1265847939 Q * ghislain Quit: Leaving. 1265857179 Q * agaffney Ping timeout: 480 seconds 1265858204 Q * ensc|w Remote host closed the connection 1265858214 J * ensc|w ~ensc@www.sigma-chemnitz.de 1265860827 J * SauLus_ ~SauLus@c207235.adsl.hansenet.de 1265861239 Q * SauLus Ping timeout: 480 seconds 1265861239 N * SauLus_ SauLus 1265866744 J * balbir ~balbir@122.248.161.59 1265866978 J * jrklein ~jrklein@2001:0:53aa:64c:0:6f8e:b4d8:690 1265868356 Q * Loki|muh Remote host closed the connection 1265868358 J * Loki|muh ~loki@satanix.de 1265869545 Q * niki Ping timeout: 480 seconds 1265870029 Q * ktwilight Read error: Connection reset by peer 1265870051 J * ktwilight ~keliew@6.62-240-81.adsl-dyn.isp.belgacom.be 1265873034 Q * derjohn_mob Ping timeout: 480 seconds 1265873267 N * Bertl_zZ Bertl 1265873274 M * Bertl morning folks! 1265874052 J * ghislain ~AQUEOS@adsl2.aqueos.com 1265874346 Q * ghislain 1265875136 J * ghislain ~AQUEOS@adsl2.aqueos.com 1265875154 Q * balbir Ping timeout: 480 seconds 1265876271 M * Bertl off for now .. bbl 1265876276 N * Bertl Bertl_oO 1265876472 J * balbir ~balbir@122.248.163.1 1265876862 J * ncopa ~ncopa@245.39.189.109.customer.cdi.no 1265876872 M * ncopa hi 1265876902 M * ncopa are there any utility that displays cpu usage of the vservers? 1265877102 J * kir ~kir@swsoft-msk-nat.sw.ru 1265877128 J * derjohn_mob ~aj@213.238.45.2 1265877759 J * petzsch ~markus@dslb-092-078-154-157.pools.arcor-ip.net 1265878154 J * dna ~dna@170-198-103-86.dynamic.dsl.tng.de 1265878732 Q * thalunil Server closed connection 1265878750 J * thalunil ~thalunil@82.94.215.130 1265879372 J * thierryp ~thierry@home.parmentelat.net 1265879727 J * barismetin ~barismeti@zanzibar.inria.fr 1265881161 M * transaci1 ncopa: top/htop 1265881173 M * transaci1 or better vtop 1265881252 M * ncopa is there any utility that displays which vserver the process is running in? 1265881297 M * ncopa or somethign that shows the total cpu usage for each vserver 1265881307 Q * Hollow Quit: leaving 1265881316 J * Hollow ~bene@shiva.xnull.de 1265881405 M * transaci1 ncopa: if you have one cpu there is one cpu usage 1265881585 M * transaci1 i like htop pretty much. so if you wanna see all do: chcontext --ctx 1 htop 1265881811 M * ncopa i use htop 1265882034 M * transaci1 good 1265882530 J * yarihm ~yarihm@80-219-168-84.dclient.hispeed.ch 1265882559 Q * balbir Ping timeout: 480 seconds 1265882568 J * ktwilight_ ~keliew@245.170-247-81.adsl-dyn.isp.belgacom.be 1265882845 Q * ktwilight Ping timeout: 480 seconds 1265883071 J * michal_ ~michal@www.rsbac.org 1265883234 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1265887063 J * balbir ~balbir@122.248.161.59 1265889267 Q * barismetin Remote host closed the connection 1265889374 Q * yarihm Quit: This computer has gone to sleep 1265889759 J * taenzerme ~Adium@static-87-79-237-223.netcologne.de 1265891639 Q * balbir Ping timeout: 480 seconds 1265892599 Q * petzsch Quit: Leaving. 1265894156 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1265894329 Q * jrdnyquist Remote host closed the connection 1265895048 M * bobnormal whats the point of the 'name' file in /etc/vservers//name 1265895066 M * bobnormal if it differs from it seems that is still expected by vserver start 1265895078 N * DoberMann[ZZZzzz] DoberMann 1265895088 M * bobnormal and vserver stop respects /etc/vservers/ too 1265895095 M * bobnormal so whats the point of it? / where is it used? 1265895116 M * harry isn't that the "hostname" of the virtual machine? 1265895119 M * harry (not sure) 1265895188 M * bobnormal nope. at least not with gentoo guest. 1265895254 J * barismetin ~barismeti@jua06-1-82-242-159-114.fbx.proxad.net 1265895378 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1265896171 M * bobnormal it IS used in vserver-stat output 1265896189 M * bobnormal but not by vserver tool as far as i can see 1265896214 M * bobnormal so vserver stop will fail if you are using the output of vserver-stat and /etc/vservers//name 's contents != 1265896266 M * bobnormal smells like old code that should be culled, great flower page documents it as /etc/vservers// being assumed if the 'name' file is missing, perhaps this should be forced rather than optionally assumed 1265896339 Q * jrdnyquist Quit: brb 1265896449 J * agaffney ~agaffney@71-91-202-189.dhcp.stls.mo.charter.com 1265896453 M * bobnormal bertl_oO: ^-- issue report 1265896828 M * bobnormal bertl_oO: possibly /etc/vservers//context should be locked by the kernel while the vserver is running, also... since vserver stop will no longer work if the context file contents change 1265899565 Q * swen Remote host closed the connection 1265899717 M * daniel_hozac you can shoot yourself in the foot in a hundred different ways. 1265899747 M * daniel_hozac protecting the user from itself is generally not worth it. 1265900052 Q * tam Server closed connection 1265900065 J * tam ~tam@gw.nettam.com 1265900118 M * bobnormal daniel_hozac: fair enough. its not exactly documented that it will break things though ;) 1265900127 M * bobnormal daniel_hozac: do you know the purpose of the 'name' file? 1265900134 M * bobnormal dainel_hozac: it appears to be ignored by the main 'vserver' utility. 1265900340 M * daniel_hozac it's the name of the guest. 1265900360 M * bobnormal daniel_hozac: try this. make a vserver. start it. change 'name' file. vserver-stat. vserver stop. 1265900362 M * daniel_hozac vserver expects the name of the configuration directory 1265900374 M * daniel_hozac i know. 1265900380 A * daniel_hozac is the util-vserver maintainer. 1265900383 M * bobnormal daniel_hozac: what is 'the name' anyway 1265900387 M * daniel_hozac the name is the visible nam eof the guest. 1265900405 M * bobnormal daniel_hozac: visible in vserver-stat only? 1265900412 M * daniel_hozac essentially. 1265900432 M * bobnormal daniel_hozac: deffo need some improved docs on this :) 1265900440 M * bobnormal daniel_hozac: great flower page = yours? 1265900441 M * daniel_hozac feel free theo write them. 1265900446 M * bobnormal daniel_hozac: i am doing so ;) 1265900719 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1265900729 M * bobnormal daniel_hozac: issue. if name is supposed to be different to /etc/vservers/ and vserver-stat only outputs the context ID as a reliable indentifier for a running vServer, then how come vserver stop only takes /etc/vserver/ as argument? since there's no reliable way to link the two 1265900865 M * daniel_hozac there is 1265900884 M * bobnormal how? :) 1265901057 J * yarihm ~yarihm@dhcp-vpn-89-206-68-87.uzh.ch 1265901157 N * Bertl_oO Bertl 1265901229 M * bobnormal i think what confused me initially was the difference between /etc/vservers/ and 'name'. is there a preferred name for the two? perhaps the directory name could be referred to as 'configuration name', 'vserver code' or something otherwise clearly different? 1265901285 M * daniel_hozac name is very rarely different. 1265901303 M * bobnormal yep thats what is causing confusion, i think it would be good to clearly delineate them in documentation 1265901343 M * Bertl bobnormal: btw, ad locking userspace config files from the kernel: that's not a good idea in general :) 1265901357 M * bobnormal bertl: ok i defer to kernel-hackers on that one ;) 1265901379 M * daniel_hozac i don't think there's any point to confusing people 1265901419 M * daniel_hozac encouraging it to be different doesn't seem like a good idea to me. 1265901425 M * bobnormal what im saying is, the current situation re: documentation and userspace tools is confusing since 'name' half the time used to refer to /etc/vservers/ (ie: vserver tool) and half the time used to refer to the contents of /etc/vservers//name 1265901434 M * bobnormal (ie: vserver-stat tool) 1265901441 M * Bertl bobnormal: and regarding documentation ... patches are always welcome as are wiki entries :) 1265901491 M * bobnormal i am trying to explain the various options in a LyX document while making a dialog-based (similar to make menuconfig) frontend for configuration that also has iptables management support (v4 only at this stage) 1265901500 M * bobnormal i have to produce something similar internally at my work 1265901508 M * bobnormal so i figured i may as well share the wealth 1265901540 M * bobnormal basically just a frontend for util-vserver and iptables 1265901695 M * bobnormal already handles context id/name/network context flags/half-way there on network interface configuration 1265901695 J * balbir ~balbir@122.172.58.144 1265901728 M * bobnormal displays state (running or not), display/edit network context id 1265901751 M * bobnormal other capability flags will be easy to add 1265901771 M * bobnormal then iptables and maybe a frontend for clone, and i'll be done ;) 1265901997 M * bobnormal going to call 'name' "Human Name" in docswith a note that its not used for input to any tools .. hopefully that should clarify that one 1265902142 M * Bertl hmm, regarding dialog based, doesn't linuxconf already provided that? 1265902158 M * bobnormal dunno, i dont use it. 1265902170 M * bobnormal will check it out if you think it's already implemented 1265902226 M * Bertl well, linuxconf is maintained by the former Linux-VServer maintainer, so, yeah there is a good chance 1265902244 J * thierryp_ ~thierry@home.parmentelat.net 1265902245 M * Bertl it will probably not be completely up-to-date, but basics should be there 1265902254 J * petzsch ~markus@dslb-092-078-154-157.pools.arcor-ip.net 1265902300 Q * thierryp Read error: No route to host 1265902330 M * bobnormal can see a 2003 blog post here: http://www.davidgoodwin.net/archives/00000003.php .. looks ok but im kind of at the same point already 1265902436 Q * petzsch 1265902544 J * yarihm_ ~yarihm@dhcp-vpn-89-206-68-17.uzh.ch 1265902989 Q * yarihm Ping timeout: 480 seconds 1265902992 J * yangp yang@sparc.mtveurope.org 1265903494 M * kwowt I'm getting high traffic ddos attacks on some guests 1265903515 M * kwowt i guess nullrouting the ip would be the best way to get other users and my host machine safe 1265903521 M * kwowt but is there a way to do that automaticly? 1265903534 M * kwowt like, when traffic increases on a specific ip 1265903544 M * kwowt it null routes it on itself? 1265903651 M * kwowt cuz once attack starts 1265903657 M * kwowt i cant access the machine :) 1265903671 M * kwowt or maybe even to limit traffic to a specific IP or something 1265903690 M * Bertl anything you can do in Linux can be used 1265903690 M * kwowt would that help prevent ddos attacks ? 1265903704 M * Bertl as there is no routing between host and guest 1265903719 M * kwowt if i could somehow limit the bandwith speed to lets say 5mbit 1265903724 M * kwowt on a guest vserver 1265903733 M * Bertl see tc 1265903743 M * kwowt the problem is only clients who use IRC cause ddos issues 1265903747 M * kwowt and irc doesnt need more then 5mbit :) 1265903754 M * kwowt tc ? 1265903775 M * kwowt traffic control ? or wh0t:p 1265903797 M * Bertl yep, iproute2/tc Linux traffic control 1265903825 M * kwowt but would this help my problems? 1265903831 M * kwowt if i somehow limited the bw speed 1265903851 M * kwowt or would ddos crash my internet anyway 1265903853 M * Bertl well, there is no real ingres shaping possible 1265903868 M * Bertl unless you control the router, which is the place to implement that 1265903892 M * kwowt so what would be a possibility for me 1265903896 M * kwowt with traffic control 1265903899 M * Bertl but you can drop incoming packets, which usually results in a reduction of overall traffic 1265903957 Q * yarihm_ Quit: This computer has gone to sleep 1265904121 M * kwowt and what would be the best way to identify which ip was attacked 1265904124 M * kwowt after the attack? 1265904128 M * kwowt is ther esome default logging 1265904201 M * Bertl you can create a shaping rule for each ip (or ip set) 1265904221 M * Bertl google for tc and iproute2, and maybe traffic shaping 1265904245 M * Bertl you should find a bunch of documentation, but it can get complicated 1265904265 M * kwowt best way would be to remove the clients who get attacks :p 1265905145 M * kwowt Bertl: so if my switch has traffic shaping control 1265905159 M * kwowt i could set like 5mbit speed on the whole machine 1265905284 M * Bertl or on individual channels (IP based for example) 1265905343 M * kwowt Podpira Port Bandwidth Control 1265905343 M * kwowt · Podpira Port Trunking 1265905348 M * kwowt is that it? 1265905352 M * kwowt port bandwith control 1265906688 Q * taenzerme Quit: Leaving. 1265906729 Q * derjohn_mob Ping timeout: 480 seconds 1265906777 J * Loki_muh ~loki@satanix.de 1265906807 Q * Loki|muh Read error: Connection reset by peer 1265906807 N * Loki_muh Loki|muh 1265907134 J * taenzerme ~Adium@static-87-79-237-223.netcologne.de 1265907703 Q * Loki|muh Ping timeout: 480 seconds 1265907947 Q * bzed Remote host closed the connection 1265907953 J * bzed ~bzed@devel.recluse.de 1265907961 Q * jrdnyquist Quit: Leaving 1265908292 J * Loki|muh ~loki@satanix.de 1265908316 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1265908319 Q * bzed Remote host closed the connection 1265908381 J * bzed ~bzed@devel.recluse.de 1265908838 Q * taenzerme Quit: Leaving. 1265908892 Q * Snow-Man Server closed connection 1265908893 J * Snow-Man ~sfrost@tamriel.snowman.net 1265909422 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1265909946 Q * ncopa Quit: Ex-Chat 1265910241 Q * jrklein Quit: jrklein 1265910868 M * kwowt UDP (642 bytes) from 109.93.132.104:3508 to 91.185.201.91:6667 on eth0 ¦ 1265910868 M * kwowt ¦ UDP (654 bytes) from 91.187.103.1:1377 to 91.185.201.91:6667 on eth0 ¦ 1265910868 M * kwowt ¦ UDP (804 bytes) from 77.238.222.13:45618 to 91.185.201.91:6667 on eth0 ¦ 1265910874 M * kwowt how tha hell can he ddos that ip 1265910879 M * kwowt if it isnt added anymore 1265910930 M * kwowt ip addr shows only main ip 1265910934 M * kwowt which isnt getting any traffic 1265910959 M * Bertl if your host doesn't have that ip asigned, your router should have updated its arp table 1265910990 M * kwowt what if i null route it now, would it help? 1265910996 M * kwowt i'm having trouble accessing the machine 1265911000 M * kwowt its under ddos for like 2hours now 1265911009 M * kwowt i somehow managed to get into iptraf 1265911199 M * bobnormal off to GLLUG meet, seeeya all tomorrow :) 1265911200 Q * bobnormal Quit: . 1265911223 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg 1265911464 J * petzsch ~markus@dslb-092-078-154-157.pools.arcor-ip.net 1265911749 M * kwowt ok i've rebooted again 1265911752 M * kwowt nothing changed 1265912016 M * kwowt Bertl: are u sure 1265912018 M * kwowt its in router? 1265912024 M * kwowt why is it showing the ip in iptraf then ? 1265912026 M * kwowt i've checked ip addr 1265912031 M * kwowt and only main ip is added 1265912036 M * kwowt is there any other way to check ips? 1265912130 M * Bertl well, if your router sends packets to the host which doesn't have that IP, then something is misconfigured in your router :) 1265912150 M * kwowt so if ip addr doesnt show the ip 1265912157 M * kwowt its not added to machine 100% ? 1265912183 M * kwowt the thing is 1265912186 M * kwowt the server is in datacenter 1265912187 M * Bertl 'ip a l' will show all IPs known to the host 1265912192 M * kwowt 100km away 1265912224 M * kwowt this is like the longest downtime i've had in 3 years :) 1265912239 M * kwowt if i had a fsckin car i'd drive there and check myself 1265912252 Q * hijacker_ Quit: Leaving 1265912270 M * kwowt now i'm stuck with 2 idiotic techs in the datacenter who dont how to do anythin else then reboot 1265912349 M * kwowt Bertl: http://nopaste.voric.com/paste.php?f=401n0b 1265912353 M * kwowt it aint there 1265912363 M * kwowt what if i add the ip back and nullroute it? 1265912367 M * kwowt would that help anything? 1265912492 M * Bertl fix your router, that's all you need :) 1265912575 M * kwowt well i cant cuz its not mine 1265912579 M * kwowt it belongs to the datacenter :) 1265912584 M * kwowt i asked them to restart it or something 1265912590 M * kwowt but they said i aint the only one on it 1265912599 M * kwowt and they dont have the real support there atm 1265912686 M * sid3windr lol, restart the router in the datacenter =) 1265912739 M * Bertl all they need to do is stop routing that IP to your host 1265912943 M * kwowt they dont know how to :) 1265912964 M * kwowt can i do something in iptables? 1265913052 M * Bertl nope, just drop the packet, but that should happen anyways, when the host doesn't have that IP 1265913288 P * petzsch 1265913516 N * michal_ michal 1265913655 M * kwowt Incoming rates: 84426.3 kbits/sec ¦ 1265913655 M * kwowt ¦ 13063.0 packets/sec 1265913904 Q * balbir Ping timeout: 480 seconds 1265913913 Q * Chlorek Quit: Changing server 1265913970 J * Chlorek ~cokolwiek@c.sed.pl 1265914210 Q * kir Quit: Leaving. 1265914671 J * SauLus_ ~SauLus@d004215.adsl.hansenet.de 1265914696 J * balbir ~balbir@122.172.58.144 1265914916 M * Bushmills hope they won't charge you for the traffic 1265915082 Q * SauLus Ping timeout: 480 seconds 1265915082 N * SauLus_ SauLus 1265915348 M * geb and especialy, hope that you have a good router :) 1265915350 M * geb DDos ? 1265915557 M * kwowt i've got unlimited traffic 1265915567 M * kwowt routers are owned by the datafuckincenter 1265915571 M * kwowt which hires morons i guess 1265915576 M * kwowt specially after 4pm 1265916161 J * vserver_guy ~vserver@host90-152-15-246.ipv4.regusnet.com 1265916477 J * trysk ~chatzilla@hodbodm.tartarnet.cz 1265916497 M * Bushmills strange - I'd have thought the more knowledgeable people work from 2 pm to 8 pm 1265917155 Q * SauLus Quit: ... the proxy is gone 1265917175 J * SauLus ~SauLus@d004215.adsl.hansenet.de 1265917989 Q * gnuk Quit: NoFeature 1265918038 Q * vserver_guy 1265918638 N * yangp yang 1265919353 J * derjohn_mob ~aj@c135087.adsl.hansenet.de 1265920053 Q * ensc Ping timeout: 480 seconds 1265920292 J * imcsk8 ~ichavero@148.229.1.11 1265920901 M * kwowt Bushmills :)) indeed 1265921097 J * jrklein ~jrklein@2001:0:53aa:64c:0:241c:63e5:658b 1265924146 Q * barismetin Quit: Leaving... 1265924327 Q * derjohn_mob Remote host closed the connection 1265924362 Q * trysk Quit: ChatZilla 0.9.86 [Firefox 3.6/20100115144158] 1265925138 Q * ghislain Quit: Leaving. 1265925156 Q * bonbons Quit: Leaving 1265925204 J * derjohn_mob ~aj@c135087.adsl.hansenet.de 1265925205 Q * derjohn_mob Remote host closed the connection 1265926024 Q * jrklein Quit: jrklein 1265926409 J * jrklein ~jrklein@2001:0:53aa:64c:0:241c:63e5:658b 1265928264 N * DoberMann DoberMann[ZZZzzz] 1265928537 M * kwowt in the end the easiest thing was to find the abuser and talk to him, haha 1265929051 Q * mugwump Quit: taking an irc break for a bit 1265929579 M * geb kwowt, unlimited traffic is never really unlimited ;) 1265929609 M * geb especialy when you receive a some high volume of datas / pks :) 1265929629 Q * thierryp_ Quit: ciao folks 1265929805 M * Bushmills from FAQs on vserver wiki: "How can I copy anything from host to guest partition, normally unvisible on host?" "vnamespace --enter -- /bin/bash " ... as I don't understand the question, I have no idea why I would want to use vnamespace... 1265930511 Q * jrklein Quit: jrklein 1265930571 M * Bushmills why would one want to use vnamespace for copying from guest to host, when one can copy from .../vservername/vdir/... to host dir? 1265930943 J * wtp ~Cham0@93.16.112.168 1265930958 M * wtp \CTCP PING WTP 1265930967 M * wtp owned 1265931059 Q * wtp 1265931091 M * Wonka Bushmills: read it again. "from host to guest". 1265931122 M * Wonka Bushmills: and "normally unvisible on host" sounds like you cannot see the guest's filesystem in the host's namespace 1265931153 M * Bushmills i wasn't aware of that that was even possible 1265931188 M * Bushmills if host can't see it ... how could possibly guest? 1265931193 M * Wonka there might be filesystems mounted via /etc/vservers/$guest/fstab 1265931207 M * Wonka the guest has another filesystem namespace 1265931235 M * Wonka filesystems mounted in that namespace need not be visible in the host's namespace 1265931254 M * Wonka (might even be they are never visible there, don't know) 1265931255 M * Bushmills so vnamespace ... essentially prevents the need to mount the file system host side? 1265931283 M * Wonka vnamespace is just the tool to switch to another namespace 1265931300 M * Wonka and using namespaces is what separates host and guests 1265931327 M * Bushmills is that somehow related to "context"? 1265931349 M * Wonka contexts are replaced by namespaces, afaik 1265931422 M * Bushmills with the rather recent version i'm running, context, as unique integer, is still specified for guest creation, and finds itself here and there in guest directories under /etc/vserver 1265931465 M * Bushmills oh well, i put vnamespace aside at the moment, until there's a situation where i really need it. 1265931497 Q * dna Quit: Verlassend 1265931774 Q * micah Remote host closed the connection 1265931787 J * micah ~micah@micah.riseup.net 1265932110 Q * Radiance Remote host closed the connection 1265932295 J * Radiance ~Radiance@193.16.154.187 1265932387 Q * Radiance Remote host closed the connection 1265932436 J * Radiance ~Radiance@193.16.154.187 1265932559 J * jrklein ~jrklein@2001:0:53aa:64c:0:5aeb:b4d8:690