00:46:30 adonis: what is interrupting? 00:46:47 vmstat -i )ODOD 01:33:26 Hi everyone! I am little worried with FreeBSD/ZFS. I have a server which used btrfs (openSUSE) for 5 years. Six months ago we decided to switch to FreeBSD/ZFS. Today, we have a power outage and the system became unbootable. After login as single user, I saw that every time a zpool is imported, a kernel panic occurs with the message: panic: Solaris(panic): zfs: adding existent segment to range 01:33:27 tree. 01:34:19 Ronis_BR really bad timing. i haven't had any problems with freebsd or zfs i think ever. fwiw after i set up hardware i do a power plug pull test and stuff like that so if it's going to fail hopefully it's asap 01:34:25 which freebsd version? 01:34:29 I did not have time to debug, because it is a mission critic machine. I destroyed the ZFS pool, recreate and copied the backup. My question is: what is this problem? Is it something I need to worry about? Is ZFS not good for systems that have power outage? 01:34:38 polyex: 13.2-RELEASE 01:35:07 that really shouldn't happen. can you bring up another machine for production use so you can debug the original machine? 01:35:14 polyex: I found some people mentioning the same problem (mostly on openZFS), but I could not find an easy fix 01:35:41 polyex: I solved by booting in single user, destroying the pool, and rebuilding. It is working perfectly now. 01:36:05 polyex: my concern is about the problem itself. In 5 years (and a lot of power outages), I had no corruption previously. 01:36:31 rtpprio: I see a lot of xen_et0:c(0,1,2,3,4,5,6,7) lines 01:36:35 The pool that got corrupted is the one I store bastille jails and bhyve vms. So, restoring was pretty easy 01:39:16 rtprio: https://i.imgur.com/sHDhhwC.png 01:50:45 60% does seem lik a lot 01:51:21 rtprio: can you see the screenshot? 01:51:37 yes, but i don't have any further advice for you 01:52:00 I mean from that I gather the virtualized cpus from my xen host are generating high interrupts? 01:52:16 I have FreeBSD is running as a guest on xcp-ng.. 01:52:41 yes, that's what i gather also 01:53:11 would changing the event timer do anything? 01:53:28 I have this: kern.eventtimer.choice: XENTIMER(950) LAPIC(100) i8254(100) RTC(0) 01:53:47 and XENTIMER is the chosen one 01:56:07 whats interesting is I have another FreeBSD vm running, but normal interrupts.. 01:58:18 the normal interrupt one is on 13.2, high interrupt one on 14.0 02:12:40 Hi! Why freebsd-update is not upgrade the kernel to 13.2-RELEASE-p9? 02:12:46 what am I doing wrong? 02:13:58 -p9 probably didn't touch the kernel 02:14:16 that part of the version report only gets bumped if it actualy changed 02:14:19 actually 02:14:33 and kmods don't count, so if only kmods changed you wouldn't see a higher kernel version 02:16:05 kevans: ah, thanks! So the message "No updates needed to update system to 13.2-RELEASE-p9." means I am in the latest 13.2 release right? 02:16:27 correct 02:18:33 thanks! 02:24:27 so I have two virtual drives that devd keeps complaining about (Dell iDRAC virtual floppy disk and virtual CDROM). I'm a little unsure how to configure devd to ignore media read errors from those virtual drives (da0 and cd0, respectively). 02:25:06 anyone have any ideas on how to quiet devd for those two devices? 02:26:06 anyone running postfix should check this out. https://www.postfix.org/smtp-smuggling.html email spoofing attack that will pass SPF-based DMARC checks 02:26:07 Title: SMTP Smuggling 02:28:56 why should we hostid_enable? it says it sets a uuid for the host but why do we want that? 02:31:18 I recall there being a document where you can do an automated install by uncompressing the ISO image, updating/modifying something, then reISO'ing it and installing. 02:35:11 polyex: iirc nfs and zfs might use it, but also these days we might use it to try and generate a stable MAC for some network interfaces that don't otherwise have a reasonable MAC 02:36:25 seems kinda vague. can't that be used to uniquely track freebsd installs? 02:37:15 how so? 02:37:57 well zfs might use it, so is it safe to leave disabled or not? it documented? 02:39:23 afaik the zfs use (if it's the one I'm thinking of) isn't really that critical 02:39:38 it's mainly to tell if we're trying to import it on a different host without having exported it elsewhere 02:39:45 it = the pool 02:40:22 hostid is usually from smbios information, so it's a reasonable-ish identifier of the hardware 02:42:49 polyex: how would you use it to track the machine? it is used by NFSv4 (which will break if you don't have a hostid set) but you don't usually mount NFS filesystems from random hostile machines that want to track you 02:45:11 well if the hostid file is set, then if the system is hacked that id can be tracked over time 02:45:11 and in-fact they're more likely to track you by some other property of that interaction 02:45:57 polyex: but you could also do that with the MAC address, or the system serial number (from SMBIOS), or just by the hacker creating their own hostid file somewhere 02:46:35 it's not clear where the follow-up tracking is coming from, or how their entry into the system still being present isn't also a good tracker of some sort 02:47:38 ok what about this, what if some common util is hacked in supply chain attack and now a bunch of systems that run it are exfiltrating data AND the hostid so it can be correlated further later 02:47:55 a big part of spying is leaking enough identifiable info to uniquely id systems over time 02:48:35 polyex: but that's not unique to hostid. you can do that with the system serial number, or the MAC address, or various other unique identifiers (disk serial number, for example)... having a hostid doesn't open up any additional issues here, it's impossible (in any practical sense) to make a system untrackable by someone who has root access 02:51:19 do you need root access to access hostid? 02:51:45 maybe you change mac address but then if hostid didn't also change there's correlation no? 02:51:52 you don't need root access for any of the other stuff either 02:52:41 smbios information gets carried through to kenv, which is accessible (probably on linux as well) 02:52:55 mac address, of course 02:53:05 but this problem's getting a bit too abstract for my taste... later 03:00:50 ok, so I just updated the FreeBSD 13.2 VM to 14.0 and now, voila, high INTR's again. So it seems its tied to the upgrade 04:29:30 bummer 04:29:37 ? 04:30:55 the high interupts 05:27:27 ?quit 09:26:09 <_xor> Yeah, my bad. Re-doing the subnets and IPs on my network and rebooting machines, including my main router. Causing connection resets all night, hence the constant leaves/joins since it auto-reconnects. 09:26:24 <_xor> Need to figure out what's going on with pf, or better yet, switch to ipfw sooner rather than later. 11:36:39 Trying to configure CPU values for my bhyve VMs but I'm totally stucked; could someone please kindly quickly explain difference between "cpu=", "socket=", "cpu_cores=" and "cpu_threads="? I'm truly confused with all those values. 11:36:51 For instance, having a dedicated host machine with a CPU: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz (4 cores - 8 threads), does that mean, none of my VMs could go more than 4 cores and/or 8 threads? If so, it seems I can only create just few VMs according to my physical host machine's CPU limitation? 11:42:07 tercaL: in 99% of cases you just want to set cpus=N, where N is the maximum number of cores the guest should be able to use. the other options are for complex topologies which aren't usually necessary 11:45:15 in your case i think hw.vmm.maxcpu will default to 8, so N can be up to 8. you may be able to raise that in loader.conf, but having more virtual CPUs than physical cores (or HT threads) is rarely useful 11:45:33 unixwitch: Oh, thanks a lot! So for instance, setting cpu="4" for a VM, would take all the cores of my physical CPU from the host machine, right? Then, wouldn't it practically be horrible to have even one more VM with 4 or less cores? 11:45:49 hw.vmm.maxcpu: 8 11:46:03 tercaL: no, the cores are shared between the host and all the VMs, it doesn't take any cores away from the host 12:32:10 Is it a known issue that FreeBSD man page references are broken in web view? For example: https://man.freebsd.org/cgi/man.cgi?pthread_create 12:32:11 Title: pthread_create 12:33:12 It looks like it is not parsing man page names correclty - it is erroneously taking '_' as a delimiter. 13:36:43 is x.x.x.x/29 a block? is x.x.x.x/32 (ipv4) a block since it's just 1 address? 13:53:54 Hi! Yesterday I had a Kernel Panic every time I imported a zpool. The message was: Solaris(panic): zfs: "adding existent segment to range tree". I am a little worried because I found many similar reports without a clear way to solve it. In my case, I formatted the zpool and copied the backup, but I really want to know what was the possible cause. The problem started after a power outage. Is ZFS 13:53:56 reliable under those conditions? 13:59:05 polyex: "block" isn't really a technical term, so it can mean whatever you want, but colloquially i wouldn't call a /32 a block. 13:59:19 ok ty! 14:01:24 (except in IPv6, of course, where a /32 is a rather large prefix typically assigned to an ISP) 14:46:07 anyone familiar with ipfilter? 14:57:26 So. . . in my rc.conf I have: https://termbin.com/pg99 14:57:59 But I'm getting this error: Configuring vt: blanktime screensaverkldload: can't load /boot/kernel/daemon_saver.ko_saver: No such file or directory 14:58:09 I'm not sure what's happening to the filename. 14:58:34 Where's the extra '_saver' suffix coming from? 14:59:13 this is my ipf.rules and ipnat.conf https://vlepy.com/~wsky/ipf.rules 14:59:24 why am i getting no internet access on the cvlients? 14:59:53 clients 15:00:03 CrtxReavr: rc.conf(5) suggests it should just be the base name, as in 'saver=daemon' 15:01:31 Yeah - I was just looking at a forums post - gonna try it. 15:02:29 unixwitch any clues? 15:02:46 Still an odd error, given that. 15:04:02 mane: i haven't used ipf for about 20 years, sorry 15:04:11 X)) 15:04:21 mane, one of FreeBSD's. . . features. . . 15:05:06 Is that it has three different firewalls in base. . . so if most people have worked with one of the, it's usually only one. 15:05:07 unixwitch ok so this is my pf.conf, works.. but, i get slow throughput https://vlepy.com/~wsky/pf.conf 15:05:08 CrtxReavr: the error comes from /etc/rc.d/syscons where it effectively does "kldload ${saver}_saver"... so if $saver is /boot/kernel/daemon_saver.ko you end up with /boot/kernel/daemon_saver.ko_saver 15:05:37 Well, there we go then. . . thanks. 15:06:20 /etc/defaults/rc.conf could use a more concise comment to that effect. 15:07:54 Though. . . my kvm and/or the USB mouse on the kvm keeps generateing kernel messages, so the daemon saver will probably never kick in. 15:09:09 https://termbin.com/hdig 15:16:57 mane: how slow? and what hardware (CPU, network cards)? 15:17:22 i get 20mbit down mx 15:17:24 max 15:17:33 this is a ramnode vps, 2 cores, 1GB ram 15:17:42 debian worked perfectly well on it 15:18:00 [ 6] 0.00-10.00 sec 34.2 MBytes 28.7 Mbits/sec sender 15:18:00 [ 6] 0.00-10.07 sec 34.1 MBytes 28.4 Mbits/sec receiver 15:18:09 this is what i get with ipperf over vopn 15:18:26 so it's the firewall fault 15:18:46 unixwitch please look into my https://vlepy.com/~wsky/pf.conf 15:18:55 maybe you'll tell me what's wrong 15:19:03 what performance do you get with the firewall disabled? 15:19:28 clients max the connection out without nat 15:21:25 and what is CPU use (kernel, and user if you're running some sort of userland vpn) during the test? 15:22:04 cpu is chilling 15:22:21 this vps ran fine on debian 15:24:32 i don't see anything there that looks particularly wrong (although keep state is redundant in pf), perhaps someone on freebsd-net or the forum would know 15:25:21 ok 15:25:47 thanks 15:29:03 can a wireguard endpoint specify multiple ips? or only 1 17:23:15 anyone? https://forums.freebsd.org/threads/slow-nat-throughput.91614/ 17:23:18 Title: Slow NAT throughput | The FreeBSD Forums 17:44:26 hi, i'm running FreeBSD 13.2 and when running screen i have an issue where if i open 3 or 4 "windows" i get a "No more PTYS" error and it won't let me create any more windows, is there a known fix for this? what causes it? 17:45:34 i checked rctl and i don't have a limit set on psudoterminals that i can see 18:19:42 Hello, I am trying to build port www/caddy & www/caddy-custom, but both fail with go checksum errors. I am just using make install. Is there anything I should be aware of when installing go ports? 19:27:05 I can say that xcaddy (from pkg) has bad no problem building caddy for me 19:33:27 trying to build www/gohugo I also get errors like this: `go: zip: checksum error`... So it seems to be something with go ports in general. Anyone knows what might be going wrong? 19:36:49 CamilleSch: Is that for downloading the source(s)? 19:46:04 I think so, this is how running make looks for www/caddy: https://bsd.to/BZT3 19:46:05 Title: dpaste/BZT3 (Plain Text) 19:56:43 CamilleSch: so it sounds like the checksum of what you get when you download the source(s) doesn't match with the checksum stored by ports 19:57:53 Yeah, but why though? This happens for every go port... 20:18:17 CamilleSch: there's plenty of possibilities, I would try downloading the file manually and checking the checksum manually as well, then if it's good, at least you can just use that to build the port 20:37:06 CamilleSch: it happened often for me when using a specific ISP and I never found out why, but your downloads likely get corrupted somewhere; I worked around this by using a proxy server 20:38:49 upon closer inspection it seems to not be a ports problem but rather go in general, running go myself returns the same error 20:39:08 ill try that, thanks Remilia 20:39:23 go's fetching is unstable like that :( 20:40:32 CamilleSch: find `export HTTP_PROXY=` in your poudriere.conf and specify the proxy server there 20:53:22 That worked 20:53:25 Absolutely crazy 21:00:03 CamilleSch: go fetching is weird, it goes through some sort of a bouncer thing (as you can see in the log) and breaks occasionally, no idea why 21:00:41 I actually spoke too soon, I ran the command accidentally on my other VPS running linux, there it worked, still getting the same errors on freebsd 😅 21:01:12 maybe it is not using the proxy, who knows 21:04:28 CamilleSch: actually you could do a quick test: fetch https://proxy.golang.org/github.com/aws/aws-sdk-go/@v/v1.45.12.zip and https://github.com/aws/aws-sdk-go/archive/refs/tags/v1.45.12.zip and compare checksums 21:04:35 from the freebsd system 21:05:12 hmm they differ for me 21:05:28 I wonder if the github URL needs to be different 21:05:49 yeah disregard that 21:06:14 proxy.golang seems to be doing Things 21:07:55 CamilleSch: oh. try adding `export GOPROXY=direct` in your poudriere.conf just to check if that helps 21:08:09 unsure if that will propagate 21:08:30 or if you are using ports directly just export it in shell 21:09:26 https://go.dev/ref/mod#environment-variables this is the worst approach to formatting ever 21:09:27 Title: Go Modules Reference - The Go Programming Language 21:09:43 meena: check this out, they align variable names vertically 21:10:00 centred 21:39:25 Does anyone if Apache Airflow can be used without dramas in FreeBSD? 21:39:31 know* 21:55:39 usk… it's written in python, so I'm guessing: maybe? 21:57:32 my computer got frozen when trying to do an install 21:57:37 uskerine: it's written in python, so I'm guessing: maybe? 21:59:58 I tried to install with pip-3.9 using --user inside a jail and my desktop got frozen 22:25:35 hello there, I'm planning on experimenting with ntopng https://www.ntop.org/guides/ntopng/what_is_ntopng.html , as this is installing a lot of stuff I was wondering if there were a way to monitor my host's public interface from within a jail ? 22:25:36 Title: What is ntopng — ntopng 6.1 documentation 23:14:53 perhaps if you bridge your two interfaces... or not. The ntop one needs to listen to all traffic. 23:19:34 letting the jail snoop on the host's traffic sounds a bit questionable :-) 23:22:13 I was thinking about netgraph 23:22:45 does anyone know how/if in kdb you can list the devices? 23:23:04 but making a netgraph bridge on my public interface feels risky 23:25:28 fikran: show cdev looks like a starting point? 23:43:22 RhodiumToad: Undefined show command: "cdev". Try "help show". 23:43:31 Its odd, a lot of commands don't seem to work...even ones in the help 23:45:39 what happened when you tried? 23:45:50 and what version? 23:47:18 oh, are you confusing kdb and kgdb? 23:47:24 possibly... 23:47:36 I am using kgdb to connect to kdb...I actually don't fully understand the difference 23:48:17 you're debugging a vm or a remote host on a serial link? 23:48:26 yes. 23:48:36 I got the connection working (yay!) 23:48:47 Both the debugger and the target are FreeBSD VMs 23:48:55 ok, so you use the kgdb commands, not the kdb/ddb ones 23:49:42 What would that be? :) Ive been searching both terms on Google (granted, I also didn't know that they were to be treated separately) 23:52:09 a reference to be started would also be nice. I'm sorry to ask so explicitly for you to do my homework. 23:55:13 have you seen man 4 gdb ? 23:56:26 not yet, I am getting kdb, kgdb and gdb and ddb mixed up... 23:56:50 I don't see any convenience commands for devices. what ddb does is to chase the linked list from bus_data_devices