Archive
Posts from 2004
Solaris Entropy statistics
I had an email exhange with Andy Tucker regarding Solaris 9 entropy pools and found out that entropy statistics are available through mdb's (modular debugger) "rnd_stats" dcmd: With Solaris 10, you can use the "swrand_stats" and "rnd_stats" dcmds to get entropy statistics: I wish there was a way to tell if an application blocked because of a depleted pool in Solaris 9 (dtrace may solve this problem in Solaris 10).
$ read more →Solaris's maxcontig setting
After reading through the UFS tuning information on Solaris Internals I started playing with the UFS "maxcontig" tunable. This value controls the number of file system blocks that will be read or written in a single operation. Each UFS file system contains a maxcontig value, which can be printed with the Solaris "fstyp" command: To see if maxcontig needs to be increased, you can run "iostat," and watch the transfer sizes: If we divide writes per second (w/s) by the total bytes written (kr/s), we can derive the average size of each physical write: Give or take a few bytes, we are pushing maxcontig bytes during each write operation. If you have sequential workloads, increasing the value of maxcontig may allow your Solaris box to read or write more data at once (reducing the total number of I/O operations)…
$ read more →OpenBSD PF Filtering traffic by Operating System
I was reading through the PF manual, and came across a section on filtering traffic with Passive Operating System Fingerprinting. PF contains dozens of Operating System fingerprints. The full list of fingerprints can be printed with the pfctl utility: Or with one of the available UNIX pagers: Using the fingerprints listed here, we can filter inbound connections by IP address, TCP/UDP ports, and Operating System: This example will allow OpenBSD systems with an IP address in the 192.168.1.0/24 network to ssh to any machine on our network. This has some interesting uses.
$ read more →