meena: Nope, will look in a bit.

What's API call to get the cpu busy time for a process in FreeBSD? (i.e. Linux equivalent of busy value of a pid in procfs)

Oh, getrusage apparently.

mason: I was looking at the JailsEpair wiki page which I believe was written by you? wiki.freebsd.org/MasonLoringBliss/JailsEpair

Title: MasonLoringBliss/JailsEpair - FreeBSD Wiki

It appears the Bugzilla entry linked to in the page about the racy networking in Jails (bugs.freebsd.org/bugzilla/show_bug.cgi?id=237656) is now fixed

Title: Invalid Bug ID

Very funny VimDiesel, the title is `"Freed UMA keg (rtentry) was not empty (18 items). Lost 1 pages of memory." seen when running sys/netipsec tests`

Anyway, my question was - does this mean we can now do away with the exec.prestop hack and remove the vnet line completely?

BaloneyGeek: Yeah, I need to check that. I haven't vetted it and I wanted to verify before changing it, since the workaround doesn't actually hurt anything. Has it been pulled down to 13.1?

mason: I have no idea how to check, sorry. I'm still extremely new to the FreeBSD world

BaloneyGeek: No worries. I'll chase it down soon as I get a chance.

I assume the githash mentioned would just be cherry-picked to something like a 13.1 branch?

BaloneyGeek: docs.freebsd.org/en/books/handbook/glossary/#mfh-glossary or MFS, unsure where the code has gone. I kind of assumed it was just in current but I haven't actually looked yet.

Title: FreeBSD Glossary | FreeBSD Documentation Portal

mason: The commit itself was pushed in March 2021, and has a "MFC after: 3 days" line in the commit message, but searching freebsd-src on Github doesn't seem to yield any other commits with the same commit title

I've been scouring the internet for days on how to do VNET jails properly and your guide has the simplest setup I could find without a dependency on `jib`, so I'd really like to base my setup off it :-)

BaloneyGeek: nice nice

BaloneyGeek: So, with that in mind, you can ignore the noted glitch and just not bother setting up a sacrificial lamb at boot if it's been fixed. The ill effect I wanted to avoid was networking pausing briefly.

Oh it's that bug? I thought the fix to that was to assign a MAC address to each epair b interface manually?

What I'm trying to understand is the need for this line: `exec.prestop += "/sbin/ifconfig epair${ep}b -vnet ${name}";`

BaloneyGeek: Oh, that. IIRC that was from a bug that was fixed where interfaces not removed from the jail side would lead to the system freezing.

My brain is a little short-circuited by now, but does this mean at some point, under the hood, there's a named VNET being created with the name of my jail?

BaloneyGeek: I'll be happy to revamp it all to eliminate workarounds for random bugs I've hit if they're gone. Plus side, the workarounds are safe even with the bugs fixed.

BaloneyGeek: Not with the name.

I can do you one better, since I'm setting this up myself

BaloneyGeek: Here, for instance, I have an epair101a on the outside, and an epair101b on the inside that's the primary NIC for the jail.

cool

If you can tell me a reliable way to reproduce this, I can test this and report back, possibly with an updated config :-D

(the freeze when we yank interfaces from underneath the jail)

BaloneyGeek: Sure. I think the crash if the epair was left to be cleaned up has probably gone away. To test that, just don't include the -vnet line.

BaloneyGeek: Other way around. If you let FreeBSD clean up the jail and vnet itself it'd freeze. The way around that was removing the vnet first.

THEN tearing down the jail, hence the prestop removal.

So can I also just change the line `exec.prestop = "/usr/sbin/jexec ${name} /bin/sh /etc/rc.shutdown";` to `exec.stop = "/bin/sh /etc/rc.shutdown";` then?

mason: Ah so doing things the "normal way" used to pretty reliably lead to a system freeze if I understand correctly

Yes. Hence the added bits. That said, a goal I left lingering was having the system bring up the NIC itself, potentially using DHCP, and I've struggled to get that to work reliably.

I'm setting up a new bhyve and jail host and plan to explore it again this week.

Was hoping for this weekend but we had a more-than-day-long power outage.

I cannot test DHCP for the reason of "my server host won't let me", but I'd like to test setting up the IP using the usual rc.conf way

Especially since I actually need a proper IPv6 setup

BaloneyGeek: That said, pulling out my historical cruft will be a nice way to explore and learn. It shoudn't hurt anything leaving it, so you should be able to start from what's there as a baseline.

Ah, I've not ever added IPv6 into the mix. If you find anything interesting to include I'd be happy to do so, and if you collaborate on it we'll want to move it out of my namespace.

Sorry, also, I'm a bit distracted with a couple other things I'm doing concurrently.

Right, I should be able to report back in a couple of days, either here or via your email in the wiki page

mason: No worries, I'm going to bed now anyway. It's 4AM CET

Thanks for the clarifications. Let's see how things go in the next few days :-)

Good night! Ping me here as needed and I'll try to repond.

respond*

tmpfs is a KLD module, right? Why does sys/fs/tmpfs contain no DECLARE_MODULE or moduledata_t?

Besides driver support, if a person *must* use Linux, I can't fathom *why* they would choose it over FreeBSD! Bill Joy and Kirk McKusick and others worked very hard on it since 1977. I know why Linux got its market share, and I'm no noob, but Linux is a glued-together piece of garbage when you compare it to BSD: a complete OS out of the box. And let's talk PF Sense vs IPtables! There's prewritten rules, it's a config file! it's not modular, designed not

to be as capable to break. And all the distro's of Linux and the hardening and the difference in patch release times. WHY?

Edge-: there's very little point in discussing why a technology has "won". it's always a very complex process

meena: That's YOUR opinion, and you have NO RIGHT in telling someone what to discuss. So I'm finished talking to you.

Edge: we are in hunger of driver supports. That's right.

Edge: that may be in terms of expansion of user pool(desktop). In another case, it may not be a deal breaker.

mictty: I know all of this, with lack of vendor-provided driver support that Linux gets due to known reasons of lawsuit... that FreeBSD does not get and its team have to hack drivers.

Can someone please tell me what's the difference between KLD module and static kernel module? Like what makes a module static kernel module? How is it defined? They are both built with ".include <bsd.kmod.mk>" but only difference I can see is that one has DECLARE_MODULE and other doesn't.

jafarlihi: I _think_ it's whether something can be loaded at runtime, or whether it has to be loaded with the kernel by the boot loader.

And, more importantly, I suppose - you can unload them if you don't need them.

i know i check in on this every now and then but i was curious if smb_mountfs has evolved beyond smb1

Macer: if it ever does, I can't imagine it won't be published far and wide, so there's no real point in checking every now and then, as there's nobody working on it

wasn't smb* slated for removal, because it doesn't work beyond smb 1, and because no one is working on it, and because there's more functional alternatives in ports

is it possible to generate more than one matching public key from a single private key file (ed25519)

daemon: what do you mean?

meena, is it possible to generate more than one pubkey for a private key, say for instance if you did a ssh-keygen -t ed25519

you would get an accompanying pubkey

but is there anyway to generate additional pubkeys that have a different hash

or are they all 1 ub per private key

1 pub per private key*

Heh, I would hope the answer to that is a definitive "no"

yeah me to but got to wonder :)

here's a stupid question from a person who works in InfoSec: what's the difference between Security Advisories and Errata Notices?

errata notices are fixes for things that are obviously broken (ie. doesn't work at all, or doesn't do what the documentation says), while security announcements are for actual security related things

Per email discussion, E in EN actually stands for "Engineering".

freebsd.org/security/notices they're errata notices

Title: FreeBSD Errata Notices | The FreeBSD Project

an erratum is a correction - in the original meaning, to a text, but more broadly it can be applied to anything that's considered corrected by being updated by something published after the fact, i think

I thought that's what they were as well, but who am I to contradict imp?

then imp has a lot of websites to correct :3

Hitchhiker's Guide to the Galaxy reference. (_Life, the Universe, and Everything_ specifically.)

Read all those books. . . not sure I remember a 'SEP field generator'

Me too. But I still had to look it up. A "Somebody Else's Problem" field. The Bistromath ship was covered in an SEP field. Think cloaking device.

Those were hands down the funniest books I ever read.

Constant strange look generators.

Apparently novels are not supposed to induce hysterical laughter in public places.

hmm

meena: oh is there?

i'm guessing it's all been relegated to fuse maybe?

Macer: I don't remember the details

Title: DeprecationPlan - FreeBSD Wiki