Hello all. I have a firewall/gateway/wireguard gateway at home. Suffice it to say, things are pretty complex: my ISP uses DHCPv6-PD and the prefix changes every time I reboot, but I also like to be able to full wg tunnel from my laptop on the go, so I use a he.net v6 tunnel to have a static v6 prefix. I am using pf, using rtable to a second FIB that has the he.net default route so wireguard

clients can use it. It works fine except ICMPv6 Packet too big egresses out the WAN interface instead of through the he.net gif, complete with the gif's source address. I'm at my wit's end here, any suggestions would be appreciated!

I've also tried adding a reply-to to the he.net gw on the wg tunnel ingress rule (the one with the rtable clause). This prevents it leaking out the WAN interface, but I don't see it egress anywhere.

i aspire to one day understand anything you just said. but gl solving it

Lol yeah I know, it's mind numbing to think about even for me. The shit home users are forced to do to save money.

i mean i struggle to install openwrt on a tplink or cisco router. i can't imagine configuring pf or freebsd to do the big heavy stuff like that

pf honestly is a pleasure to work with. I've been using it in this role for 20 years.

But policy-based routing is very hairy in FreeBSD

it's hairy on linux too. i don't love it anywhere

rtprio: that is interesting. I don't think I could stomach moving to iptables for this, but I was under the impression that it would be one way to get it working :|

amigan, I'm re-reading your messages. is it *all* ICMPv6 packets which egress out of the WAN, or just ones that are too big?

edenist: it is all ICMP

Echo replies too

I even put a pass out on $wan route-to (gif0 $hegw) from <henet> to any, but that doesn't work either

I haven't had any experience with wireguard. This only occurs with ICMP to/from remote clients?

Yeah, but only by virtue of them being the only ones that use a different fib

I can ping wireguard clients from the firewall or other machines on the LAN and things work fine. It's just when the ICMP is a reply to a TCP or ICMP packet coming in from an external host that would route out the WAN default route normally

It's like ICMP responses have no idea about the pf state they are attached to and do not obey its PBR

But echo replies that are not generated by the FreeBSD box are routing incorrectly too. The wg ingress state creation rule (with the rtable clause) covers tcp,udp,icmp6

ok I gotcha. geez this is painful 😕

Yeah. I feel like I had this issue before, and then I got everything working perfectly, and then it broke again

I've been using this particular topology for a year with on and off issues.

so my ThinkPad T495 arrived today, planning on using it to replace this E14 that was having issues. I'd like to avoid having to go through all of the initial install/setup of FreeBSD on this T495 since I've got a mostly set-up install already. not sure the best way to clone the install

tm512: boot live usb, ssh sourcehost dump -C64 -b64 -f - / | (cd /mnt && restore -rf -)

If you're using zfs, zfs send | zfs recv

I'm thinking from a live image, after I get a ZFS pool set up, I could do zfs send/recv, though I dunno about how to make the system bootable

I have to set up an EFI FAT32 partition and install the FreeBSD bootloader there, right?

tm512, could always go low level and take a full dump of the drive

tm512: just install a vanilla zfs boot install and then overwrite the zfs pool with the send

or at least the part of the bootloader that's a direct EFI payload

Yeah, what edenist said too

Probably easiest to just do a block-level image and resize as necessary

it's fairly brute force, but it's my go-to when I just want it to work

edenist++

assuming they both support the same boot type [legacy/efi etc]

amigan, so by the sounds of things you've got a better handle of pf than I do [my experience is largely hacked together until it works, heh.... but maybe thats for everyone? ;-) ]

presumably you have a separate rule for this wg ICMP traffic?

lmao, I think we're in the same league

not entirely sure how to resize partitions on FreeBSD. also home network is pretty slow (the old router I have only does 100Mbit) so sending a full disk image over the network would probably be quite painful. I suppose I could cut out the middle-man and directly wire the laptops together

Yes, the icmpv6 is allowed to egress

I mean doing proto {tcp,udp,icmp6} basically makes 3 rules

zfs send would send over less data though

So separate rule fo ringress too

tm512: not necessarily, if zfs has been trimming. dd conv=sparse

Unless this is HDD, then yeah maybe

tm512, if the drive is mostly empty, adding the '-C' option to the ssh/scp/zfs send will compress all those zeroes down pretty well [assuming they are zeroes and not old data]

amigan, it almost sounds like 'keep state' or something isn't being applied for those ICMP packets?

I'm not entirely convinced zfs send doesn't already do run-length encoding of zero blocks

edenist: precisely, yes

I never zeroed out the entire drive, though perhaps that was done by the seller

I haven't tested, but it sounds like something easy to do. Heck, any sort of compression on the dataset will take care of that too

I thought zfs send would just send only the data that's been allocated

tm512: unallocated and allocated but filled with zeroes are different things :)

Sparse blocks will definitely not be sent over as zeroes, but specifically talking about blocks that actually just have zeroes

But dd using conv=sparse will actually just seek if it deblocks an input block filled with zeroes. Just make sure you have bs=512

amigan: I might just end up going with the idea of installing FreeBSD normally on the T495 and then using zfs send on the E14, then doing the config changes I'll need to do since these are quite different machines

like I'll need to disable wifibox, and have it load amdgpu instead of i915

guess I also need to remove coretemp from the loaded modules

I'd kinda prefer a more direct way without having to perform a redundant install but it's probably not worth the trouble

tm512: honestly install it, install all packages, copy your etc/s, /boot/*conf, /home, done

If you really want to get dirty, just copy /var/db/pkg and all of /usr/local/

well I also did stuff with this installation like configuring it for pkgbase

though this Ryzen 5 PRO 3500U is quite a bit more powerful than the i3-10110U in this other laptop, so perhaps it'll be less painful to just keep STABLE updated the oldschool way of just building from source

is there some sort of non bypassable domain blocking software out there

thegman: dns/blocky with pf rdr pass on blah proto {tcp, udp} from any to any port 53 -> myblockyserver port 53

Just wondering, is it theoretically possible to chroot into my Linux SSD from my FreeBSD SSD? Or is rebooting between them still the only way?

but when i say non bypassable i mean something like a password protected configuration that cant be changed

only way i could think of doing it was encrypting the ssd then making /etc/hosts immutable then enabling secure mode

remiliascarlet, you can do this now with linuxjails, which effectively uses the linixulator to emulate the linux kernel.

Title: LinuxJails - FreeBSD Wiki

thing is, I wouldn't trust a production drive to this, it has R/W access and it is likely to get into a state which the actual linux kernel might not be able to handle when you try to do a native boot

edenist: I mean more like, I already have a Linux installation. The reason for that is so I can compile packages for the distro without having to reboot for this.

Just for a 20 second or so time save.

thegman, there are modules like zenarmor which use netmap to do what you [I think] are wanting to do. They support things like pfsense/opnsense but I believe also support plain freebsd installs

they are proprietary though

remiliascarlet I'd probably just setup a bhyve VM and boot it. Linixulator is built and tested around a small rather fixed config, unless you're running a rather default install of ubuntu or redhat etc, you're going to run into issues with libs and such. Only certain glibc versions are supported, last I checked.

how well does bhyve work with steam

my end goal is to migrate over to freebsd completely

I'm running CRUX Linux, which is much more BSD-like than most other distro's anyway, and very simplistic. But can take weeks to set up.

i just need some sort of nfsw site blocking thing (i have one that only works on linux) and the ability to use steam

I've never done anything requiring GPU passthrough with bhyve, but in theory it can be done. Honestly it seems better just to use wine/proton and run the windows builds on freebsd. There are a few projects which help to streamline this

id rather use proton if that works

Steam is why I chose FreeBSD over OpenBSD for my desktop. Then it turned out that FreeBSD can't run Steam at all (neither the Linux version nor the Windows version), so I keep the Linux installation for games.

i just dont know how well proton works with jails

And I ended up running all 3 of them.

it really is a shame that companies dont lift a finger to support non windows operating systems these days

Linux for gaming, FreeBSD for day job, and OpenBSD for night job.

sounds complicated

Well, I run DWM on all 3 of them, so there is some degree of uniformity between them.

linux for gaming freebsd for everything else and windows for toilet paper

FreeBSD for day job, OpenBSD for night job, and Linux for hand job (sorry, couldn't resist this joke).

im gonna assume i dont want to know what that means

Men most likely have experience with this. I can't even do hand job.

if you have the standalone installs, games on freebsd work fine with wine/proton. But yeah steam itself is an absolute dog to get running, not worth the trouble imo

I already tried to running Proton, couldn't even get it to work.

what is it about jails that dont work

missing syscalls or something

Speaking of which, does FreeBSD have support for FFS2 (OpenBSD's default filesystem)?

Currently I keep important files in sync with NFS.

Not going to lie, I'm still on Linux

thegman: Not just companies, it's pretty apparent with programming languages as well. C and Go have pretty much everyone covered, but Zig for example is pretty much Linux/Windows/Mac-only, FreeBSD support is a maybe, and OpenBSD support only exists if ported by Theo and co.

And V is like Zig, but without FreeBSD support at all, but at least it's compilable.

I'm often left wondering why Rust is becoming so well adopted, and Go is normally not even considered

Right now there is Rust going into the Linux Kernel, the Cosmic Desktop by System76 is Rust. There was just a Government agency speaking about the merits of using Rust for their code

The one thing that keeps Go from becoming a serious consideration is its garbage collection, which works fine for websites, but you don't want to have it in games or kernels.

Rust sucks in many ways. Learning curve, syntax, compile times, woke foundation, toxic community (common side effect of pandering to the woke), its users being so religious about it.

Meanwhile, the only "bad" thing I see in Go is the focus on simplicity and just using the standard libraries as much as possible, which I think are actually good things that other languages really need to take note of.

SponiX: a lot of wayland utilities are rust

rust is like c++ but they removed the ability to do anything useful in the name of good programming practices

the benefit is you get to feel good about yourself after you jumped through a bunch of hoops to do something in 30 lines that could be done in 5 lines in c

you need to clone an entire struct just to assign a variable to an element in that struct

unless the element supports the "clone" implementation i guess

thegman sorry it's a late reply, but with the jails it's not just syscalls [this might actually be complete now], but it's the compatibility with things like glibc. The old way was that a base linux system was installed based on something like centos, and that limited things because the libc was so old.

But now you can in theory install any base system. It's the compatibility with the core linux libraries and the emulated syscalls which I believe can cause issues. It's only really been tested with ubuntu as far as I can tell.

rats

also as far as the domain blocking system goes i cant use anything router based

since im stuck with this crappy spectrum router

even if it worked, I don't think emulated linux software has access to the native network stack on freebsd

you've been able to install any base even since the c6-in-ports days, but nobody really took advantage of the diversity (and it probably would die quickly with a relatively modern glibc/musl and some applications to go with it back then, but nothing would have prevented others)

can you throw it in a VM and route your traffic through it?

nothing's fundamentally changed about linux stuff here in a long time, but more recently newer syscalls have been implemented and some folks have actually taken to running a linux test suite to validate the implementation

maybe i could route it through a vm if i could make unable to connect to the internet without that vm

kevans, that was my assumption. The c6 implementation was comprised of components which were at least "supported" in the linuxulator, and that the implementation is now complete enough that that constraint isn't necessarily needed

maybe if i set up that vm as the router and disconnected the old router

il try that

yeah, pretty much

im gonna try to install freebsd again

why are you installing again?

and why can't you use your own router?

rtprio: "a lot of wayland utilities are rust" Yet another reason to refrain from using Wayland.

Or "Gayland" like a friend of mine calls it.

>gayland

sounds like you want people to use wayland ;3

well

didnt work

it still cant connect to the internet

miko: I let people make up their own minds, but being called "gay" is definitely nothing positive.

Unless you are gay, then that's fine.

are your friends 10 years olds from the 90s?

feels like I'm being transported back to the mid to late 00s when I was in middle and high school

yeah, the fucks that bullshit?

you stuck in /g/ or something?

yah, that's not a very good attitude

What's the problem?

Feels like I'm back in the #gnu channel all over again.

i wonder what could possibly be wrong with trying to make the word gay have negative connotations

god i really can't figure that one out

i really can't

"Oh no, she has a different opinion, the sky is falling!"

feel free to have your own opinion, but it's fucking stupid

I think you're overestimating how important your opinion is to any of us, tbh

it's still something to call out though

I'm not the one forcing you to have a certain opinion here.

calling you out for having a stupid opinion isn't forcing you to have another opinion

There is no such a thing as a "stupid opinion".

there absolutely is

Only if you want others to think the way you do, you can call it "stupid opinion". But then again, all you're doing is proving my point.

*wanting* people to not be homophobic or permissive of homophobia is not the same thing as forcing that

what, so one shouldn't call opinions based on stupid superstitions stupid?

^ #freebsd-social

tm512: Just like you're free to find me a "stupid bitch" or a "good person", you should be free to find homosexuality good or bad.

So I can't see the problem here.

and we're free to call your shit out

Yes.

Although I don't see any shit being called out, just a bunch of people being mad over an opinion I hold.

im literally calling you out for having a stupid, shit opinion

That sounds very authoritarian.

that's authoritarian, huh?

comparing "Gayland" to shit I heard all the time from literal children back when I was in school, in a less progressive time, isn't "being mad", it's mockery

Sure, you're free to find my opinion stupid or shit, doesn't mean it's a fact.

do we need this offtopic discussion here?

remiliascarlet: and who exactly said that it's a fact? do i really need to prepend everything with "i think {}"?

well, I don't care about this enough to join a different channel so if it's too off-topic then I'll just dip

seriously?

Whatever, I said what had to be said.

So I'm more or less finished with this topic.

unfortunate, first experience with FreeBSD on the ThinkPad T495 I just got was running into this bug: forums.freebsd.org/threads/t495-thinkpad-hangs-on-boot-acpi0.85650

Title: Solved - T495 Thinkpad hangs on boot acpi0 | The FreeBSD Forums

suppose I will try updating the UEFI firmware. while that seems less risky than flashing new firmware on BIOS machines it still makes me a little bit uncomfortable

during the second freebsd-update install to upgrade to 13.3: rm: ///usr/include/c++/v1/__tuple: is a directory <- should I be worried?..

(date now is 2024-03-05 12:23)

not really it's a special case in the upgrade where what was a file in earlier versions became a directory after upgrading

it was a bit of a blocking issue for the 14.0 release

if the machien doesn't reboot, I'm blaming you ;P

ok, reboot seems to have gone smoothly!

> ZFS: i/o Error all block copies unavailable

what a glorious way to start the week!

very nice

I am slightly terrified I will admit

I will try to reinstall and re-import the pool

wtf error is that

but i admit i've done same

did recover the pool, but not all the files

ketas: might be root pool corruption, I just upgraded to 13.3-RELEASE

in the bright side, zfs told what was corrupted

oh that

no storage fail?

god that's bad

it's not telling much alas

ketas: what do you make of this? imgur.com/a/rVXVxE8

:D

are the devices with the pool actually present? did you update the pool without updating the loader? etc. just boot off a thumb drive and try to import see if it's even recognized.

isley: I only followed the steps there: freebsd.org/releases/13.3R/installation/#upgrade-binary

Title: FreeBSD 13.3-RELEASE Installation Instructions | The FreeBSD Project

so yeah, I'm probably going to perform a reinstall with the help of gist.github.com/ctsrc/9a72bc9a0229496aab5e4d3745af0bb9

Title: Install FreeBSD 13.2 on Hetzner · GitHub

(btw if anyone knows a nice hosting company that supports FreeBSD I'm all ears)

Hi. How to debug the output of "service myservice start"? My service doesn't start with that way, however when I call it directly, it works. I'd like to see what's the matter..

$PATH ?

ketas: -bash: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin: No such file or directory

within service init?

wild guess is path still

Yes, the binary is in /usr/local/sbin/

which service?

any common thing?

owncast, but from: pkg.skunkwerks.at/FreeBSD%3A14%3Aamd64/All/owncast-0.1.2.pkg

Installed it with: pkg install owncast-0.1.2.pkg (the current one on FreeBSD 14/amd64 is almost 3 years old, extremely buggy and never gets updated)

eh

i would still bet it's env / conf :p

aah is this mine tercaL ?

so when it didn't start for me, it was because I needed to:

- create user/group owncast:owncast (done by installing port)

- add /var/db/owncast (manual)

- chown owncast:owncast /var/db/owncast (manual)

add this to rc.conf

owncast_enable=YES

owncast_path=/var/db/owncast

then it ran fine

dch: Oh, was it you? :) Thanks a lot for the binary! I will try these now.

the current port does what I consider a POLA violation

- it has /usr/local/share/www/owncast/ dirs as writable by the user

there may be a good reason for this but as I dont use the port how would i know

but I don't expect user data to end up in /usr/local/share/

why is the port old

that should be root:wheel and readonly for users, updated by/with the port

because maintainers have lives, jobs, sickness, holidays, kids ...

sometimes we are on top of things, and sometimes we are ... not

tercaL: anyway if you have the permissions right, this should just work (tm)

tercaL: IIRC the first run i did as follows, without the daemon

dch: I agree, but the port's maintainer never had time in 2 years and half, just strange.. anyway.. It's extremely buggy.. By the way, the steps above solved it! Thank you very, very much!

su -m owncast -c 'owncast -enableVerboseLogging -adminpassword l33t'

for a first-time user I think this is necessary to set a default password? not sure

bbl, family times

Title: FreshPorts -- www/owncast: Self-hosted streaming service written in Go

please update bugs.freebsd.org/bugzilla/show_bug.cgi?id=275190 with any findings, so we can commit it *if* it works

Title: 275190 – www/owncast: Update to 0.1.2

2 years?

I there, is there a way to install php5 on bsd ?

need to resurect an old project ...

manually i'd guess

nerozero: it will be hard. Find when that port disappeared, spin up whatever FreeBSD jail was "latest release" at that time, and fork the ports tree and build in poudriere off that

MOVED file says `lang/php56|lang/php72|2019-01-01|Has expired: Security Support ends on 31 Dec 2018`

so whatever FreeBSD was around on January 2019 is what you need to build against

you can also expect many of the tarballs needed from that time may no longer be available on the internet

this could be painful

....................

or maybe you can try building it manually from source, old school way

Can bsdinstall's auto ZFS option detect my pre-existing ZFS pool?

dont even know if that old php sources exists or not ...

i bet php repo has it

and my distfiles archive :p

wooow

wait looking for obsolete drives with bsd installed there ...

Title: PHP: Release Archives (museum)

WOOOW !

thanks a lot !

love how they call it museum

i recently merged my distfiles

found it being 30g

regular server stuff, little x

Hecate: did you check it first?

before reinstall

i wish there's better method here

apart from manual repair

did it import?

found hard drive with php7.2 and bsd 10

wish me luck, hope I will manage to make make things work on it

btw, is there a chance clone active system into vm ?

bsd into vm ?

rephrase, how can I transfer entire system into VM

tar | tar?

I had tried many years ago, doesn't seems to work

with some cfg changes

symlinks, weird files - no boot, ALOT of issues

not worth it

chflags -vv noschg /mnt/var/empty

tar -cf- -C /root/files/fbsd/current/dist/univ.working/ . \

| tar -vxpf- --clear-nochange-fflags -C /mnt/

actually from my vm script

woow

:)

from php museum you can also get php1, which is something i never used

which I never even heard of ..

well there was php before 3!

Have no vim on old machine, is it possible to do something without vim >

?

vi ...

vi, ee

no EE -hate it

and nano

well it gets files edited

hate nano too ..

ed then

ee has that esc delay

or sed -i

i've see people battle with it irl

I know

i almost always use mcedit somehow

10 yars ago migrated to vim, and world has changed ....

i could do vi or ee if needed

20 years of mcedit eh

AH I have MC there

havent used it for 15 years ...

WOOW

i don't know vim has problems in my brain

how to exit mcedit :D

not :qw!

:)

:D

:qw *SHOULD* work.

in mce?

I cont even type a thing in it !

if f keys don't work

esc 0

no extra i, hjkl /....

ARROW nav..

horrific habits

no this is really a thing

ketas: it wouldn't even start the login stuff so eh

well *i* had arrows on my kbd

in 1999

so

Hecate: eh, booted off rescue media?

I wish I can go back to that year ...

what happened then

there was a life, no ai, friends, not virtual one, a lot of alive back then ...

a lot of things ...

there were also arrow keys on kbds in 1995, when i was 12yo

so yeah

I don't use ee myself, but I do push it on people who need to work in terminal, but can't be arsed to learn vi(m).

i had less life the rh

theb

The mere fact that it always displays all the hot-keys at the top lightens the support burden a lot.

you dont have to learn vim,

n

vim speaks your language, and if not, you can tweak it

I was a vi hater for a number of years. . . but I eventually forced myself to learn and use it, and ended-up loving it.

Haha !!!!

Love how it's designed to keep my hands at the home position.

you dont have to learn vim, you just have to learn how to exit it :)

Is that an emacs joke?

:)

CrtxReavr: yes :) - btw I am a vim person ~

Everyone's first VIM session: ^C^C^X^X^X^XquitqQ!qdammit[esc]qwertyuiopasdfghjkl;:xwhat

no images needed

not mine

I had read a book before even start unix ...

so my first vi was vi, :wq

:D

bsd2.1

i love the what part

coughliescough

but yeah who could guess the :

home position is fun too

I took a CS-105 class Intro to Pascal. ..

it assumes you learned touch typing

that was not a guess, it was written in the text book, I had no pc at that time, so books was a thing

if you learned hybrid, then

The platform was some HP SysV variant. . . and vi was offered as the only editor choice.

Hated it - made no sense to me.

relief from destruction and screaming

I basically bot by with editing my code in edit.exe and doing text uploads into vi.

s/bot/got

jbo, backup the entire database before :D

made my day

:D

my bhyve windows vm keeps getting stuck at boot

they got arcade game on that btw

it sometimes works

table flippet

like 5% of the time

r

and once it was able to boot it stays usable for 10 hours no problems

afk, need some calories

no usb-c ps in humans yey

t

pd

Any chane anyone has ran freebsd-update going to 13.3-RELEASE on a t2.micro aws isntance? Just had freebsd-upgrade killed.. Wonder if it's a RAM thing

I did at least stop apache this time though.

Has anyone had success/issues with SATA PCI card passthru with bhyve? I'm hoping not to waste money buying several cards (like I did to find a compatible USB chipset once). TIA

davisr, PCIe passthru works well for me

regarding your USB comment: shouldn't matter what controller it is. Just attach the PPT driver and then let the guest worry about it.

eeek... gunzip: (stdin): unexpected end of file During `freebsd-update install` post reboot...

jbo, thanks, but it's unfortunately an un-ideal world and some peripherals, like USB controllers and GPUs, have passthru issues. I haven't any experience with SATA card passthru, but I'm hoping to hear about a card that is known to be working.

Is there a validation check with freebsd-update? Just rerun? it seems to have finished but something is telling me something could be wrong.

davisr, any chance that the cards you're having issues with do not support MSI/MSI-X?

jbo, it's possible and I'll have to investigate that (but good tip). I don't have datasheets for my non-working cards handy.

ketas, thanks ! I have managed to resurrect an old project, by using old hard drive, some php modules missing, but in general - things working ..

skered: what is the ram limitation on that type of aws?

er it's a nano not micro

but..

512M

idk it just seems odd to me that something critical like system updates would fail

you'd think that would be enough

During Applying patches...

I dunno if it loading all the patches at one or doing them one at a time.

er you know what I did... :(

I ran it on the same host twice.

Too damn many tmux pans

panes

You would figure freebsd-update wouldn't allow that?

But that looks like it via auth.log... upgrade... 10 minutes later... upgrade again.. then saw the sudo to stop apache... just wasn't looking

nerozero: if you can't port it and don't mind security holes, you could get proper php5 too, maybe with same age fbsd, that way you get all the modules

the site is for internal use only

I wish I could clone it into vm...

will try to do so with tar ...

but I doubt it will work ...

I forgot. "caddy" is written in Go, that is one good example

anybody familiar with codel/cake/sqm on freebsd?

there should be a modern HOWTO for managing bufferbloat on FreeBSD routers but damned if I can find it

dch: i'm not too familiar with it but it seems to be implemented in dummynet, see 'TRAFFIC SHAPER' in the ipfw manpage

jmnbtslsQE: yep the manpages for dummynet mention fq_codel & fq_pie in passing

I could do with a worked example that shows how to use this with my pf.conf setup as well

there seems to be much more documentation about it in the ipfw page

it all gets a bit confusing

yeah. i wouldn't know

I did find this klarasystems.com/articles/dummynet-…er-way-of-building-freebsd-networks finally, which is half of the puzzle

Title: Dummynet: The Better Way to Build FreeBSD Networks | Klara Inc

and this looks helpful forums.freebsd.org/threads/ipfw-dum…q_codel-halves-download-speed.71665

Title: IPFW - IPFW + dummynet with fq_codel halves download speed? | The FreeBSD Forums

the basic dummynet pipe bandwidth/delay/queuesize config shouldn't not difficult, but it definitely gets confusing once you do anything more complex or with multiple levels

shouldn't be*

though i think i've only ever used it for bandwidth and delay

in the src/contrib/bmake folder there is a huge collection of makefiles from netbsd

are those used in freebsd or are they just sort of... there?

ooh reviews.freebsd.org/rG00a7a05bde8481a58860253daf86661372ae3b72 it can all be done within pf.conf now. excellent!

Title: rG00a7a05bde84

uh, so I thought iwlwifi was the wireless driver for the Intel AC 9260 chipset, but looking at dmesg when booted into the installer shows that iwm has been loaded for the device

hmm

how would you even know what driver is for which device. does the source code say that

Title: WiFi/Iwlwifi - FreeBSD Wiki

9260 is listed here

but I guess the 9260 is like in the transitionary period where it was still supported by the legacy driver before iwlwifi matured? I dunno

I think iwlwifi is required for 802.11ac support (or will be, that's not something that the FreeBSD driver supports yet)

amigan: any luck with the ICMP routing issue?

edenist: nah, I gave up for the night last night and honestly this issue seems so nondeterministic that I have a slight hope it will resolve itself someday :)

maybe if I find a shred of time this weekend I'll start digging into the source, maybe build out a sim lab

it's also tought to debug on your live internet connection!

*tough

it's a shame your ISP doesn't offer a static prefix though if you ask them. Seems like a waste to have dynamic v6 imo

that is true! I do have a backup LTE link I can use but yeah. one way I get around it for debugging at home, I have a guest vlan/ssid that I join and then VPN in from there and it is a decent facsimilie for debugging

otherwise I debug from the bar :)

they would do a static prefix if I had a business connection