the latter case each packet was processed in
- approximately 1.172ms, or roughly 1.2 microseconds per rule.
- The theoretical packet processing limit here would be about
- 853 packets per second, which could consume 10Mbps ethernet
- bandwidth.
+ 第二種情況,每個封包花了大約 1.172ms,所以每條規則大約用了 1.2
+ microsecond。理論上每秒最多可以處理 853 個封包,耗盡 10Mbps 的頻寬。
- The excessive number of rules tested and the nature of those
- rules do not provide a real-world scenario -- they were used only
- to generate the timing information presented here. Here are a
- few things to keep in mind when building an efficient rule set:
+ 上面測試用到的大量規則、及這些規則本身並不代表真實世界的情況,他們
+ 只是用來產生所表示的數據。若想要訂出一套有效率的規則,記得這幾件事:
You can redirect FTP (and other service) request with the 'socket'
- package, available in the ports tree in category 'sysutils'.
- Simply replace the service's commandline to call socket instead, like so:
+ 在 ports 目錄的 sysutils 種類中有個叫 'socket' 的 package,可以幫
+ 你轉向 FTP 或其他類似的網路服務。只要把該網路服務的命令改成呼叫 socket
+ 即可,如下(在 /etc/inetd.conf 裡):
where 'ftp.foo.com' and 'ftp' are the host and port to redirect to,
- respectively.
-
+ 其中 'ftp.foo.com' 和 'ftp' 分別是被轉到的機器和 port 名稱。
+
There are two bandwidth management tools available for FreeBSD.
+ FreeBSD 上有兩套頻寬管理工具:
The Berkeley Packet Filter 柏克萊封包過濾器(Berkeley Packet Filter) Secondly, after rebooting you will have to create the device
- node. This can be accomplished by a change to the /dev
- directory, followed by the execution of:
+ 在重新開機之後,還要做出 device node,在 /dev 下執行:
如果想要更進一步知道如何做出各種 device node,請看 Please see the