adonis: what is interrupting?

vmstat -i )ODOD

Hi everyone! I am little worried with FreeBSD/ZFS. I have a server which used btrfs (openSUSE) for 5 years. Six months ago we decided to switch to FreeBSD/ZFS. Today, we have a power outage and the system became unbootable. After login as single user, I saw that every time a zpool is imported, a kernel panic occurs with the message: panic: Solaris(panic): zfs: adding existent segment to range

tree.

Ronis_BR really bad timing. i haven't had any problems with freebsd or zfs i think ever. fwiw after i set up hardware i do a power plug pull test and stuff like that so if it's going to fail hopefully it's asap

which freebsd version?

I did not have time to debug, because it is a mission critic machine. I destroyed the ZFS pool, recreate and copied the backup. My question is: what is this problem? Is it something I need to worry about? Is ZFS not good for systems that have power outage?

polyex: 13.2-RELEASE

that really shouldn't happen. can you bring up another machine for production use so you can debug the original machine?

polyex: I found some people mentioning the same problem (mostly on openZFS), but I could not find an easy fix

polyex: I solved by booting in single user, destroying the pool, and rebuilding. It is working perfectly now.

polyex: my concern is about the problem itself. In 5 years (and a lot of power outages), I had no corruption previously.

rtpprio: I see a lot of xen_et0:c(0,1,2,3,4,5,6,7) lines

The pool that got corrupted is the one I store bastille jails and bhyve vms. So, restoring was pretty easy

rtprio: i.imgur.com/sHDhhwC.png

60% does seem lik a lot

rtprio: can you see the screenshot?

yes, but i don't have any further advice for you

I mean from that I gather the virtualized cpus from my xen host are generating high interrupts?

I have FreeBSD is running as a guest on xcp-ng..

yes, that's what i gather also

would changing the event timer do anything?

I have this: kern.eventtimer.choice: XENTIMER(950) LAPIC(100) i8254(100) RTC(0)

and XENTIMER is the chosen one

whats interesting is I have another FreeBSD vm running, but normal interrupts..

the normal interrupt one is on 13.2, high interrupt one on 14.0

Hi! Why freebsd-update is not upgrade the kernel to 13.2-RELEASE-p9?

what am I doing wrong?

-p9 probably didn't touch the kernel

that part of the version report only gets bumped if it actualy changed

actually

and kmods don't count, so if only kmods changed you wouldn't see a higher kernel version

kevans: ah, thanks! So the message "No updates needed to update system to 13.2-RELEASE-p9." means I am in the latest 13.2 release right?

correct

thanks!

so I have two virtual drives that devd keeps complaining about (Dell iDRAC virtual floppy disk and virtual CDROM). I'm a little unsure how to configure devd to ignore media read errors from those virtual drives (da0 and cd0, respectively).

anyone have any ideas on how to quiet devd for those two devices?

anyone running postfix should check this out. postfix.org/smtp-smuggling.html email spoofing attack that will pass SPF-based DMARC checks

Title: SMTP Smuggling

why should we hostid_enable? it says it sets a uuid for the host but why do we want that?

I recall there being a document where you can do an automated install by uncompressing the ISO image, updating/modifying something, then reISO'ing it and installing.

polyex: iirc nfs and zfs might use it, but also these days we might use it to try and generate a stable MAC for some network interfaces that don't otherwise have a reasonable MAC

seems kinda vague. can't that be used to uniquely track freebsd installs?

how so?

well zfs might use it, so is it safe to leave disabled or not? it documented?

afaik the zfs use (if it's the one I'm thinking of) isn't really that critical

it's mainly to tell if we're trying to import it on a different host without having exported it elsewhere

it = the pool

hostid is usually from smbios information, so it's a reasonable-ish identifier of the hardware

polyex: how would you use it to track the machine? it is used by NFSv4 (which will break if you don't have a hostid set) but you don't usually mount NFS filesystems from random hostile machines that want to track you

well if the hostid file is set, then if the system is hacked that id can be tracked over time

and in-fact they're more likely to track you by some other property of that interaction

polyex: but you could also do that with the MAC address, or the system serial number (from SMBIOS), or just by the hacker creating their own hostid file somewhere

it's not clear where the follow-up tracking is coming from, or how their entry into the system still being present isn't also a good tracker of some sort

ok what about this, what if some common util is hacked in supply chain attack and now a bunch of systems that run it are exfiltrating data AND the hostid so it can be correlated further later

a big part of spying is leaking enough identifiable info to uniquely id systems over time

polyex: but that's not unique to hostid. you can do that with the system serial number, or the MAC address, or various other unique identifiers (disk serial number, for example)... having a hostid doesn't open up any additional issues here, it's impossible (in any practical sense) to make a system untrackable by someone who has root access

do you need root access to access hostid?

maybe you change mac address but then if hostid didn't also change there's correlation no?

you don't need root access for any of the other stuff either

smbios information gets carried through to kenv, which is accessible (probably on linux as well)

mac address, of course

but this problem's getting a bit too abstract for my taste... later

ok, so I just updated the FreeBSD 13.2 VM to 14.0 and now, voila, high INTR's again. So it seems its tied to the upgrade

bummer

?

the high interupts

?quit

Yeah, my bad. Re-doing the subnets and IPs on my network and rebooting machines, including my main router. Causing connection resets all night, hence the constant leaves/joins since it auto-reconnects.

Need to figure out what's going on with pf, or better yet, switch to ipfw sooner rather than later.

Trying to configure CPU values for my bhyve VMs but I'm totally stucked; could someone please kindly quickly explain difference between "cpu=", "socket=", "cpu_cores=" and "cpu_threads="? I'm truly confused with all those values.

For instance, having a dedicated host machine with a CPU: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz (4 cores - 8 threads), does that mean, none of my VMs could go more than 4 cores and/or 8 threads? If so, it seems I can only create just few VMs according to my physical host machine's CPU limitation?

tercaL: in 99% of cases you just want to set cpus=N, where N is the maximum number of cores the guest should be able to use. the other options are for complex topologies which aren't usually necessary

in your case i think hw.vmm.maxcpu will default to 8, so N can be up to 8. you may be able to raise that in loader.conf, but having more virtual CPUs than physical cores (or HT threads) is rarely useful

unixwitch: Oh, thanks a lot! So for instance, setting cpu="4" for a VM, would take all the cores of my physical CPU from the host machine, right? Then, wouldn't it practically be horrible to have even one more VM with 4 or less cores?

hw.vmm.maxcpu: 8

tercaL: no, the cores are shared between the host and all the VMs, it doesn't take any cores away from the host

Is it a known issue that FreeBSD man page references are broken in web view? For example: man.freebsd.org/cgi/man.cgi?pthread_create

Title: pthread_create

It looks like it is not parsing man page names correclty - it is erroneously taking '_' as a delimiter.

is x.x.x.x/29 a block? is x.x.x.x/32 (ipv4) a block since it's just 1 address?

Hi! Yesterday I had a Kernel Panic every time I imported a zpool. The message was: Solaris(panic): zfs: "adding existent segment to range tree". I am a little worried because I found many similar reports without a clear way to solve it. In my case, I formatted the zpool and copied the backup, but I really want to know what was the possible cause. The problem started after a power outage. Is ZFS

reliable under those conditions?

polyex: "block" isn't really a technical term, so it can mean whatever you want, but colloquially i wouldn't call a /32 a block.

ok ty!

(except in IPv6, of course, where a /32 is a rather large prefix typically assigned to an ISP)

anyone familiar with ipfilter?

So. . . in my rc.conf I have: termbin.com/pg99

But I'm getting this error: Configuring vt: blanktime screensaverkldload: can't load /boot/kernel/daemon_saver.ko_saver: No such file or directory

I'm not sure what's happening to the filename.

Where's the extra '_saver' suffix coming from?

this is my ipf.rules and ipnat.conf vlepy.com/~wsky/ipf.rules

why am i getting no internet access on the cvlients?

clients

CrtxReavr: rc.conf(5) suggests it should just be the base name, as in 'saver=daemon'

Yeah - I was just looking at a forums post - gonna try it.

unixwitch any clues?

Still an odd error, given that.

mane: i haven't used ipf for about 20 years, sorry

X))

mane, one of FreeBSD's. . . features. . .

Is that it has three different firewalls in base. . . so if most people have worked with one of the, it's usually only one.

unixwitch ok so this is my pf.conf, works.. but, i get slow throughput vlepy.com/~wsky/pf.conf

CrtxReavr: the error comes from /etc/rc.d/syscons where it effectively does "kldload ${saver}_saver"... so if $saver is /boot/kernel/daemon_saver.ko you end up with /boot/kernel/daemon_saver.ko_saver

Well, there we go then. . . thanks.

/etc/defaults/rc.conf could use a more concise comment to that effect.

Though. . . my kvm and/or the USB mouse on the kvm keeps generateing kernel messages, so the daemon saver will probably never kick in.

mane: how slow? and what hardware (CPU, network cards)?

i get 20mbit down mx

max

this is a ramnode vps, 2 cores, 1GB ram

debian worked perfectly well on it

[ 6] 0.00-10.00 sec 34.2 MBytes 28.7 Mbits/sec sender

[ 6] 0.00-10.07 sec 34.1 MBytes 28.4 Mbits/sec receiver

this is what i get with ipperf over vopn

so it's the firewall fault

unixwitch please look into my vlepy.com/~wsky/pf.conf

maybe you'll tell me what's wrong

what performance do you get with the firewall disabled?

clients max the connection out without nat

and what is CPU use (kernel, and user if you're running some sort of userland vpn) during the test?

cpu is chilling

this vps ran fine on debian

i don't see anything there that looks particularly wrong (although keep state is redundant in pf), perhaps someone on freebsd-net or the forum would know

ok

thanks

can a wireguard endpoint specify multiple ips? or only 1

anyone? forums.freebsd.org/threads/slow-nat-throughput.91614

Title: Slow NAT throughput | The FreeBSD Forums

hi, i'm running FreeBSD 13.2 and when running screen i have an issue where if i open 3 or 4 "windows" i get a "No more PTYS" error and it won't let me create any more windows, is there a known fix for this? what causes it?

i checked rctl and i don't have a limit set on psudoterminals that i can see

Hello, I am trying to build port www/caddy & www/caddy-custom, but both fail with go checksum errors. I am just using make install. Is there anything I should be aware of when installing go ports?

I can say that xcaddy (from pkg) has bad no problem building caddy for me

trying to build www/gohugo I also get errors like this: `go: zip: checksum error`... So it seems to be something with go ports in general. Anyone knows what might be going wrong?

CamilleSch: Is that for downloading the source(s)?

I think so, this is how running make looks for www/caddy: bsd.to/BZT3

Title: dpaste/BZT3 (Plain Text)

CamilleSch: so it sounds like the checksum of what you get when you download the source(s) doesn't match with the checksum stored by ports

Yeah, but why though? This happens for every go port...

CamilleSch: there's plenty of possibilities, I would try downloading the file manually and checking the checksum manually as well, then if it's good, at least you can just use that to build the port

CamilleSch: it happened often for me when using a specific ISP and I never found out why, but your downloads likely get corrupted somewhere; I worked around this by using a proxy server

upon closer inspection it seems to not be a ports problem but rather go in general, running go myself returns the same error

ill try that, thanks Remilia

go's fetching is unstable like that :(

CamilleSch: find `export HTTP_PROXY=` in your poudriere.conf and specify the proxy server there

That worked

Absolutely crazy

CamilleSch: go fetching is weird, it goes through some sort of a bouncer thing (as you can see in the log) and breaks occasionally, no idea why

I actually spoke too soon, I ran the command accidentally on my other VPS running linux, there it worked, still getting the same errors on freebsd 😅

maybe it is not using the proxy, who knows

CamilleSch: actually you could do a quick test: fetch proxy.golang.org/github.com/aws/aws-sdk-go/@v/v1.45.12.zip and github.com/aws/aws-sdk-go/archive/refs/tags/v1.45.12.zip and compare checksums

from the freebsd system

hmm they differ for me

I wonder if the github URL needs to be different

yeah disregard that

proxy.golang seems to be doing Things

CamilleSch: oh. try adding `export GOPROXY=direct` in your poudriere.conf just to check if that helps

unsure if that will propagate

or if you are using ports directly just export it in shell

go.dev/ref/mod#environment-variables this is the worst approach to formatting ever

Title: Go Modules Reference - The Go Programming Language

meena: check this out, they align variable names vertically

centred

Does anyone if Apache Airflow can be used without dramas in FreeBSD?

know*

usk… it's written in python, so I'm guessing: maybe?

my computer got frozen when trying to do an install

uskerine: it's written in python, so I'm guessing: maybe?

I tried to install with pip-3.9 using --user inside a jail and my desktop got frozen

hello there, I'm planning on experimenting with ntopng ntop.org/guides/ntopng/what_is_ntopng.html , as this is installing a lot of stuff I was wondering if there were a way to monitor my host's public interface from within a jail ?

Title: What is ntopng — ntopng 6.1 documentation

perhaps if you bridge your two interfaces... or not. The ntop one needs to listen to all traffic.

letting the jail snoop on the host's traffic sounds a bit questionable :-)

I was thinking about netgraph

does anyone know how/if in kdb you can list the devices?

but making a netgraph bridge on my public interface feels risky

fikran: show cdev looks like a starting point?

RhodiumToad: Undefined show command: "cdev". Try "help show".

Its odd, a lot of commands don't seem to work...even ones in the help

what happened when you tried?

and what version?

oh, are you confusing kdb and kgdb?

possibly...

I am using kgdb to connect to kdb...I actually don't fully understand the difference

you're debugging a vm or a remote host on a serial link?

yes.

I got the connection working (yay!)

Both the debugger and the target are FreeBSD VMs

ok, so you use the kgdb commands, not the kdb/ddb ones

What would that be? :) Ive been searching both terms on Google (granted, I also didn't know that they were to be treated separately)

a reference to be started would also be nice. I'm sorry to ask so explicitly for you to do my homework.

have you seen man 4 gdb ?

not yet, I am getting kdb, kgdb and gdb and ddb mixed up...

I don't see any convenience commands for devices. what ddb does is to chase the linked list from bus_data_devices