00:13:13 dnsmasq is a bit more than unbound 00:13:32 dnsmasq does a whole suite of things, including a dhcp server etc, where unbound is just a caching resolver 00:13:49 both will work fine 00:14:00 kind of depends if you want only dns, or more of an all-in-one solution 03:57:53 looks like unbound it is.. i am NOT happy witt this TP-LINK er605.. it does not have DNS capabilities built in 03:58:04 quite surpirsed.. i have to use ip addresses for whole network 04:43:18 voy4g3r2: run openwrt on that tp-link? :) 04:46:51 yuripv: haha, it would make my life easier.. maybe but losing internet is not an option.. this is "safer" 04:49:07 i work from home and if the internet is not available, then no bueno 06:50:54 does anyone have enlightenment window manager working on FreeBSD? it starts when I startx, but there is no backlight or the thing goes black after I finish the config wizard 09:07:18 voy4g3r2, unbound is a good choice for a caching nameserver for Internet names. If you have a small number of systems on the land LAN then using /etc/hosts for those is probably simplest. 09:16:44 if you have a sensible mechanism of putting files on a machine / its jail 09:27:24 if it's between local unbound or unbound on the gateway, i pick the latter 09:28:30 assuming a residential setup with NAT, of course - if you've got a publicly routed IP, you'll need either local unbound, your service providers DNS, or a third-party DNS 09:32:01 I always put a "house router" that I build behind the ISP modem-router and my LAN. Then I don't need to trust my ISP modem-router. 09:42:25 Hi all, I just did a routine upgrade of my tiny nextcloud instance. After pkg upgrade, I run the `php occ upgrade` that takes care of changes to the DB, etc. but this time it failed with: `ld-elf.so.1: /usr/local/lib/php/20220829/apcu.so: Undefined symbol "php_pcre2_match_data_create_from_pattern"` 09:44:12 * Remilia runs powerdns for LAN 09:46:09 hmmmm `pkg -j nextcloud install -f php82-pecl-APCu-5.1.23` as suggested here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275361 did the trick 09:46:11 Title: 275361 – devel/pecl-APCu: Undefined symbol "php_pcre2_match_data_create_from_pattern" 09:50:56 rwp: double-NATing is terrible, though. 09:52:05 Anyone successfully got enlightenment to run as desktop on FreeBSD? 09:52:06 debdrup, How will anyone ever know? 09:52:28 just set the ISP modem to bridge mode 09:53:02 Yes bridge mode works. But I prefer routed modes. They are easier to debug. 09:53:41 what 09:53:57 I am pretty sure double NAT with ISP routers is one of the worst scenarios to debug 09:54:06 due to how bad the firmware is for most of those 09:54:08 What? Surely you are joking. 09:54:24 how the heck can bridge mode be an issue 09:54:43 rwp: If you're only doing HTTP(S) traffic it isn't much of a problem, I guess - but there's quite a few protocols that historically struggle. 09:55:09 moviuro: pkg-upgrade has an -f flag. 09:55:19 I am not doing IPSEC with a shared UDP port 500. I am not insane. 09:55:30 Oh, welp, didn't see the follow-up line somehow. 09:56:24 rwp: bridge mode is always preferable if you're using your own gear and can't terminate things yourself for whatever reason. 09:56:43 Getting a GPON SFP+ module was the best decision I ever made. 09:56:44 Let's say someone else forces me to debug their crazy laptop running some program problem. Right now I can plug their laptop directly into the ISP modem and go, Not My Problem, the happiest words in the world. But if it is in bridge mode then that does not work. I have to put them on my NAT, and then listen to them tell me how I am doing it wrong. No thank you. 09:57:16 kernel CPU load 105%, vnlru 60%, nice 09:57:32 rwp: is that something that's likely to occur on a residential setup? 09:57:34 time to reboot with -p1 and wait for this to happen again 09:57:58 Not sure I understand the issue. 09:58:06 rwp: what is insane about using the specified default port? 09:58:15 debdrup, It's something that infrequently occurs here. Yes. 09:58:22 rwp: welp. 09:59:28 crest, I see you have never worked with the insanity that is IPSEC. It's problematic by design. They use a shared UDP port 500 that causes several different insurmountable problems. Don't just run from IPSEC. Run away as as you can. 09:59:43 I use IPsec 09:59:53 running a tunnel for a decade now 10:00:07 rwp: bold of you to assume that. I use IPsec ond FreeBSD and OpenBSD in production and know the pain and suffering it can cause well 10:00:09 have not had any issues 10:00:28 but i wondered how having a well known port became the issue 10:00:48 Remilia, You must have exactly one then. That's the only case without a conflict. 10:01:00 it's not like 4500 for IKE with NAT-T is a magical number that solves the port conflict 10:01:23 At one time I totaled up the number of RFCs that define IPSEC and some ten years ago there were at least 55 RFCs that were needed in the definition of what is IPSEC. Gack! 10:01:38 Hi 10:01:49 how to downgrade a package, if i can't find it in /var/cache/pkg ? 10:01:56 yes it's the curse design by committee 10:02:21 eoli3n: find it somewhere else. which package are you looking to downgrade? 10:02:27 bastille 10:02:39 are you on the latest or the quarterly branch? 10:02:59 maybe the mirrors just happen to have a version that works for you in the quarterly branch? 10:03:01 i face this : https://github.com/BastilleBSD/bastille/issues/645 10:03:04 Title: [BUG] bastille_network_pf_ext_if (ext_if) not defined in pf.conf · Issue #645 · BastilleBSD/bastille · GitHub 10:03:04 645 – "install -c -s" can't install shell scripts https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=645 10:03:13 crest i'm in latest, so yes 10:03:22 where could i find it ? which url ? 10:03:25 crest, There are (or at least were) two of us that need to use VPNs from the house. Both with the same company. It created a conflict because both IPSEC VPNs needed to use the same UDP port and the simplest way to explain it is that it would get confused. Only one of the VPNs could operate at a time. 10:04:27 first time I hear of a company using non-encapsulated IPsec where the other side is not an office 10:04:44 but I guess the world is vast 10:04:55 normally you'd encapsulate it in L2TP 10:04:58 the problem is that as a UDP protocol normal IKE without the NAT-T extension requires unique endpoint IP addresses for the (initiator addr, responder addr) pair 10:04:59 https://pkg.freebsd.org/FreeBSD:13:amd64/quarterly/ 10:05:00 Title: Index of /FreeBSD:13:amd64/quarterly/ 10:05:20 Remilia: it's the other way around 10:05:33 i can't explore this : https://pkg.freebsd.org/FreeBSD:13:amd64/quarterly/All/ 10:05:49 L2TP+IPsec uses IPsec (in transport mode) on the outside encrypt an L2TP tunnel 10:06:03 -> the L2TP tunnel doesn't help you around the port conflict 10:06:15 can I install a specific package from quarterly from commandline ? 10:06:18 crest, Fortunately neither of us work for that company anymore. So don't need to worry about that problem at all anymore 10:07:03 And for me it has been since 2007 making the details of the problem somewhat vague in my memory. Sorry if I just don't remember the exact details now. 10:07:54 i know the problem you're describing. it happens when two IKEv1 initiators are behind the same NAT gateway 10:07:59 2007 means before widespread NAT-T adoption 10:08:40 the other problem is that without aggressive dead peer detection timeouts the UDP firewall state will be dropped between rekeyings 10:08:44 crest, Your description mentioning that it requires different IP addresses sounds familiar. I think you have it understood. 10:08:46 and before IKEv2 really 10:09:02 which means that both devices get to use the same source port a few minutes apart 10:10:09 the IPsec responder sees a new session from the same source address and port as it's established session 10:10:58 since the NAT router found in every home will now send the packet to the new state it causes a perfect storm because the old one doesn't even get the error message 10:12:11 if your DPD (dead peer detection) timers are short enough to the UDP flow alive in its NAT state table both can be connected with NAT-T because the second one will be remapped which is allowed at least for NAT-T 10:12:53 the first one gets to use the default source port any additional sessions have their source port remapped, the state is kept alive on all the damn middle boxes and things work 10:13:26 but to get there you'll have to read half the RFCs and spend more time staring at packet traces than is healthy 10:13:51 unless you suffered from low blood pressure before that is 10:14:14 I am very happy I don't need to worry about it! As I said, Not My Problem, are the happiest words! :-) 10:14:35 eoli3n, Your client seems to be hopping around. Were you able to get an answer to your package archive question? Since you had a real problem to solve, and I don't. 10:15:30 rwp, i edited Freebsd.conf to set quarterly, then pkg update, then pkg install -f bastille, then revert to latest :) 10:15:35 eoli3n: i see you already filed a bug report with the bastillebsd repo 10:15:42 i did 10:16:15 https://github.com/BastilleBSD/bastille/issues/645 10:16:17 Title: [BUG] bastille_network_pf_ext_if (ext_if) not defined in pf.conf · Issue #645 · BastilleBSD/bastille · GitHub 10:16:18 645 – "install -c -s" can't install shell scripts https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=645 10:16:37 if you still have the problematic version installed somewhere try the following 10:17:04 pkg query %Fp bastillebsd | xargs grep bastille_network_pf_ext_if 10:17:29 i downgraded to 0.9 10:17:44 bastille host my bouncer, and many other services 10:17:47 can't test right now 10:18:45 i will in a jail 10:25:14 https://www.freebsd.org/security/advisories/FreeBSD-EN-23:16.openzfs.asc 10:27:53 eoli3n: it looks like you're missing a macro in your pf.conf 10:29:17 https://github.com/BastilleBSD/bastille/blob/3a4ebc63bb84b66d456713e608be86e4cba3b637/usr/local/bin/bastille#L47 10:29:18 Title: bastille/usr/local/bin/bastille at 3a4ebc63bb84b66d456713e608be86e4cba3b637 · BastilleBSD/bastille · GitHub 10:29:49 is the name of the *shell* variable referencing the name of the the pf.conf macro for your external interface 10:30:55 and ext_if is the default value which matches your pf.conf from the github issue 10:31:27 do you know if the pf.conf has been loaded into the kernel by pfctl? 10:32:44 can you run pfctl -n -v -f /etc/pf.conf to parse the pf.conf without changing the running configuration to rule out syntax errors in your pf.conf? 10:33:11 -n = don't really load, -v = verbose, -f = where to find the pf.conf 10:34:25 my `git pull` is hanging when trying to fetch the current source and ports tree. anyone know what that's about? 10:36:31 nvm, that just resolved itself 10:44:51 mtu: at which stage of the pull? at the very beginning after a connection has been established? 10:46:07 if at the beginning check if both ipv6 and ipv4 work for you. well implemented happy eyeballs logic isn't common outside of webbrowsers and if the preferred first address doesn't work it manifests as a noticeable delay 10:46:32 especially if you don't get a quick TCP reset for your broken path 10:47:42 if it hangs afterward the most common case is just a slow git mirror in my experience and you can't do much about. if it's too bad you can attempt to override dns or route along a different path 10:47:44 crest: it was at the very beginning. it's likely that ipv6 connectivity is the problem. could you suggest a few commands to allow me to see whether my freebsd box even has ipv6 connectivity? 10:48:28 host git.freebsd.org 10:48:32 ping git.freebsd.org 10:48:34 ping -6 git.freebsd.org 10:48:37 ping -4 git.freebsd.org 10:48:55 git.freebsd.org is a cname pointing to gitmir.geo.freebsd.org. 10:48:57 the actual answer would be to try traceroute6 10:49:13 Remilia: that is the next step, but the mirros should respond to ping 10:49:15 to see if it *attempts* 10:49:35 if you have resolution and route but not connectivity, traceroute will show you 10:49:50 imo ping gives less, but easier to interpret information to debug this 10:50:24 traceroute gives you 'no route to host' and the like if you have a spurious default gateway for v6 10:50:45 ping would just 'request timed out' at first 10:50:51 if you have no route to the mirror tcp connection attempts won't "hang" 10:51:16 if you have a default gateway but it does not route farther, they will timeout 10:51:18 but the getaddrinfo() result set will be tried 10:51:23 exactly 10:51:34 and traceroute helps find that out 10:53:00 i prefer mtr for that but that's not part of the base system 10:54:09 `ping -6 git.freebsd.org` and `traceroute6 git.freebsd.org` both give "No route to host", though `host git.freebsd.org` yields "gitmir.geo.freebsd.org has IPv6 address 2604:1380:4091:a001::24ca:1" 10:54:17 so something's mucked up on my side for sure 10:55:49 iirc git doesn't have any special handling to quickly find a working connection, but does the normal thing: call getaddrinfo() and try all answers one after the other until one works or none are left 10:56:44 is simple and works, but can be annoying for frequent interactive use if you can't fix your network 10:56:49 i had noticed before that i couldn't get connections to that server over ipv6 from the outside, even though the router should manage forwarding. i'll have to dig into that when i find the time. 10:57:04 as ugly workaround you shouldn't forget you can put a working address into /etc/hosts to bypass dns 10:57:18 crest: good idea 10:57:43 but that will break if the address stops working and disables any logic the CDN may perform to find you a good mirror 10:57:59 e.g. if you travel between different regions of the (networking) world 10:58:24 another (Linux) machine on the same network can ping6 gitmir.geo.freebsd.org no problem. so i must have mis-configured FreeBSD 10:58:53 how did you configure the freebsd host? 10:59:35 just said "use DHCP" at install, for all i know. never did anything to specifically get ipv6 working. 10:59:38 if you suspect an unreliable network link try to add the -m flag to rtsold, enable it and (re)start it 10:59:54 do you even have ipv6 addresses on the freebsd system? 11:00:06 could be that i don't. how to check? 11:00:19 unless it's a very old installation bsdinstall should've asked you if you want to autoconfigure ipv6 as well 11:00:41 run netstat -rnfinet6 to check 11:00:44 13.0-RELEASE iirc, then progressively updated to 13.2-RELEASE 11:01:27 i don't remember which version added ipv6 to bsdinstall's setup screens, but it should've been before 13.0 11:01:45 `netstat -rnfinet6` just lists a bunch of "lo0" loopback-looking addresses. probably means the machine has received no ipv6 address on the network, eh? 11:02:29 in that case your freebsd system isn't configured to take advantage of ipv6 11:02:39 well that explains it x) 11:04:47 i know that my router handles ipv6 well for all the other machines on the network, so ... i guess i just need to enable DHCP6(?) on that server, is that about it? 11:04:58 Does anyone have any idea what I need to do to make Wayland recognise when I connect a monitor to my running laptop? With X.org this has worked reliably and it is the last building block for my switch from X to Wayland... 11:05:53 mtu: not really 11:06:15 it depends on what your router does 11:06:35 check your ifconfig output for non-LL v6 prefixes 11:07:08 you do not need DHCP6 for v6 to work, but depending on your set-up you might want it 11:07:19 err 11:07:22 wrong formatting 11:08:35 mtu: if your RAs do not include managed config flag, your system should have routing as long as you have enabled SLAAC 11:08:51 Remilia: on the machine in question, i see no non-LL v6 prefixes. i can check in the router's config interface to see what it does for ipv6, and i can check the linux machines which have it working. i just am not familiar with the terminology 11:08:55 mtu: freebsd doesn't include a DHCPv6 client, but if you need DHCPv6 you can install dhcpcd from ports/packages and get a good DHCP v4 and v6 client in a single piece of software 11:09:10 mtu: check if you have SLAAC enabled 11:09:13 but the most common way to get IPv6 isn't DHCPv6 11:10:10 it's SLAAC and FreeBSD has rtsol/rtsold to request IPv6 routers to announce their prefixes and additional configuration e.g. DNS servers 11:10:16 dhcpcd is hopefully going to be in base at some point 11:10:58 mtu: you can explicitly enable SLAAC by using "inet6 autoconf accept_rtadv" for your ifconfig_XXX_ipv6 line 11:11:04 debdrup: that would be a welcome improvement. i would like to see it become the default dhcp client for new installs 11:11:08 DHCPv6 does have its uses, but it's nice not to have to use it when SLAAC is available. 11:11:11 and you probably want to use rtsold 11:11:21 crest: it'll likely replace dhclient 11:11:30 my router's ipv6 config page doesn't mention "SLAAC", but it says: "provide a DHCPv6 server for the local net: YES, but only for DNS" 11:11:38 that's SLAAC 11:11:53 debdrup: the removing dhclient part is the one that will start the worst bikeshedding 11:12:14 crest: *shrug* 11:12:23 mtu: ipv6 lets you have several possible combinations of things: stateless, stateful, both, or none 11:12:36 what to use depends on the router advertisements 11:13:12 stateless is SLAAC, stateful is DHCP6 11:13:22 your current settings indicate SLAAC 11:13:27 man, i should have familiarized myself with all this years ago. is there a configuration that is likely to get my server connected to ipv6 as things stand? 11:13:31 i would just leave the old patched up isc dhclient in for at one additional major release with deprecation warnings etc. and if someone care enough about it they can preserve it as a port for decades to come 11:14:03 mtu: does your interface have accept_rtadv set? 11:14:27 Calling DHCPv6 stateful only makes sense if you know that SLAAC is short for "stateless address autoconfiguration" 11:14:30 because no matter if you use DHCP6 or SLAAC, you get gateway from RAs 11:15:01 Remilia: "re0: flags=8843 metric 0 mtu 1500"; "options=8209b" -- i guess not? 11:15:03 section 7.3.5. Configuring Dynamic IPv6 Address of the freebsd handbook 11:15:18 mtu: [11:10:58] mtu: you can explicitly enable SLAAC by using "inet6 autoconf accept_rtadv" for your ifconfig_XXX_ipv6 line 11:15:49 you probably do not need autoconf if you already are getting addresses in non-LL (non-fe80) prefixes 11:16:22 sysrc ifconfig__ipv6="inet6 accept_rtadv" rtsold_enable="YES" 11:16:31 okay, i'll try: sysrc ifconfig_em0_ipv6="inet6 accept_rtadv" as per the handbook 11:16:39 `ifconfig re0 accept_rtadv` && service rtsold start 11:16:44 what does rtsold_enable="yes" do again? 11:16:56 that ` is in the wrong spot 11:17:10 mtu: enables router solicitation daemon? 11:17:17 enable the rc.d script that start rtsold 11:17:26 ipv6 routers send RAs periodically, but you can solicit them 11:17:33 rtsol and rtsold are for that 11:17:53 ah :) sort of like a "DHCP request", but for ipv6 11:18:01 rtsold is a daemon that asks routers to send router advertisements contains the IPv6 prefix and optional but useful extras like DNS resolvers 11:18:10 sort of like ARP who-has 11:18:17 i see :) 11:18:31 it extracts those extras and feeds them to resolvconf to generate a merged resolv.conf 11:18:59 IPv6 NDP and SLAAC make IPv6-only networks like mine very nice. 11:19:01 most routers will send RAs every X seconds 11:19:23 (where X can easily be 300 in some cases) 11:19:29 with $X in the range of 5 to 600 seconds 11:19:45 and you don't want to wait (up to) 10 minutes for your ipv6 configuration 11:20:33 what is fundamentally different about SLAAC and DHCP is that there is nothing specific about the host in the announcements 11:21:17 the router just tells you the prefixes it wants you to know about and the IPv6 host is expected to do the rest in a stateless manner 11:21:20 Well, SLAAC also don't have DHCP options, so it isn't suitable for a lot of campus-like networks where you have VoIP phones and all sorts of fun stuff. 11:21:49 # ifconfig re0 accept_rtadv --> "ifconfig: ioctl(SIOCGIFINFO_IN6): Invalid argument" 11:21:59 basically with SLAAC you cannot have the router populate your DNS zone 11:22:08 mtu: inet6 11:22:09 you're missing the inet6 from your ifconfig invocation 11:22:15 SLAAC _does_ have an advantage of Privacy Extensions, which gives you a whole /64 so that each single program can get its own set of addresses to send and receive data on. 11:22:53 if you need additional DHCP options you can use SLAAC for the address and DHCP for additional information 11:22:58 ah yes, `ifconfig re0 inet6 accept_rtadv` did work# 11:23:30 remember that if you use ifconfig like that it's a onetime thing and won't be reapplied after a reboot 11:23:32 if you want to run a server on your LAN you have to either use static assignment or DHCP6, as even without Privacy Extensions SLAAC will differ with a different hardware address 11:23:32 so, now i can either wait for an announcement to cross the network, or use rtsol(d), right? 11:23:41 which is a good thing for testing stuff out 11:23:44 mtu: yes 11:23:51 crest: yeah, that's why i also did `sysrc ifconfig_em0_ipv6="inet6 accept_rtadv"` 11:23:58 `service rtsold onestart` will help you 11:24:31 Remilia: it won't reconfigure your interfaces to enabled IPv6 but it will start rtsold 11:25:07 with ipv6 disabled on the interfaces rtsold will just quietly log its inablity to do anything useful to syslog 11:25:20 crest: I do not understand what the first part relates to 11:25:33 the first part of what? 11:25:50 of your line that highlit me 11:26:20 what I said applies to a v6 enabled system where you just enabled accept_rtadv on an interface 11:26:30 rtsold requires the interfaces to have ipv6 enabled (both the protocol and the kernel processing of router advertisements) 11:26:36 I know 11:26:44 thank you for informing me, thoghu 11:26:47 though* 11:26:50 and to do that it's not enough to start rtsold 11:27:13 sorry, I assumed that since the interface already has IPv6 prefixes 11:27:14 hmm². `ifconfig re0` now shows "nd6 options=2b" and i've onestarted rtsold, but no ipv6 config shows up in ifconfig re0 (and ping6 doesn't work) 11:27:17 ipv6 is already enabled 11:27:17 you have to enable it either through the rc.d scripts or a manual invocation of ifconfig 11:28:01 i just wanted to point this out because the warnings can easily be missed unless you already know to look for them 11:28:12 crest: [11:08:51] Remilia: on the machine in question, i see no non-LL v6 prefixes 11:28:20 this implies link-local fe80:: are present 11:28:35 and if they are, ipv6 is enabled, am I wrong? 11:28:46 which means that ipv6 isn't completely disabled and auto_linklocal is probably set 11:28:58 but it doesn't mean that the accept_rtadv flag is configured 11:29:05 and that is why I said to configure it 11:29:12 and run rtsold afterwards 11:29:20 was I wrong? 11:29:23 because if it was the periodic ipv6 rtadv messages should've already configured ipv6 unless he just rebootet 11:29:36 without that flag rtsold can't do it's job 11:30:02 only running rtsold isn't enough to get you a working ipv6 configuration 11:30:06 I am sorry, my instructions were 'assuming fe80 are present, ifconfig ..... accept_rtadv then start rtsold' 11:30:14 as you can see above 11:30:26 where in these was I wrong? 11:30:38 because I am sort of lost 11:31:04 i didn't say you're wrong. i wanted document all the steps 11:31:26 because it's easy to miss or skip a step in an irc channel 11:31:27 i must have missed something, because ACCEPT_RTADV is now active, and rtsold is running, but no ipv6 config shows up and ping6 still doesn't work ... 11:31:36 only to loose a lot of time 11:31:50 mtu: route -6rn still shows no default? 11:31:55 er 11:31:56 netstat 11:32:14 nope, only lo0-stuff 11:32:39 the entry is "default fe80::........%re0 UG re0" like this 11:32:43 hmm 11:32:45 anything i can check on my Linux machines to clear this up? 11:33:00 you can just check if you have proper RA traffic for now 11:33:27 `tcpdump -ni re0 'ip6 and ((udp and (port 546 or port 547)) or (icmp6 and ((ip6[40] == 133) or (ip6[40] == 134))))'` 11:33:42 run this in a separate terminal, maybe with -vni 11:34:09 this filters DHCP6 + rsol + radv 11:34:27 once running, try `service rtsold restart` 11:34:31 or onerestart 11:35:28 what you should see is router solicitations from your fe80:: address and router advertisements from the router 11:36:29 the router's config says that Advertisements are active. your tcpdump command on a linux box doesn't pick up anything, though. 11:36:38 (interface is set correctly) 11:37:14 I am not talking about linux 11:37:52 run it on the FreeBSD system in a separate terminal and restart rtsold 11:38:20 though I guess it should see stuff on Linux too if your FreeBSD host sends a solicitation 11:38:26 i see. still nothing, not even the outgoing solicitation. you know what, imma reboot the machine because why not. 11:38:32 haha 11:38:44 do you have ipv6_enable="YES" btw 11:39:19 oh wait 11:39:22 that was old 11:39:49 or I am misremembering the syntax, it was something else, just the ifconfig_ipv6 is enough now 11:42:27 yeah just having ifconfig_re0_ipv6="accept_rtadv" should be enough 11:45:06 wait, does ifconfig_em0_ipv6="inet6 accept_rtadv" go in /etc/rc.conf or /etc/sysctl.conf ? 11:49:04 mtu: rc.conf of course 11:49:15 but I thought your interface was re0 11:49:29 from [11:15:01] Remilia: "re0: flags=8843 metric 0 mtu 1500"; 11:49:43 yeah, i had that mixed up. imma correct the line in rc.conf and reboot again 11:54:01 well, well, well :) having ifconfig_re0_ipv6="inet6 accept_rtadv" in rc.conf and rebooting did the trick! 11:54:23 the box is all ipv6'ed up now, with routes and an inet6 address and working ping6 and all :) 11:54:27 I guess ipv6 was not properly enabled 11:54:32 probably 11:54:56 Remilia: crest: thanks for your patience, this was very helpful and i've learned a bunch 11:54:59 if you had no ifconfig_xxx_ipv6 lines it might not have been 11:55:15 this will make many things easier now, especially with ipv6 connectivity from the outside to that box 11:55:40 mtu: note that SLAAC without privacy extensions uses addresses based on hardware address 11:55:41 Remilia: yeah, the previous time the box booted, it hadn't had a prober such line in rc.conf 11:56:04 ah ... that's the whole "you MAC shows up on the internet" deal, right? 11:56:16 not like it matters? 11:56:25 if it is not a laptop 11:56:48 at some emotional Edward-Snowden level, it feels bad, but you're probably right 11:56:51 also some systems might use something other than the MAC or scramble it 11:57:19 just compare what you have in ifconfig inet6 prefix vs the hardware address 11:57:58 I do not have v6 from my ISP here but where I did I typically ran privacy extensions + DHCP6 11:58:24 where the latter assigned easily remembered IPs of the prefix::X variety 12:00:39 hm. powerdxx didn't start on boot even though it's enable in rc.conf 12:03:49 Macer: maybe it wants a kernel module to be loaded? 12:04:06 and quit with an error on startup 12:04:41 well to start it i didn't have to do much other than service powerdxx start 12:05:06 which i figured was handled by rc.conf 12:05:14 yeah it should be 12:05:26 i just upgraded for the zfs patch 12:05:37 if you could use 'start' to start it it is enabled 12:05:44 and when it reboot my cores were running at 3GHz instead of 1.6GHz and powerdxx wasn't started 12:05:56 yah that's what i did 12:06:34 maybe it has some kind of dependency on something else which started later? you'd need to monitor your boot process to see if it threw an error, or maybe it logged something in syslog? 12:06:35 it sucks because i was working on so many other things i never noticed for years that the xeons were running maxed out lol 12:06:54 yeah i'll take a look at that and see what happened 12:07:09 i just happened to check htop to take a look at something and noticed the cores were maxed again 12:10:27 i'll definitely have to take a harder look at that 12:12:31 does bzip3 work with bz2? 12:12:56 the 'spiritual successor' heh 12:13:47 thanks again, Remilia and crest :) bye! 12:15:32 there is nothing wrong with using (onetime) randomized MAC address with SLAAC to get a stable hostid for a server 12:17:02 this way your address isn't tied to the NIC e.g. if the hardware dies and you restore from backups to new hardware 12:17:23 crest: that would be a matter of setting a custom MAC to the device on boot, right? 12:19:31 yes 12:20:26 the Windows IPv6 stack uses DUIDs to build SLAAC addresses 12:20:28 of course this doesn't prevent someone from tracking the lower 64 bit of the EUI-64 derived IPv6 address across networks e.g. online add companies tracking a laptop 12:20:41 but for a servers that's not a problem 12:21:00 (and also insists on using privacy extensions) 12:21:44 for systems that shouldn't expose a stable host id in outgoing connections set the net.inet6.ip6.use_tempaddr and net.inet6.ip6.prefer_tempaddr sysctls from 0 to 1 12:28:46 cool, i'll read up on what that does 12:43:44 Macer: tangentially related https://nondeterministic.computer/@mjg59/111504383320657948 12:43:46 Title: Matthew Garrett: "the cpu is very tired. it is eepy. the cpu has ha…" - Nondeterministic Computer 12:44:32 LOL 12:45:08 in my case it isn't 'racing' to an idle state. haha 12:45:21 which is why I said tangentially 12:48:12 hello! Newbie here. I have freebsd running on cpu with 4 cores (4 threads). When I run "top" what does the "system %" means? Is it capped at 100%, or at 400% ? 12:49:06 the CPU line is 100% for all CPUs together 12:49:29 the CPU column in the process list is for separate CPUs 12:49:48 you can see it in the line for idle if you run top -S 12:50:10 thanks! then I've found that my benchmark is CPU capped somewher inside the System % count. Is it possible to get more info about system processes to find out which system part is the bottleneck in my benchmark? 12:50:14 CPU: 3.0% user, 0.0% nice, 2.0% system, 0.2% interrupt, 94.8% idle 12:50:15 11 root 10 187 ki31 0B 160K CPU0 0 23.1H 950.52% idle 12:50:27 'system' is kernel 12:50:39 use top -S to see kernel threads 12:50:54 use dtrace-tools' hotkernel to trace it 12:51:24 er, dtrace-toolkit 12:51:48 you can install it with pkg or through ports, it includes the hotkernel script that will show you what the kernel is spending CPU time on 13:23:40 anyone here unbound "experts" i have this configuration: http://bsd.to/H9B5 and for the live of me it will NOT let me do harley.home for ssh no matter what i do.. i have a feeling tehre is "something" wrong but can nto "see it" 13:23:40 Title: dpaste/H9B5 (Plain Text) 13:31:06 voy4g3r2: why do you need a record for the loopback address? 13:31:32 this does not seem to make much sense to me, just use localhost 13:31:50 and you do not need that PTR too 13:31:54 you have /etc/hosts 13:34:48 ... stupid redhat network manager overwrote it's root given /etc/resolv.conf yesterday. 13:34:59 how dare it second guess root 13:35:06 voy4g3r2: can you elaborate on what you are trying to do? there is no reason to use unbound's local-data for loopback, /etc/hosts is a better option 13:38:26 i want to be able to have each of the host names in the small network can be referenced by hostname so like ssh johngalt.home 13:38:42 i want to add other ip address / hostnames and was just testing out the localhost.. to see if it works 13:41:02 voy4g3r2: is this unbound running on your router? 13:41:41 and are you editing /usr/local/etc/unbound/unbound.conf? 13:42:09 this is on a machine, yes i am 13:42:34 it was suggested to openwrt my router but i can noit right now as i work from home 13:42:46 so i figure i try this out first then see other options.. after i get it working here 13:43:01 eoli3n: what crest said is right, except it's the other way around. you need to add additional lines to bastille.conf (look at the sample/default file they provide) and use the interface macro you defined in pf.conf on the appropriate line in bastille.conf 13:44:08 voy4g3r2: there are several things to consider 13:44:55 you need to be sure you have unbound installed from ports/packages and you should disable local_unbound 13:45:10 unless you are experimenting with local_unbound 13:45:42 FreeBSD base system comes with unbound set up in a certain way to be your local resolver, and I do not recommend changing that configuration 13:45:57 (in /etc/unbound) 13:46:21 you can add stuff like local-data in there in the dedicated files 13:46:34 but anything related to interfaces etc. is best left untouched 13:46:41 if you need customisation, use the package/port 13:49:48 pf.conf gurus, is there such a thing as `rdr pass quick ...` or do I need 2 separate rules 13:50:19 dch: what are you trying to do? 13:50:31 there is no 'rdr pass' 13:50:58 if you want to limit redirect to certain hosts you can use the usual syntax 13:51:04 Remilia: `rdr pass` is a thing, its in man page, and grammar 13:51:15 rdr pass on $ext_if proto tcp from any to any port 80 -> 127.0.0.1 port 8080 13:51:17 is legit 13:51:23 but I would prefer pass quick 13:51:36 atm I can only do this with 2 rules, in different places 13:51:38 I never used pass in my configuration 13:51:42 hmm 13:52:02 the pf.conf is long, and the gap makes this very confusing and easy to forget that these 2 rules are related 13:52:13 hence `rdr pass quick ...` would be better 13:52:17 what is the other rule? 13:53:25 oh, found it, rdr pass skips firewall, guess that is why I never used it 13:59:05 Remilia: okay, i will start over.. i just used tutorials which may have burned me.. but thanks 13:59:44 voy4g3r2: your syntax seems correct but you need to consider your local configuration 14:00:15 I feel like you may be configuring the package/port but your requests are hitting the local_unbound that listens on localhost only 14:00:18 yeah, i had a toss up.. use unbound or dnsmasq.. i picked unbound as "looked" easier 14:00:26 it is easy 14:00:47 check `sockstat -4l` for port 53 14:01:13 do you see unbound there? if yes, which address is it bound to? are there two? 14:01:37 the package will default to all interfaces iirc, so *:53 14:01:56 unbound local-unbo 578 5 udp4 127.0.0.1:53 *:* 14:02:03 ^ this one is /etc/unbound 14:02:32 and check /etc/resolv.conf nameserver lines 14:07:24 voy4g3r2: btw you do not need local-zone 14:07:56 for example, I do not have any local-zone lines, just local-data: "_vlmcs._tcp.lan. IN SRV 0 0 1688 kms.hinamizawa.loc." and it works just fine 14:08:28 only reason you might want local-zone is for SOA requests I guess?.. 14:08:46 # If you configure local-data without specifying local-zone, by # default a transparent local-zone is created for the data. 15:07:36 anyone here that have been upgrading to 14.0 ? 15:07:53 many of us 15:08:06 n30: I did. 15:11:49 all done, just a few stray jails remain 15:15:37 I hope you do not hit the issue I got with it 15:15:50 and if you do, I hope you have more than 3 cores/CPUs 15:16:10 did it work fine ? 15:16:35 i have 2 x 6core 15:35:57 Remilia: what was the issue you ran into ? with jails or with zfs ? 15:36:09 with vnlru 15:36:25 vnlru ? 15:38:05 vnlru. 15:50:09 what's vnlru ? 16:03:38 mns: I think you can find the explanation via a google search because I am not confident I can describe it well 16:29:18 is it expected that "freebsd-version -kru" not all match after some patches? e.g., 14.0 p1? 16:43:57 markmcb: yes that is expected 16:48:34 Specifically, there can be a kernel-userland mismatch if only one was affected by the patch. 16:52:12 Remilia: you didn't figure it out? 16:59:38 thanks for the clarification 17:34:10 yuripv: nope 17:34:49 I updated to 14.0p1 today just in case, to avoid suggestions to update should I report this somewhere 17:38:47 yuripv: I feel like vfs.vnode.stats.count: 372745 is a lot 17:39:02 and it just keeps growing 17:39:15 probably best reported on stable@? 17:40:00 still trying to convince myself it is not a user error haha 17:40:42 also this is -RELEASE, not -STABLE, I am using freebsd-update 17:43:55 well, there's no shame in asking something that will turn out to be a user error, at least answers could provide some hints allowing you to understand that :D (or find out real issue) 17:44:22 Remilia: stable@ is for releases too 17:44:54 I guess I will try that, much better than posting to bugzilla 17:45:28 for stable@ there is a bigger chance it will get ignored which would take the weight off my shoulders too 18:03:06 Hi, I am trying to install freebsd 13.2 with some space left for other use. How can I create a default ZFS hierarchy, is there a script for this? or is https://forums.freebsd.org/threads/boot-environment-and-filesystem-hierarchy.83364/#post-547012 correct? I noted that zfsboot seems contains some code, but I failed to make it skipping earlier steps. 18:03:07 Title: ZFS - Boot environment and filesystem hierarchy | The FreeBSD Forums 18:09:58 OstCollector, That looks ok from here. 18:11:08 parv, thank you! 18:13:50 i wonder what PR#275447 is... listed as a dependency of the 14.0 EN tracking bug https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275215 but presumably a security issue wouldn't be an EN 18:13:52 Bug Access Denied https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275447 18:13:54 Title: 275215 – (14.0-erratas) tracking bug for 14.0 errata 18:16:13 I would assume anything assigned to secteam@ in bugzilla would start out hidden, for rather obvious reasons. 18:44:25 * _xor needs to hurry up and setup his Matrix server so he can use irc from there instead 18:44:43 <_xor> kevans: Link to that issue regarding pkg signing? 18:44:50 <_xor> er, pkg-repo signing. 18:47:07 <_xor> kevans: Let me know if there's a new link for that or any other updates. I'm currently running pkg-repo over NFS to get around the 13.x/14.x issue. Can look into it further, but wouldn't mind getting an update on current status before I do. 18:59:40 _xor: not sure there is one 19:00:59 <_xor> All righty. Where did we leave off again? You said something about a file descriptor being rewound as being the "fix" for incompatible signature? 19:01:25 <_xor> I'd check my chat history, but not sure how best to do that with this client and I'll be moving to a new one anyway. 19:12:53 _xor: yeah, but the version you have should already do that 19:13:37 <_xor> Right, that's what I thought. I remember seeing the link you sent. I figured I'd look into it on my side and see what's going on. 19:14:12 <_xor> Cool, will dig into it later today. Gotta run some errands right now. Will let you know if I find anything useful. 19:18:34 this might be off topic (is there a better place to ask?) but has anyone had success using 4x unbuffered ECC DIMMs in an AM4 motherboard? i'd like to add some more memory to our ZFS fileserver, but i've heard AM4 has some issues using 4 DIMMs in general... not sure if that's specific to memory overclocking though 19:23:45 So there's the OpenBSD dhclient in base, plus I have the isc-dhclient installed from ports. . . 19:23:54 How do I specify which manpage I'm looking at? 19:24:29 unixwitch, #hardware likely has people who've argued every point of that. 19:27:28 CrtxReavr: thanks 19:40:52 CrtxReavr, As a first guess, specify "man -a dhclient" and it will walk through all of the available man pages of that name. 19:42:47 CrtxReavr, For more control you can force one or the other using manpath. "man -M /usr/share/man dhclient" would force the one in base instead of the one earlier in manpath from ports. 19:44:38 rwp, thanks. 19:44:57 I was looking at 'man man' but it was like drinking from the firehose. 19:46:38 I was looking for an example of something that I would have installed that appears both places. I found only pkg so far. 19:47:31 For the example of pkg the one in base is "man 7 pkg" and the one in ports is "man 8 pkg" which I am sure was carefully crafted to make it possible to differentiate. 19:49:21 Another way is that if you know the full file path then man can read that file path directly. So for example if I know the full path because I used "find" to find it then I can do this example "man /usr/obj/usr/src/amd64.amd64/usr.sbin/pkg/pkg.7.gz" and look at the man page from that location, which is a locally compiled one. 19:49:56 And that works for "man /usr/share/man/man7/pkg.7.gz" too. 20:07:54 whoever made the fix for 3d rendering that got into the official pkg repos today: THANK YOU – this fixed an issue which made blender entirely unusable on my machine for months. <3 20:09:25 might've been the last update to mesa-libs, not entirely sure. i'm just super grateful it works now. 20:24:22 CrtxReavr: apropos dhclient, then choose the section 20:25:07 though I guess if they are in the same section, you have to -a 20:25:48 ``man -M /usr/local/man dhclient`` seems to get me there. 20:26:09 I forget where I encountered it but there was something that had diffrent man sections for installed over base software 20:28:11 CrtxReavr, Check "manpath", run that, it should report to you your current man search path. Isn't /usr/local/share/man first? 20:29:00 Oh! You said /usr/local/man not /usr/local/share/man my bad. I misread it. 21:12:58 <_xor> There's a TUI app that helps browse man pages. Need to find that and make a port for it.