From 6f839d3bc838af76584317ed5f32abdca7d39e2f Mon Sep 17 00:00:00 2001 From: Bert Hubert Date: Thu, 10 Apr 2003 19:40:12 +0000 Subject: [PATCH] lots --- lartc.db | 157 ++++++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 100 insertions(+), 57 deletions(-) diff --git a/lartc.db b/lartc.db index 0e37492..fd40f66 100644 --- a/lartc.db +++ b/lartc.db @@ -1043,8 +1043,7 @@ ip route add 127.0.0.0/8 dev lo table T2 Furthermore, if you really want to do this, you probably also want to look - at Julian Anastasov's patches at http://www.linuxvirtualserver.org/~julian/#routes + at Julian Anastasov's patches at http://www.ssi.bg/~ja/#routes , Julian's route patch page. They will make things nicer to work with. @@ -1650,8 +1649,8 @@ url="http://www.edlug.ed.ac.uk/archive/Sep2002/msg00244.html">many parti url="http://lists.freeswan.org/pipermail/design/2002-November/003901.html">have voiced worries about the quality of the code. To setup FreeS/WAN, a lot of documentation -is available. +url="http://www.freeswan.ca/docs/freeswan-1.99/doc/index.html">documentation +is available. As of Linux 2.5.47, there is a native IPSEC implementation in the kernel. It was written by Alexey Kuznetsov and @@ -1668,17 +1667,9 @@ is available. - I've collected patches released by Alexey or Dave Miller here. Apply all of them to 2.5.48 before -reporting problems! (as yet, there are none for 2.5.49). Crude userspace utilities are - here (pre-compiled -binary & manpage). Compiling these userspace utilities requires editing the Makefiles in there to point them at your - 2.5.x kernel. This situation is expected to improve rapidly however. - - - Better tools appear to be available here, they - are actively being maintained. + Userspace tools appear are available here, + they are actively being maintained. When compiling your kernel, be sure to turn on 'PF_KEY', 'AH', 'ESP' and @@ -2114,6 +2105,7 @@ As are the Security Policies we configured ourselves: spid=3609 seq=4 pid=17134 refcnt=3 + Problems and known defects If this does not work, check that all configuration files @@ -2122,6 +2114,7 @@ foreground, use '-F'. To force it to read a certain configuration file, instead of at the compiled location, use '-f'. For staggering amounts of detail, add a 'log debug;' statement to racoon.conf. + Automatic keying using X.509 certificates @@ -2289,6 +2282,7 @@ remote. Verify that a Security Policy is in place (execute the 'spdadd' lines in ). Then launch racoon and everything should work. + How to setup tunnels securely @@ -3496,7 +3490,7 @@ Recapping, a typical hierarchy might look like this: 1: root qdisc | - 1:1 chils class + 1:1 child class / | \ / | \ / | \ @@ -3781,8 +3775,8 @@ works. Besides being classful, CBQ is also a shaper and it is in that aspect that it really doesn't work very well. It should work like this. If you try to -shape a 10mbit/s connection to 1mbit/s, the link should be idle 90% of the -time. If it isn't, we need to throttle so that it IS idle 90% of the time. +shape a 10mbit/s connection to 1mbit/s, the link should be idle 90% of the +time. If it isn't, we need to throttle so that it IS idle 90% of the time. @@ -4212,7 +4206,7 @@ socket options set by applications. -The packets' priority bits are or-ed with the defmap field to see if a match +The packets' priority bits are and-ed with the defmap field to see if a match exists. In other words, this is a short-hand way of creating a very fast filter, which only matches certain priorities. A defmap of ff (hex) will match everything, a map of 0 nothing. A sample configuration may help make @@ -5872,7 +5866,7 @@ where each chain contains 1 filter! The kernel has lots of parameters which can be tuned for different circumstances. While, as usual, the default -parameters serve 99% of installations very well, we don't call this the +parameters serve 99% of installations very well, we don't call this the Advanced HOWTO for the fun of it! @@ -7366,7 +7360,7 @@ Cookbook. This section is meant as an introduction to backbone routing, which often -involves <100 megabit bandwidths, which requires a different approach than +involves >100 megabit bandwidths, which requires a different approach than your ADSL modem at home. @@ -7764,7 +7758,7 @@ snapshot length! -If measurement is impractical, you might want to choose 5% of your available +If measurement is impractical, you might want to choose 5% of your available bandwidth. Let's set up our class: @@ -9023,6 +9017,7 @@ If the last two lines give an error, update your tc tool to a newer version! + Making all of the above start at boot @@ -9030,6 +9025,7 @@ If the last two lines give an error, update your tc tool to a newer version! + @@ -9084,6 +9080,7 @@ whatever. In Linux 2.5.45 and higher, this is fixed. You may also see 'ebtables' mentioned which is yet another project - it allows you to do wild things as MACNAT and 'brouting'. It is truly scary. + @@ -9991,13 +9988,13 @@ helping. Ardvan Breemen -
ard%kwaak.net
+
ard%kwaak.net
 RonBrinker -
service%emcis.com
+
service%emcis.com
 @@ -10027,20 +10024,20 @@ helping. DonCohen -
don-lartc%isis.cs3-inc.com
+
don-lartc%isis.cs3-inc.com
 JonathanCorbet -
lwn%lwn.net
+
lwn%lwn.net
 GerryCreager N5JXS -
gerry%cs.tamu.edu
+
gerry%cs.tamu.edu
 @@ -10079,6 +10076,14 @@ helping. + + + DavidFries + +
dfries%mail.win.org
+ + + @@ -10090,13 +10095,20 @@ helping. JacekGlinkowski -
jglinkow%hns.com
+
jglinkow%hns.com
 AndreaGlorioso -
sama%perchetopi.org
+
sama%perchetopi.org
+ + + + + + SandyHarris +
sandy%storm.ca
 @@ -10108,7 +10120,7 @@ helping. ErikHensema -
erik%hensema.xs4all.nl
+
erik%hensema.xs4all.nl
 @@ -10120,7 +10132,7 @@ helping. SpauldoDa Hippie -
spauldo%usa.net
+
spauldo%usa.net
 @@ -10132,19 +10144,19 @@ helping. -Stefan Huelbrock <shuelbrock%datasystems.de> +Stefan Huelbrock <shuelbrock%datasystems.de> -Alexander W. Janssen <yalla%ynfonatic.de> +Alexander W. Janssen <yalla%ynfonatic.de> -Gareth John <gdjohn%zepler.org> +Gareth John <gdjohn%zepler.org> @@ -10159,25 +10171,25 @@ Gareth John <gdjohn%zepler.org> -Martin Josefsson <gandalf%wlug.westbo.se> +Martin Josefsson <gandalf%wlug.westbo.se> -Andi Kleen <ak%suse.de> +Andi Kleen <ak%suse.de> -Andreas J. Koenig <andreas.koenig%anima.de> +Andreas J. Koenig <andreas.koenig%anima.de> -Pawel Krawczyk <kravietz%alfa.ceti.pl> +Pawel Krawczyk <kravietz%alfa.ceti.pl> @@ -10189,19 +10201,19 @@ Amit Kucheria <amitk@ittc.ku.edu> -Edmund Lau <edlau%ucf.ics.uci.edu> +Edmund Lau <edlau%ucf.ics.uci.edu> -Philippe Latu <philippe.latu%linux-france.org> +Philippe Latu <philippe.latu%linux-france.org> -Arthur van Leeuwen <arthurvl%sci.kun.nl> +Arthur van Leeuwen <arthurvl%sci.kun.nl> @@ -10211,6 +10223,17 @@ Arthur van Leeuwen <arthurvl%sci.kun.nl>
jdomingo@24x7linux.com
 + + + + + RobertLowe + +
robert.h.lowe@lawrence.edu
+ + + + @@ -10245,7 +10268,7 @@ Patrick McHardy <kaber@trash.net> -Andreas Mohr <andi%lisas.de> +Andreas Mohr <andi%lisas.de> @@ -10274,7 +10297,7 @@ Stephan Mueller <smueller@chronox.de> -Togan Muftuoglu <toganm%yahoo.com> +Togan Muftuoglu <toganm%yahoo.com> @@ -10287,7 +10310,7 @@ Chris Murray <cmurray@stargate.ca> -Patrick Nagelschmidt <dto%gmx.net> +Patrick Nagelschmidt <dto%gmx.net> @@ -10314,13 +10337,13 @@ Patrik <ph@kurd.nu> -Lutz Preßler <Lutz.Pressler%SerNet.DE> +Lutz Preßler <Lutz.Pressler%SerNet.DE> -Jason Pyeron <jason%pyeron.com> +Jason Pyeron <jason%pyeron.com> @@ -10330,22 +10353,36 @@ Rod Roark <rod%sunsetsystems.com> + + +Pavel Roskin <proski@gnu.org> + + + -Rusty Russell <rusty%rustcorp.com.au> +Rusty Russell <rusty%rustcorp.com.au> + + +Mihai RUSU <dizzy%roedu.net> + + + -Mihai RUSU <dizzy%roedu.net> +Rob Pitman <rob%pitman.co.za> + + -Jamal Hadi Salim <hadi%cyberus.ca> +Jamal Hadi Salim <hadi%cyberus.ca> @@ -10358,7 +10395,7 @@ Ren? Serral <rserral%ac.upc.es> -David Sauer <davids%penguin.cz> +David Sauer <davids%penguin.cz> @@ -10370,13 +10407,13 @@ Sheharyar Suleman Shaikh <sss23@drexel.edu> -Stewart Shields <MourningBlade%bigfoot.com> +Stewart Shields <MourningBlade%bigfoot.com> -Nick Silberstein <nhsilber%yahoo.com> +Nick Silberstein <nhsilber%yahoo.com> @@ -10395,11 +10432,17 @@ Konrads Smelkov <konrads@interbaltika.com> -Andreas Steinmetz <ast%domdv.de> +Andreas Steinmetz <ast%domdv.de> + + +Matthew Strait <straitm%mathcs.carleton.edu> + + + Jason Tackaberry <tack@linux.com> @@ -10407,19 +10450,19 @@ Jason Tackaberry <tack@linux.com> -Charles Tassell <ctassell%isn.net> +Charles Tassell <ctassell%isn.net> -Glen Turner <glen.turner%aarnet.edu.au> +Glen Turner <glen.turner%aarnet.edu.au> -Tea Sponsor: Eric Veldhuyzen <eric%terra.nu> +Tea Sponsor: Eric Veldhuyzen <eric%terra.nu> @@ -10463,7 +10506,7 @@ Song Wang <wsong@ece.uci.edu> - Chapter 17,, section 1: Setting up OSPF with Zebra + Chapter 17, section 1: Setting up OSPF with Zebra -- 2.11.4.GIT