ExclamationPoint: double nat works most of the time, but is there not a better way to layout your network?

why would you need double-nat rather than plain forwarding?

right; either flatten the network, or add an interface on 172.16 on `C'

What's are the biggest benefits that ipfw has over pf again?

'C' doesn't even need an interface; if forwarding is enabled on B, then C just needs a route to 172.16 pointing at B

_xor: that's a tough question.

While this does not answer your question, I like pf for its simpler rule writing.

At the end of the day ipfw and pf can get you the same result.

I've heard both sides of that, where some people prefer pf-style and others prefer ipfw-style. I use jails a lot, along with netgraph, and from what I understand ipfw has better jail support (with regards to commands in base).

Yeah it's not a super high priority, but I can't really decide that without knowing how much time I'd have to put into ipfw to weigh it's trade-off against pf.

pf is generally fine, though I'm not a huge fan of how it handles dynamic rules via anchors. It feels a bit hacky.

Can't say I ever had a need to use anchor rules in pf.

That's just me: I like simplicity.

I do, when needing to deploy services on a host that requires privileged ports. I usually bind the service to a non-privileged port and rdr from the privileged port to the higher-value port.

I'm guessing that's the case when redirecting ports to services running inside jails.

hello, has anyone here run into clock drift on a Digital Ocean Drooplet? (ntp looses sync after a few hours)

A droplet using FreeBSD, you mean?

yes, originally DO had FreeBSD 12.1 images and I have continually upgraded them to 13.2-p2 all are fine, but one drifts

I see ntpctl showing: clock unsynced, clock offset is -921.282ms

i've used the heck out of tables in pf; i don't recall similar functionality in ipfw

but i've found the fewer the letters in the firewall, the better. iptables = bad, ipfw = ok, ipf = better, pf = best

it's a lot of pressure on anyone who writes a firewall named 'p' or 'f'

OK. One possibility (which may not be applicable to DO) is that the host pauses that droplet, which puts its ntpd out of whack.

Is ntpd (or whatever you're using, but you mentioned ntpctl) that droplet and the ones that don't drift configured the same?

s/that/for that/

rtprio: ipfw has _extensive_ table functionality

they all run openntpd and just have the default config

The default config for... openntpd?

yes the default that pkg install openntpd sets up

OK. Now the other question is whether they all have the same DO config.

the one that is failing is different in that I changed its CPU to DO-Premium-AMD from DO-Regular to see if that would help, but still drifts

the one I compare it against in the same datacentre is still on DO-Regular

disk/ram are same

And both/all are running the same openntpd version?

yes, I checked sha256 of ntpd executable and /boot/kernel/* to make sure no differences

are there any logs about it?

what if freebsd and openbsd became one OS, each variant its own branch which in time will merge as one

this a meta-question that has no answer

we could buy back the BSD trademark. get rid of those meaningless mascots. to new users, it would just be a backend option, in the frontend we'd make something like the world's greatest widow manageror or something (i actually have some ideas for that)

angry_vincent: that it is...

good luck with your ideas

thanks (the window manager)

freebsd + openbsd would be a warzone for years

did it always?

huh.

i think the windowmanager would make a lot of sense forsomething that wereto apppear in 10 years time.

rtprio: the table functionality? I don't know about "always", but certainly for a long time

you'd navigate around a 3d-looking hierarchy made up paraeters as in parametric architecture, depending on your current emotions, your todo list for the day, your physccal surroudings. it wouldnt really be 3d, but rather aa bunch of 2d particles giving the illusion of 3d. todays WMs are inspired by office space, destops,papers,pens. thisnewWM would be inspired by theinfinite spacethat surrounds us. your

personal files, the oes that are smilar, would rotate around each other.

warzone is a bit... dramatic

it wouldnt look like this: i.imgur.com/T0VYOAs.png although it would feel equally alien to us at first

i do wish that freebsd's pf didn't diverge so much, but not a lot to be done about that now

(stupid pic is just an AI gen, notmeant to represent the future WM)

rtprio: sorry to hear that :/

i hope you can run pf-badhost?

in my present situation, firewalls are not my problem

not sure where to report this, but `fossil` seems to be broken on ppc64le, i'm presuming due to sqlite (which fossil uses) also being broken on ppc64le

ironically i ran into this while trying to do testing to get upstream sqlite to fix this exact issue

the issue is the same as with some other packages, such as firefox, where sqlite's endian detection incorrectly assumes the endianness based on a compiler define

Fossil was built for SQLite development, and it's built on top of SQLite too hhe.

I'm not quite sure I understand what you mean though by detecting architecture endianess; meaning, detecting it compile-time vs. run-time?

Wait, would that even work?

certainly should

compiler needs to know what endianness of binary it is writing, after all

apparently sqlite assumes powerpc* is all big-endian, which is weird. my understanding was that ppc64le was way more popular than be in linux land

these days, yes, it absolutely is

before POWER8 it wasn't, since most (all?) ppc64 chips did not support the little endian modes and instructions

ppc32 ones did, weirdly enough, and yet nobody really ever did ppc32le. though it's possible to build a rootfs for that and i've heard two independent reports of someone getting it to boot

yeah, I suppose the defaults for something like this don't really adjust to the times very often

yeah

at least one of our primary ppc folks is die-hard BE all the way, really admire his dedication

I've mostly been forced by circumstances (and lack of ppc hardware) to work on little-endian systems

my other pet peeve is signed chars

that one's bitten me recently, even

having to cast to unsigned char to do something as trivial as isspace() is a pain

hey say i run some freebsd website, am i allowed to play with alternative logos as long as i mention it in the footer? .png

heres a blockchain logo, is there ay way to use a similar approach for a new freebsd logo? what could it be made of?

the blockhain was made in blender, freebsd's coud use github.com/danini-the-panini/mittsu instead

Title: GitHub - danini-the-panini/mittsu: 3D Graphics Library for Ruby.

i guess i could turn the rectanges into spears

* gles

what do you do when you make a typographical error (typo) and kill the wrong process... any way to find out what it was, or might you just have to reboot?

RhodiumToad: I meant determining it at run-time.

Though I guess that would be up to the OS & run-time loader.

iOS and Android can bundle up multiple architectures into a single executable. I think that includes architectures with different endianess.

er, I mean the on-disk file of what they expect to load and launch can contain executables for different architectures.

Title: linux - Multiple ISA in same ELF file - Stack Overflow

Not sure how true that is today, but the answer was edited in May of this year, and it seems logical.

"having to cast to unsigned char to do something as trivial as isspace() is a pain", lol that would be super annoying

"apparently sqlite assumes powerpc* is all big-endian, which is weird. my understanding was that ppc64le was way more popular than be in linux land"

kevans: It makes me wonder what actually led up to their decision to make that assumption. I mean knowing that project, I'd guess it was a good/necessary assumption to make, but I'm curious as to the logic behind it.

I know that their test suite is required for a bunch of private/government-related work, so I'm guessing both compliance and being able to meet strict requirements.

Last I saw, their test suite was 8x the size of the main codebase. From what I remember, ~60%-70% of that is fuzzer-generated.

I guess they had to say PPC=BE to make it work and also be able to stand behind expected behavior.

I noticed that my recent FreeBSD kernel says 15.0 but we haven't branched 14.0 yet have we?

crb: 14-STABLE is branched: cgit.freebsd.org/src/log/?h=stable/14

Title: src - FreeBSD source tree

perfect, thank you

Well that was a pain. Scored a bunch of 10T SAS drives super cheap... tried building a new zfs pool with them.. discovered they're all formatted for 520 byte sectors.

At least i was aware how to fix that just never have had to - at the rate theyre going i think its going to be tuesday when i can build the pool. At 11% after a couple hours

520 byte sectors ?

logical or physical ?

forums.freebsd.org/threads/deciding…-with-520byte-sector-size-ssd.79361 TIL :)

Title: Other - Deciding what to do with 520byte sector size SSD | The FreeBSD Forums

520b wtf

apparently it has reasons..-

real fun

Formatted 520b physical.

Fixing it for normal systems requires letting it do a low level format. Gives write errors if you go to use it otherwise. sg_format utility handles it. sg3_utilities pkg/port.

Believe the origin of such drive formatting is in certsin fiber channel arrays.

Certain

Seems worth the pain in the ass for $2.50 a gigabyte. I wish i'd been able to buy a lot more than i did. 😀

Hello everyone. I love playing with Jails, they're pretty useful and fast.. Have been reading too many documentations and tutorials about it, got a question, I've seen too many rc.conf suggestions like: cron_flags="$cron_flags -J 15" for Jails. What does -J 15 actually do? Anyone care to explain? Thanks!

use ´man command_name´ if you need a reference for cli options

cron(8) says -J is for setting time jitter

nero: Thanks. I've been reading that, but didn't really understand what it actually means.. time jitter.. and why it'd be better for Jails that way.

see also the -j option, which explains the rationale

how does freebsd allocate argv?

argv? I know that in C, it's allocated when you execute the main function: int main(int argc, char** argv).

how is it stored in memory?

maybe memory allocates it on the stack?

Soni: github.com/freebsd/freebsd-src/blob…in/sys/kern/kern_exec.c#L1416-L1435 freebsd does it right here

Title: freebsd-src/sys/kern/kern_exec.c at main · freebsd/freebsd-src · GitHub

this isn't just argv, it's other things too

see also sys_exec, exec_copyin_args

sys_execve rather

how is it laid out?

Title: freebsd-src/sys/kern/kern_exec.c at main · freebsd/freebsd-src · GitHub

dstolfa: where is the main function in that code? I don't know much about coding, but I know that in C, argv is present in int main(int argc, char** argv){}

Oleg: this is kernel code responsible for performing the execve(2) syscall. there is no main function in this context other than the fact that it's the function that will be jumped to eventually after all the initialization is done

but not in kernel context

it looks like it's all shoved into a buffer, in order?

Soni: BTW, if dpcpu stuff is confusing you, see dpcpu(9)

it's basically just a way to have per-CPU data

so basically shoving protobufs into argv is generally portable across POSIX implementations?

cannot carry NUL chars that way, if you thought a protobuf could

not quite sure as i don't really know what the code does, but you should be able to at least get the upper bound from limits.h in a portable-ish way

"The arguments represented by arg0,... are pointers to null-terminated character strings"

doesn't matter, if they're shoved into a buffer in order

because foo\0bar\0 is still foo\0bar\0 even if you're only "supposed" to see it as foo and bar

Just started playing around with freebsd yesterday for the first time and I have a bit of a random question. Is there any technical reason why in freebsd you must mount procfs while in linux /proc always has the process pseudo-fs?

newchair: We don't believe in procfs

even though our procfs is way less powerful than Linux', we still disable it by default

it's just too much information exposed, and we're afraid of more leaking out

Ok i see. I'm also noticing on my linux machine /tmp is tmpfs in /etc/fstab but not on freebsd

yeah, you can do the same, but by default is just a regular Filesystem

basically, Linux does a lot of things through Filesystems, and… We don't

lol

the biggest problem, if we ignore infiniband for a second, isn't even finding sensible alternatives. it's trying to find out what the heck those magic files in Linux even mean

Yes freebsd seems a lot more sensible and easier to grasp than linux in general so far. Like how linux just has a million different kill signals for some reason

every Unix does

oh nvm maybe kill -l is just different on bsd lol

Title: signal(3)

meena: cool thx

back to the handbook!

illumos.org/man/3HEAD/signal.h same here

Title: illumos: manual page: signal.h.3head

check signal(7) on Linux

thats exactly what i did after skimming the freebsd one

no idea which ones POSIX defines

meena: parsing procfs is also very fun, so you end up with gems like this if (!file.is_directory() || !std::filesystem::exists(full_path))

Title: <signal.h>

dstolfa: i refuse to parse procfs

here's a cool but report, by me, about /proc, which came to a happy ending: canonical/cloud-init #4332

Title: util.py: get_proc_env() doesn't work on FreeBSD · Issue #4332 · canonical/cloud-init · GitHub

4332 – System crash after SCSI DAT tape access. bugs.freebsd.org/bugzilla/show_bug.cgi?id=4332

but report. butt report…

I was using "psutil" (Python module) to get proc(ess)stat(istics) on Rocky Linux 8; more than not, it was slower than just coping with custom "ps" output.

Have not tried on FreeBSD

a lot of the low level Unix stuff goes thru lots of code. like, lots and lots of code

everything is highly abstracted before dispatched to the actual functions

I just noticed the "emulation" stanza in procstat. hmmm…

So I have the Ubuntu OS installed for my Linux jail. I have it all updated and can chroot into it just fine. I can even run the Linux version of Wesnoth (installed from the Ubuntu system) perfectly. I'm trying to run an AppImage from my Downloads folder and it's throwing this: ELF interpreter /lib64/ld-linux-x86-64.so.2 not found, error 2

I tried running it in the Linux jail and that was complaining about a fusefs problem.

I'm on 13.2 and I'm running Ubuntu 22.04 LTS.

It seems anything I run outside the jail I get that error when it's a Linux ELF. I was reading that it should be smart enough to know the chroot, etc...or I thought I read that somewhere.

Because if I run /compat/ubuntu/usr/games/wesnoth-1.16, I get the same ELF error.