00:26:23 <jb1277976_> Thanks  koobs
00:28:13 <koobs> jb1277976_: np
00:50:54 <rennj> see ksplice https://en.wikipedia.org/wiki/Ksplice
00:50:55 <VimDiesel> Title: Ksplice - Wikipedia
00:50:59 <rennj> (a technique broadly referred to as dynamic software updating).
00:51:16 <rennj> course oracle payed $$$ for that tech
01:02:36 <koobs> For FreeBSD, past efforts: https://wiki.freebsd.org/Kload
01:02:37 <VimDiesel> Title: Kload - FreeBSD Wiki
02:26:26 <skered> Ok think I got NFSv4 done.. the whole rooted dir and relative paths was confusing... Is there a down side to V4: / ?
02:27:18 <skered> Outside of a untrusted machine allowing to mount something that isn't exported?   They'll at best just beable to guess /'s hier but get IO/permission issues.
02:47:13 <rtprio> well, they're trusted insofar as they're in your ip range, right
03:26:31 <skered> Possible but just trying to figure if that's the only down side.
03:27:34 <skered> Using v4 from a fresh setup it seems that you would org. your fs to be a little more v4 friendly where as maybe V4: / is the easy/best option for existing setups.
05:00:25 <jb1277976_> What happend to gnome3 ?
05:00:47 <jb1277976_> pkg can't find it fresh ports can't find it
05:01:30 <jb1277976_> gnome42 ?
05:04:31 <angry_vincent> there is meta-port for it
05:04:36 <angry_vincent> x11/gnome
05:05:02 <angry_vincent> https://cgit.freebsd.org/ports/tree/x11/gnome/Makefile
05:05:03 <VimDiesel> Title: Makefile « gnome « x11 - ports - FreeBSD ports tree
08:16:29 <pvalenta> hello, how can i display routing table for ipsec?
08:16:58 <crest> pvalenta: there is no such thing
08:17:09 <crest> ipsec doesn't have its own routing table
08:17:20 <crest> are you asking about the ipsec policy database?
08:18:36 <crest> that can be displayed with setkey -DP (part of the base system)
08:19:03 <crest> if you're using strongswan (from ports) you can also use `ipsec status`
08:19:16 <crest> which produces a nicer output and even offers a proper API
08:20:22 <pvalenta> crest, so the routing decision is made somehow in kernel? I have strongswan up and running and: ipsec status looks ok,...but packets don't go through tunnel
08:20:54 <crest> did you configure ipsec in tunnel or in transport mode?
08:20:57 <pvalenta> i am trying to tunnel ipv6 over ipv4 because provider in not ipv6 ready
08:21:25 <crest> you still need a route directing the traffic
08:21:49 <crest> but i would recommend avoiding old fashioned ipsec tunnel mode like the plague
08:22:22 <crest> it's a disgusting layering violation that breaks dynamic routing by its flawed design
08:22:33 <crest> as there is no tunnel interface to route through
08:22:53 <crest> let me dig up my old strongswan config snippets
08:23:00 <pvalenta> vpn-ipv6{2}:  INSTALLED, TUNNEL, reqid 2, ESP in UDP SPIs: c46e4e60_i 0c29fe34_o
08:23:00 <pvalenta> vpn-ipv6{2}:   ::/0 === fd32:32:32::/64
08:23:07 <crest> are you familiar with routing and ipsec on any other platform?
08:23:40 <crest> can you share you strongswan config (just remove the private keys)
08:23:55 <pvalenta> crest, yes ...on linux ..and i have strongswan working for ipv4 on many places
08:24:45 <crest> in that case please censor the output from `sudo ipsec statusall`
08:27:07 <crest> do you control both ends of the ipsec tunnel?
08:27:52 <pvalenta> https://pastebin.com/Lsid9sg9
08:27:54 <VimDiesel> Title: #/usr/local/etc/ipsec.confconn vpn-ikev2 auto=add keyexcha - Pastebin.com
08:29:03 <pvalenta> yes, the other side is my mikrotik wifi router
08:29:48 <crest> is the freebsd system intended to act as ipv6 tunnel server for the mikrotik router?
08:30:33 <crest> fc00::/7 is the ULA range and standards compliant systems will prefer IPv4 over IPv6 ULA if both are available
08:31:12 <crest> -> most (client) systems wouldn't even try to use a fd32:32:32::/64 source address unless it was the *only* option
08:31:34 <pvalenta> crest, problem will be on mikrotik side,...i am not able to ping locally assigned address fd32:32:32::1/64
08:32:06 <crest> i still need the ipsec statusall output
08:32:16 <crest> ipsec status doesn't include enough details
08:32:39 <crest> are you running routeros v7.x?
08:33:01 <crest> because if you do switching both sides to wireguard is probably less painful than debugging ipsec
08:33:29 <crest> but their ancient linux 3.6.x kernel in routeros 6.x lacks wireguard
08:36:49 <pvalenta> crest, here is ipsec statusall ... https://pastebin.com/9iQQsqJ4
08:36:50 <VimDiesel> Title: ipsec statusallStatus of IKE charon daemon (strongSwan 5.9.8, FreeBSD 13.1-REL - Pastebin.com
08:38:23 <pvalenta> crest, yes, there is routeros7 on it.....i am using wireguard on freebsd nad linux, but never tried it on routeros .....but you are right, i will try it
08:39:12 <crest> i use it on a mikrotik hex and it fast enough to max out my upstream without saturating the cpu
08:40:19 <crest> i just had to throw in netwatch to reresolv dynamic dns entries if the tunnel goes down because both my endpoints have dynamic ipv6 addresses
08:41:28 <pvalenta> crest, thank you for your time
08:42:05 <crest> it looks you already have ipsec up and running on the freebsd side
08:42:48 <crest> it's the mikrotik that's probably lacking a ipv6 default route pointing to your freebsd systems public ip address
08:43:19 <crest> but i'm not familiar with ipsec on linux (only freebsd and openbsd)
08:43:49 <crest> you may want to dump the poliy in the old setkey -DP format as well
08:44:36 <crest> or raise the logging verbosity of pfkey in strongswan at least by two
08:44:46 <crest> to find out the exact policies installed
08:45:12 <crest> what happens if you try to ping6 fd32:32:32::1 from freebsd?
08:45:35 <crest> did you already create a enc0 pseudo interface and bring it up to sniff the ipsec processed traffic with tcpdump?
08:46:16 <crest> damn it. ipsec has to many knobs to mess up
08:48:28 <pvalenta> ping6 fd32:32:32::1 does not work but tcpdump on enc0 show traffic goes to tunnel ...so problem is on mikrotik side
08:55:06 <crest> how would you even configure a ipv6 default route to ipv4 nexthop? give up and use an interface route instead?
10:02:03 <debdrup> Very carefully, I imagine.
11:22:24 <pvalenta> crest, it's working with wireguard, thank you once again
12:23:04 <adilix> hi all
12:26:19 <luna__> hey
13:26:09 <CrtxReavr> Is fd32:32:32::1 in your neighbor cache?
13:30:00 <michelem> Hi folks. I'm using "pkg -r $jaildir install X" to install package X into a "micro jail". A "micro jail" is a jail which exclusively contains the data necessary to run a process – as opposed to the whole FreeBSD base.
13:30:54 <michelem> That works fine for remote packages. Some packages I need to customize, so I build them from ports. I thought I could run "make package" and then do "pkg -r $jaildir add X.pkg" on the result, but that does not work.
13:34:04 <michelem> I can use "pkg add -f --relocate $jaildir X.pkg", but that will mess up the system a bit, in that data is installed in the jail, but all install scripts (e.g. addition of new users) are run on the host system.
13:35:25 <michelem> The best approximation I found so far is to "cheat" with "tar -xf X.pkg -C $jaildir". That does not run the install scripts altogether, so I need to manually reproduce the behavior missing from them. Highly suboptimal. Any idea how I can do that better?
13:36:52 <michelem> PS: "DESTDIR=$jaildir make install" does not work because $jaildir is a microjail, not a full system – so make fails to find its makefiles after chroot-ing.
14:38:12 <sopparus> anyone using unifi in jail? I get 400 bad request and nothing weird from what I can see in logs
14:39:55 <mason> sopparus: yes, but quite an old version
14:40:04 <scoobybejesus> my host is on digitalocean (13.1-RELEASE). i have a couple jails with laravel web services that are super snappy until the memory gets dumped into SWAP. then performance completely tanks.  any idea how to prevent the jails' memory from being swapped?
14:40:21 <sopparus> mason: ok im trying with the current version
14:43:45 <CrtxReavr> scoobybejesus, have more memory?
14:44:18 <jschmidt3786> michelem: host your own repo for the customized packages? poudriere+nginx, perhaps?
14:44:29 <scoobybejesus> i'm not running out of memory, depending on how you define that.  it's a 2G system.  if everything stayed in memory, I'd be using 1.2G or so
14:46:01 <V_PauAmma_V> UFS or ZFS?
14:47:37 <mason> scoobybejesus: Digging into swap means you're using more memory than you've got. How to not do that depends on lots of different things. Tune the software, cap ARC usage, etc.
14:47:55 <scoobybejesus> ZFS
14:48:48 <mason> scoobybejesus: Realize that capping ARC can have some unpleasant consequences for performance.
14:48:50 <scoobybejesus> i'd like to think i could put these jails' processes or memory off limits, so the system can then decide what to swap based on everything else
14:49:33 <mason> Hm, do sticky bits still say "don't swap this process?"
14:50:03 <mason> Seems like "no" which is a shame.
14:53:59 <CrtxReavr> Sticky bits as in file perms?
14:54:02 <CrtxReavr> No.
14:55:11 <mason> Oh, hrm, it looks like I misunderstood the use anyway: https://en.wikipedia.org/wiki/Sticky_bit#History
14:55:13 <VimDiesel> Title: Sticky bit - Wikipedia
14:56:13 <scoobybejesus> seems like potentially a big rabbit hole to go down. a bit (a lot) above my paygrade. but the system seems to be doing things in a way that is suboptimal for me. the system should run perfectly fine without doing any swapping for those jails
14:58:02 <CrtxReavr> scoobybejesus, You need to learn that your system has a virtual memory map and a physical memory map.
14:58:06 <mason> scoobybejesus: Something you might be able to consider is just not having swap. Of course, then when things get tight they just pop. ARC should vacate quickly enough on demand, but setting a low ARC cap might help.
14:58:50 <CrtxReavr> Like when you turn top. ..
14:58:53 <mason> scoobybejesus: That you're seeing a performance hit from swap suggests that your actual working set on the system is bigger than your physical memory.
14:59:06 <CrtxReavr> Compare the SIZE & RES columns.
14:59:38 <mason> RESident
15:00:15 <scoobybejesus> i greatly appreciate this input
15:01:15 <scoobybejesus> there's a mysql reflecting 2013M in SIZE with 37M in RES, for example
15:04:31 <mason> scoobybejesus: You can order by RESident if you want to see the big hitters.
15:05:01 <mason> scoobybejesus: top, 'o', 'res'
15:05:15 <scoobybejesus> i'm used to htop :)  i'm trying to get it to sort differently. i toggled to show swap usage, but none of the top processes are using any
15:05:21 <scoobybejesus> ah thanks!
15:05:37 <mason> scoobybejesus: swap usage isn't something that's shown
15:05:56 <mason> but you can infer stuff from how much virtual space is allocated
15:06:03 <mason> (SIZE)
15:06:05 <scoobybejesus> supposedly `w` will toggle the usage of swap
15:06:20 <mason> Oh, fascinating. TIL.
15:07:09 <scoobybejesus> RES adds up to less than a GB right now
15:07:33 <mason> scoobybejesus: Could be ARC then.
15:09:50 <scoobybejesus> thanks very much.  i will research a while and hopefully come up with settings that improve things (or at least don't bork anything)
15:10:10 <CrtxReavr> Actually, top(1) does show if processes are swapped.
15:10:41 <CrtxReavr> In the COMMAND column - swapped process names will be wrapped in <>s.
15:11:13 <CrtxReavr> 43840 j0ker         1  20    0    14M     0B wait     0   0:00   0.00% <bash>
15:11:21 <CrtxReavr> One of my users has a bash process that's swapped.
16:32:16 <jb1277976_> How goes it
16:36:17 <Remilia> what do if there is no response to a proposed port patch for half a year or more (250787 in particular)
16:36:55 <Remilia> I am considering filing a bug w/a patch for postgresql-rum which has not been updated for a good long while and I wonder if the same thing will happen
16:40:12 <yuripv> Remilia: https://docs.freebsd.org/en/books/porters-handbook/makefiles/#makefile-maintainer
16:40:15 <VimDiesel> Title: Chapter 5. Configuring the Makefile | FreeBSD Documentation Portal
16:40:16 <yuripv> see the rules in there
16:40:41 <yuripv> (you should have waited much less before asking :D)
16:41:45 <Remilia> that part do not really help me, I read it before :\
16:41:51 <Remilia> does*
16:42:22 <Remilia> also I am quite patient so have just been locally patching phpfpm-exporter for the past 2 years lol
16:42:28 <yuripv> how so? just ask a committer to integrate your patch, it does not require maintainer approval any longer
16:43:08 <Remilia> well, I do not know whom to ask, for starters, and I am unsure if my patch is correct (it working for me means nothing)
16:43:42 <yuripv> try the ports@ mailing lists, i usually see others asking there
16:45:39 <Remilia> thanks, will try later
16:51:34 <Remilia> next step in server maintenance and suffering is upgrading Python 3.10 to 3.11, with the accursed virtual environments
17:04:21 <jschmidt3786> I've got a host w/ 3 interfaces, one with internet access, the other two may use DHCP. Is this sufficient to keep the host from getting multiple default routes? https://bsd.to/rbXn
17:04:25 <VimDiesel> Title: dpaste/rbXn (Plain Text)
17:24:13 <jmnbtslsQE> jschmidt3786: i don't think it's possible to get multiple default routes with dhclient, but depending on the order that responses are received on those interfaces, maybe you will receive a default route on the wrong interface. not sure
17:50:16 <jschmidt3786> good to know. that's been my experience so far w/ a test host in bhyve (just one def route). CentOS isn't quite so bright.  :^)
17:51:07 <jschmidt3786> I just need to make sure that my two other NICs don't try to hijack my route out.
18:00:28 <absolut> hi
18:01:00 <absolut> can anyone tellme what version of FreeBSD is the latest one of pfSense?
18:03:03 <skered> I think it's 12.3  but #pfsense exists.
18:03:24 <absolut> ah ok thanks im gonna ask there
18:03:29 <Erhard> 2.6.0-RELEASE (amd64) FreeBSD 12.3-STABLE
18:03:35 <Erhard> From pfsense
18:03:49 <absolut> okey thanks!!!
18:03:54 <Erhard> np
18:04:54 <skered> ah you beat me...
18:05:10 <skered> Forgot the password on one... trying a second in a different city..
20:08:03 <jmnbtslsQE> ipfw add 5 count udp from any to any
20:08:04 <jmnbtslsQE> ipfw: unrecognised option [-1] udp
20:08:11 <jmnbtslsQE> anyone know what causes this ?
20:18:14 <flous> Sorry but nope
20:18:43 <flous> Does it do all the time?
20:26:35 <jmnbtslsQE> flous: just inside jails on a stock 12.3 VM that i'm setting up for some tests
20:34:30 <Reinhilde> I expect the ipfw option `gid` to work one way, which I suspect is not the way that it will work.
20:35:13 <Reinhilde> I've created a group named _Epmd and inserted the firewall rules that executing these commands would insert: https://umbrellix.net/~ellenor/ipfwgid.txt
20:36:57 <jmnbtslsQE> i suspect it will work as you expect, but i have never used gid, but i use uid with success
20:36:59 <Reinhilde> What I expect to happen is that users that are members of the group numbered 85, which is _Epmd, will be able to contact port 4369 locally - and nobody else. I do not expect remote access to be affected by these rules.
20:37:38 <jmnbtslsQE> but the manual says it applies also to packets being received
20:38:03 <jmnbtslsQE> so if you want to restrict that, you should be able to do that as usual (with in, out, etc)
20:38:13 <Reinhilde> I expect I will have to treat remote traffic separately.
20:40:27 <Reinhilde> I'm mostly trying to provide a degree of access control to the EPMD locally. It can't be made to listen on a filesystem-domain socket, so that's not an option.
20:41:56 * Reinhilde sends her system into chaos
20:42:35 <jmnbtslsQE> i would just add a drop rule to be executed for packets that originate remotely before these rules
20:47:07 <Reinhilde> The EPMD only listens on the loopback interface - which is why they've such low numbers.
20:52:39 <Reinhilde> It would seem that the EPMD cannot respond...
20:52:47 <Reinhilde> Strange.
20:53:22 <Yukiteru> Hi! Anybody know the status fro nouveau project in FreeBSD? Any oportunnity for have NVENC support native without Linuxulator?
20:54:33 <Reinhilde> it's just hanging.
20:58:04 <Reinhilde> If I uninsert the firewall rules, EPMD works fine.
21:07:44 <yuripv> Yukiteru: i don't think anyone is working on it, at least guessing by https://github.com/freebsd/drm-kmod contents
21:07:45 <VimDiesel> Title: GitHub - freebsd/drm-kmod: drm driver for FreeBSD
21:08:02 <yuripv> Yukiteru: can't you do the same with nvidia provided driver?
21:13:50 <Yukiteru> yuripv: nvenc not work in native only using linuxulator
21:15:06 <Yukiteru> yuripv: in nouveau is merging code from open-kernel-nvidia for support GSP finrmware, with this, nvenc and cuda is possible using nouveau but is experimental and only boot cards for the moment
21:15:37 <Yukiteru> open-kernel-nvidia complie over Solaris, but GSP firmware is problematic
21:16:11 <Reinhilde> yuripv, do you have any ideas regarding the matter of the gid option to an ipfw rule?
21:16:22 <Yukiteru> mmm drm-kmod is only for intel and amd :/
21:17:13 <Reinhilde> it seems to permission gate correctly, but the users that are permitted still can't actually make the connection - instead the applications just hang forever
21:54:05 <jb1277976_> Has anyone here actually messed or used virtual_oss ? i tried it but really didn't understand it. appreantly it can re-route the audio / microphone to a diffrent outlet or virtual device. anyone got some experience?
21:54:33 <koobs> morning
21:54:51 <Reinhilde> hi koobs
21:54:58 <koobs> jb1277976_: https://www.freshports.org/audio/virtual_oss_ctl might be useful
21:55:00 <VimDiesel> Title: FreshPorts -- audio/virtual_oss_ctl: Graphical control panel for the virtual OSS daemon
21:55:02 <koobs> Reinhilde: hiya, how are you
21:55:37 <koobs> jb1277976_:  there's also https://www.freshports.org/audio/virtual_oss
21:55:38 <jb1277976_> sup koobs
21:55:38 <VimDiesel> Title: FreshPorts -- audio/virtual_oss: Virtual OSS multi device mixer application
21:55:47 <koobs> jb1277976_: morning, coffee kicking in
21:56:01 <Reinhilde> koobs, i just am
21:56:06 <jb1277976_> koobs: Tried to use that guide for virtual_oss it but really didn't understand it
21:56:19 <koobs> which guide?
21:56:25 <koobs> Reinhilde: roger that
21:56:48 <jb1277976_> koobs: https://wiki.freebsd.org/Sound#virtual_oss_.28advanced.29
21:56:49 <VimDiesel> Title: Sound - FreeBSD Wiki
21:57:35 <koobs> jb1277976_: links i provided are tools for virtual_oss including GUI config, so may prove handy
21:58:00 <koobs> gotta refresh that wiki page tho
21:58:02 <koobs> huuuuuuuuge
21:58:09 <Reinhilde> meep?
21:58:11 <jb1277976_> oo a gui ?
21:58:56 <jb1277976_> koobs: if it works then my mic should be fine and i can return that cheap microphone/usb dongle i got from amazon. cost me like $7.00 i don't have
21:59:22 <koobs> jb1277976_: i think we established your digital mic is going to need special config to get working
22:00:00 <koobs> though i certainly dont think it would be impossible to hack things to make it work (but its going to require some pretty hardcode audio/register/pin debugging and deep diving
22:00:49 <koobs> jb1277976_: i think the most likely route forward is to collab/partner with a base dev with sound exp, to help you figure it out
22:01:07 <koobs> difficult to make happen but not impossible with the right context/info
22:01:37 <jb1277976_> Thanks again
22:01:45 <koobs> np
22:02:31 <jb1277976_> koobs: how did you figure that the virtual_oss had a gui ?
22:03:01 <koobs> it wa sin my browser history, configuring sound easily quickly by users gets brought up regularly
22:04:14 <jb1277976_> Got it
22:04:21 <jb1277976_>  let me install it
22:05:07 <jb1277976_> speaking of installing is there a way to compile a package with all the defaults instead of staring at the screen picking different options I know nothing about?
22:05:47 <koobs> jb; pkg's (pkg install <foo>) uses the remote/offical package repoistories, which are prebuilt ports with the default OPTIONS
22:06:08 <koobs> jb1277976_: if the question is 'how do i build a port without being asked about options?' ...
22:06:52 <debdrup> Per the ports(7) manual page, there's a BATCH environment variable that can be set if you wish to not have to do any interaction when building.
22:07:35 <koobs> jb1277976_: you can use make BATCH=1 install in a port to skip interactive things
22:07:43 <koobs> ah debdrup already mentioned
22:07:49 <koobs> !man ports
22:07:50 <VimDiesel> ports(7) - contributed applications https://www.freebsd.org/cgi/man.cgi?query=ports
22:08:01 <koobs> not a great title
22:08:52 <jb1277976_> Thanks, yea I was compiling my printer drivers cause there was no port and I was asked like 20x about stuff I didn't know about. Thought I could put it in screen and detach
22:10:18 <koobs> if its a custom compile of a driver (not in ports), our answer doesnt apply
22:21:48 <jb1277976_> Wow got so much to learn
22:27:34 <debdrup> That'll probably be true until you draw your last breath. :)
22:56:36 <rwp> "A good pilot is always learning."
23:40:33 <jmnbtslsQE> is there a good way to trace what happens to a packet when it's evaluated at a specific ipfw rule? i have a packet that should be getting nat'ed, but instead seems to be dropped, at the nat rule (without incrementing that rule's counter)
23:42:37 <thorongil> hi there.  i woke up yesterday to find my 13.1 machine complaining about uncorrectable I/O failures on zroot.  the machine is still happily serving NFS, but i can't log in via ssh or console (which makes sense because /etc/passwd is in the failed ZFS pool).  my plan is to hard reboot, insert a bootable thumbdrive, see if i can learn anything about the pool from there.  maybe clear the errors, depending
23:42:43 <thorongil> on what they say.  and maybe reinstall on the same drive and hope the errors were transient.  but prepare for the eventuality that they will.  thoughts?
23:53:16 <jmnbtslsQE> thorongil: your plan sounds reasonable to me.  if you intend to continue using that disk you should scrub the pool