headers
Jeffrey M. Vinocur | 1 Aug 2002 07:59

Re: unique readers


On Tue, 11 Jun 2002, Russ Allbery wrote:

[ Back from vacation, resurrecting some old threads ]

> Todd Olson <tco2 <at> cornell.edu> writes:
> 
> > Cornell Univ. is about to deploy a cookie based Kerberos proxy system
> > for Cornell www sites that care about limiting access.
> 
> Is someone who knows how this is working coming to Cartel next week at
> Stanford?  We're currently working on our second-generation webauth
> system, which is very similar, and we should compare notes.

(Russ, are you still curious about this?  I think there are some slides on 
cuwebauth/cuweblogin up on the web which may be informative.)

> > If NNTP had cookie technology, then we could potentially tie it in to
> > this system.  As it stands now, while we have hacked sidecar support in
> > to an old nnrpd we have to tell people that it does not work from behind
> > a NAT.

Todd, FYI, I don't think you're locked into 2.2 because of the hacks; the
pluggable resolver scheme introduced with readers.conf should be able to
do the out-of-band querying you require.  (I looked at writing the
necessary resolver one afternoon, to present to you as fait accompli, but
couldn't find the necessary libraries.  I think it will be
straightforward; model off the ident resolver which comes with 2.3.)

> The problem, though, is that what you really want to do is share the
(Continue reading)

Permalink | Reply | 2 comments |
headers
Jeffrey M. Vinocur | 1 Aug 2002 08:06

Re: bandwith limitation ...


On 12 Jun 2002, bill davidsen wrote:

> In article <005b01c20437$429441c0$2a80c13e <at> lightxp>,
> Petar Zivanovic <zpetar <at> tehnicom.net> wrote:
> | 
> | how or can i limit bandwith from/to some IP or per connection base ...
> | can i do it from INN or must i do it from OS ... linux ...
> 
> Unless you want to delve into the QOS stuff and advanced netfilter, do
> it the easy way and add the code to nnrpd. I did this ages ago and
> haven't touched it since, but what I did was relatively simple.

There is code for this in INN, actually.  Up through 2.3.3, the only 
interface to the rate-limiting code is through Perl authentication 
filters.  In CURRENT, however, there is a max_rate: parameter in 
readers.conf which allows this to be set.

I still have the patches ("nnrpd-maxrate" and "nnrpd-ratelimitssl" at 
http://www.litech.org/~jeff/inn-diffs/) which are against CURRENT.  I have 
no idea if they will apply cleanly to 2.3.x, I think it's worth trying 
though.

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 0 comments |
headers
Jeffrey M. Vinocur | 1 Aug 2002 08:14

Re: bindaddress & port -> listen ?


On Fri, 14 Jun 2002, Matus \fantomas\ Uhlar wrote:

> i see directives bindaddress and port in inn.conf. As long as I was thinking
> about support for SSL, ipv6 etc, I'd like to know if we are going to have
> support for more address/ports innd and/or nnrpd will listen at. 

Hmm.  It's hard to imagine when you would want INN to listen on multiple
ports, really.  I mean, some crazy thing like you have two network
interfaces and 119 is firewalled on one of them, I guess.  I can't work up
much energy about this, though.

There is some benefit to nnrpd on multiple ports (different 
configurations, some with SSL some without, whatever).  But I can't see as 
it's a big problem just to have several nnrpd's listening (if you use 
daemon mode; if not just configure inetd as appropriate), right?

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 4 comments |
headers
Jeffrey M. Vinocur | 1 Aug 2002 08:20

Re: overview terminology


On Fri, 14 Jun 2002, Wim Lewis wrote:

> On Friday, June 14, 2002, at 12:31  PM, Russell S. Ireland wrote:
> >
> > "MAKEDBZ(8)
> > 	Makedbz rebuilds dbz(3) database."
> >
> > So what is the actual datbase?  The history file?  The overview 
> > directory structure?
> 
> The DBZ database is an index file which makes it faster to find records 
> in the history file. 

Right.  That is, makedbz causes db/history.{dir,hash,index} to be
recreated from db/history.

> > 	"WARNING: If you're trying to rebuild the overview
> >        database, be sure to delete or zero out the existing
> >        database before you start [....]"
> >
> > Again, the use of "database" seems ambiguous.  

Well, "overview database" is not ambiguous -- it's *everything* related to 
overview.  (You're right, in the context of history the term "database" 
can be confusing.)

> > do I need to run makedbz AND makehistory to get a current history and
> > overview?  Or is makehistory -O -F -f history.n sufficient?
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jeffrey M. Vinocur | 1 Aug 2002 08:29

Re: posts to external newsgroups can't get out


On Sun, 23 Jun 2002, Sandy Rasich wrote:

>     :Tf,Wmn,H3:innfeed

If you're using the default configuration at the top of newsfeeds, that 
should be "innfeed!" and not just "innfeed".

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 0 comments |
headers
Matus "fantomas" Uhlar | 1 Aug 2002 11:55
Picon
Favicon

Re: bindaddress & port -> listen ?


-> > i see directives bindaddress and port in inn.conf. As long as I was
-> > thinking about support for SSL, ipv6 etc, I'd like to know if we are
-> > going to have support for more address/ports innd and/or nnrpd will
-> > listen at.
-> 
-> Hmm.  It's hard to imagine when you would want INN to listen on multiple
-> ports, really.  I mean, some crazy thing like you have two network
-> interfaces and 119 is firewalled on one of them, I guess.  I can't work up
-> much energy about this, though.

well, let's start with ipv4 and ipv6. for nnrpd, it can be also ssl and
non-ssl.

-> There is some benefit to nnrpd on multiple ports (different 
-> configurations, some with SSL some without, whatever).  But I can't see as 
-> it's a big problem just to have several nnrpd's listening (if you use 
-> daemon mode; if not just configure inetd as appropriate), right?

Well, i don't think it's a problem, but i find it superflous. And also, i
got an idea about using shared memory for accessing active, overview etc,
which would probably spare cpu/time/memory/io, which would be much easier
with one nnrpd and its children. 

so I'd like just put this as idea, recommendation, something into TODO list.
And probably talk about its pros/cons.

--

-- 
 Matus "fantomas" Uhlar, uhlar <at> fantomas.sk ; http://www.fantomas.sk/
 Warning: I don't wish to receive spam to this address.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Pavel V. Knyazev | 1 Aug 2002 15:07
Picon

Re: core dump


> } And now every time i try to post an article into a newsgroup,
> } nnrpd dumps its core file.
> 
> I've done simple test before commit, but I seemed
> not to be able to find your case.  Could you try
> again with symbols?

Not a problem at all.
I have compiled it with -g -O flags.

7:02pm image:tmp> gdb -c nnrpd.core nnrpd
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `nnrpd'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libperl.so.3...done.
Reading symbols from /usr/lib/libm.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/lib/libcrypt.so.2...done.
Reading symbols from /usr/lib/libutil.so.3...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0  0x805c92c in ProcessHeaders (linecount=3,
    idbuff=0xbfbff8d8 "<aibbev$hg2$1 <at> image.surnet.ru>") at post.c:526
526             HDR_SET(_cc ,NULL);
(gdb) quit
7:02pm image:tmp>

--
(Continue reading)

Permalink | Reply | 7 comments |
headers
Jeffrey M. Vinocur | 1 Aug 2002 15:22

Re: bindaddress & port -> listen ?


On Thu, 1 Aug 2002, Matus \fantomas\ Uhlar wrote:

> -> Hmm.  It's hard to imagine when you would want INN to listen on multiple
> -> ports, really.  
> 
> well, let's start with ipv4 and ipv6. 

Err, have you examined the IPv6 modifications in CURRENT?  There's 
bindaddress6: distinct from bindaddress: for this purpose.

> -> [nnrpd] But I can't see as 
> -> it's a big problem just to have several nnrpd's listening (if you use 
> -> daemon mode; if not just configure inetd as appropriate), right?
> 
> Well, i don't think it's a problem, but i find it superflous. And also, i
> got an idea about using shared memory for accessing active, overview etc,
> which would probably spare cpu/time/memory/io, which would be much easier
> with one nnrpd and its children. 

I'm not convinced :-)

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 1 comment |
headers
Todd Olson | 1 Aug 2002 16:52
Picon
Favicon

Re: unique readers


Hi Jeff

At 01:59 -0400 2002/01/08, Jeffrey M. Vinocur wrote:
>On Tue, 11 Jun 2002, Russ Allbery wrote:
>
>[ Back from vacation, resurrecting some old threads ]
>
>> Todd Olson <tco2 <at> cornell.edu> writes:
>>
>> > Cornell Univ. is about to deploy a cookie based Kerberos proxy system
> > > for Cornell www sites that care about limiting access.
>>
>(Russ, are you still curious about this?  I think there are some slides on
>cuwebauth/cuweblogin up on the web which may be informative.)

Sorry about not getting back on this ... I've been (and still am busy)

>Todd, FYI, I don't think you're locked into 2.2 because of the hacks; the
>pluggable resolver scheme introduced with readers.conf should be able to
>do the out-of-band querying you require.  (I looked at writing the
>necessary resolver one afternoon, to present to you as fait accompli, but
>couldn't find the necessary libraries.  I think it will be
>straightforward; model off the ident resolver which comes with 2.3.)

Thanks Jeff!
I appreciate thought and offer of assistance
Maybe we can still do something ...

However, when last I looked at ver 2.3 the hooks were not in
(Continue reading)

Permalink | Reply | 0 comments |
headers
Katsuhiro Kondou | 1 Aug 2002 17:03

Re: core dump


In article <001001c2395c$5a53a1c0$4201800a <at> surnet.ru>,
	"Pavel V. Knyazev" <pasha <at> surnet.ru> wrote;

} Not a problem at all.
} I have compiled it with -g -O flags.

Ah, thanks.  I've got it.  Try attached which should
work, and tell me how it's going on.
-- 
Katsuhiro Kondou

Index: nnrpd/post.h
===================================================================
RCS file: /home/kondou/news/inn/repository/inn/nnrpd/post.h,v
retrieving revision 1.1.1.1.6.1
diff -u -r1.1.1.1.6.1 post.h
--- nnrpd/post.h	14 Jul 2002 16:42:54 -0000	1.1.1.1.6.1
+++ nnrpd/post.h	1 Aug 2002 15:01:14 -0000
 <at>  <at>  -19,4 +19,10  <at>  <at> 
 } HEADER;

 #define HDR(_x) (Table[(_x)].Body)
-#define HDR_SET(_x, _y) Table[(_x)].Body = Table[(_x)].Value = _y ; Table[(_x)].Len = strlen(_y)
+#define HDR_SET(_x, _y) \
+    Table[(_x)].Body = Table[(_x)].Value = _y; \
+    if (_y == NULL) { \
+	Table[(_x)].Len = 0; \
+    } else { \
+	Table[(_x)].Len = strlen(_y); \
(Continue reading)

Permalink | Reply | 6 comments |

Gmane