lw: wait you have your own pastebin setup?

O

Err, mistype.

I've been thinking of setting up github.com/solusipse/fiche on the spare domain I have.

Title: GitHub - solusipse/fiche: Command line pastebin for sharing terminal output.

It is, of course, in ports.

what does it mean by requiring a separate webserver to share the output?

you're supposed to configure that webserver a certain way?

fiche receives data from netcat and creates a html file that can be served by a http daemon of your chioce

choice*

oh. cool!

Periodically on my machine on my private LAN I am seeing this logged and I don't understand what would cause it.

Mar 8 17:45:24 madness kernel: Limiting closed port RST response from 270 to 198 packets/sec

Is there any wisdom from the group for me about it?

is there some local process repeatedly trying to connect to a port that doesn't have any listener?

i usually see that with ICMP Unreachable because of UDP though, where it'd be common to see a lot of udp messages all generating the ICMP response hence the high rate. not sure why it would be so high for TCP in your case

Hmm... Not that I know of. And that is why I mentioned it's my desktop on my private LAN. There isn't a public Internet attacking it.

dunno

I dunno either. It's a curiosity.

I am thinking I might fire up pf because I think with the right configuration I can get it to log what is happening and then I would have a log that points to something. At that point I would probably find something I know about but have forgotten about.

yeah

maybe brendangregg.com/DTrace/DTrace_Network_Providers.html#Examplessec

Title: DTrace TCP Provider

not 100% sure if that specific example pertains to RST in this situation though (seems to)

(the one under "Detect TCP connect() scan")

Very interesting. Filing that one off for detailed reading. Thanks!

same

Bah. X stopped working (blank screen) following a "pkg upgrade" about 8-9 hours ago. I suspect there's a connection between Xnot working and the upgrade, but I'm at a loss how to figure out which of the 90ish (IIRC) X-related packages, alone or in combo, is responsible for it, assuming that's not one of the other 850ish packages instead. Nothing jumps out to me in Xorg.0.log, and "pkg upgrade -f"

didn't help. (I didn't "pkg clean", so restoring the old package(s) should be possible, if tedious,) GPU is i915, and kldstat shows i915kms is loaded. Clues/ideas/requests for more info all accepted.

OK, on a hunch, I just tried "startx &" and it mostly worked. By which I mean, it started Xfce, but didn't autostart my applications. So the problem may be related to slim or Xfce, not X itself. Or it may be a new race condition.

Hi, i wanted to give containerd / ctr a try, but i was not able to run a command. I tried to run "uname -a" on alpine:latest, but got an "Operation not permitted" on some mount command. So i tried to do the same mount in the shell -- still receiving "Operation not permitted":

% mount -v -o ro -t zfs zroot/DATA/home/containerd/3 /var/run/user/1001/test

mount: zroot/DATA/home/containerd/3: Operation not permitted

zroot/ROOT/default on / (zfs, local, noatime, nfsv4acls, vnodes: count 7995 ).

Any ideas? Would be great, thanks in advance...

What user are you running that as? "%" prompt would suggest non-root.

yes, non-root

I think that"s your problem.

did you do that zfs allow stuff needed?

what zfs allow stuff? I did sysctl vfs.usermount=1... zfs dataset created with zfs create -o mountpoint= ... and then property canmount=on

pretty sure you need zfs allow -u <user> mount <dataset> too

i tried both datasets default and home/containerd with zfs allow but no effect

hm, no idea why mount doesn't work, but zfs mount should work now

i'm on 14.0-RELEASE

Okay, we have a new winner for worst PTR record ever: 2001:07f8::223c:0000:0004

where did you find that?

Friend stumbled upon it in his travels.

what's so bad about it ?

i feel like i'm missing something

host 2001:07f8::223c:0000:0004 | wc -c

That doesn't strike you as excessive in any way?

hm, seems similar to other IPv6 addresses I tested just now

With the MAC in there as a separate field?

CrtxReavr: no, ptr records have to have each byte

when they're :: there are implicit zeros

What?

I get <some single digits>.ip6.arpa domain name pointer <some domain>

i don't get it

nimaje, yes. . . that's not wholly un-common. .. but did you look up the one I pasted?

the ip6 of 1::1 is really 1:0000:0000:0000:0000:0000:0000:1

$ host -t ptr 1::1

Host 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.ip6.arpa not found: 3(NXDOMAIN)

It all depends upon how they have delegated the subdomains for the ptr records.

rtprio, run: host 2001:07f8::223c:0000:0004

yes, 4.0.0.0.0.0.0.0.c.3.2.2.0.0.0.0.0.0.0.0.0.0.0.0.8.f.7.0.1.0.0.2.ip6.arpa domain name pointer de-cix.fra.de.as8764.telia.lt. to be exact

4.0.0.0.0.0.0.0.c.3.2.2.0.0.0.0.0.0.0.0.0.0.0.0.8.f.7.0.1.0.0.2.ip6.arpa domain name pointer de-cix.fra.de.as8764.telia.lt.

yeah, what nimaje said. nothing unusual about that

regular thing0

?

I don't see anything unusual either.

every ptr for ipv6 will look like that

seems good naming too

Holy shit. .

It literally resolved to this just a few mintues ago: mac-4c-f9-5d-3a-26-92.ipv6-2001-07f8-0000-0000-0000-223c-0000-0004.pas-10359.10giga.de-cix.fra.de.as8764.telia.lt

looks like they like longer hosts

could be good in some places

it's probably a DVD drive, if you watch movies

yes, it's a DVD

thanx for the askin, la_mettrie. Do I have a special device for DVD?

sometimes it is easy to watch a movie. Sometimes like today it seems impossible...

may, it's because it has some kind of protection mechanism

or I am totally mistaken with the handling of the drive.

it'd probably be easier just to get the movie DRM-free from bittorrent rather then dealing with defective by design media

you won't have to sit through a ton of ads before you can watch your movie either

and you can probably get it in higher quality

dvd can have drm too, but that is broken, see decss

Hm, sfox, smart move you recommend... this DRM_free torrent...

Although I have seen the opening of the drive by a command-line some time..., today, with <eject /dev/cd0> I tend to get "eject: ejecting media from /dev/cd0" and then "eject: Invalid argument"

exoflux: i'm not sure what you mean

sfox, thanx for the askin! Although the drive-info I get about the hard- and software I don't get any control...

i meant about the previous thing you said

I put in an audio-CD and don't get anything, But I also experienced that I did on other days..

same with the DVD

hi, anyone in eu seeing ssl timeout issues with git.freebsd.org ?

f451: works fine here

how odd

ive tried gitlab over ipv6 - works fine here

just git.freebsd.org over ipv6

sfox! I successfully installed ctorrent and found myself a torrent to my DVD-movie!

dstolfa: amd64 or arm64?

oh good

it's fine for amd64, just not for arm64 - 3 different OSes (freebsd, debian & openbsd), from 3 different ipv6 ip addresses. ipv4 is fine

dstolfa: amd64 is fine. all the ipv6 ips are from the same /64

f451: works fine on arm64 and morello for me, so i don't think it has to do with that

what are you trying to do?

trying to solve an ipv6 issue my rpi4 was having with git.freebsd.org

i noticed git wasn't updating

thought maybe the install was hosed - do did a non-hosed install of raspios

found the same issue

so tried openbsd, installed that, same issue

dstolfa: just with git.freebsd.org and just on arm64 and just on ipv6. gitlab works fine, for ipv4/6 all arches

what happens if you curl it?

i'll try that. i ran debug on the git clone, ultimate output is fatal: unable to access 'git.freebsd.org/src.git/': SSL connection timeout several lines after the connect handshake

Title: src - FreeBSD source tree

exoflux: given how old the DVD format is, I find funny how blu-ray is not talked about much but that's probably due to streaming being way more popular and most folks stopped purchasing physical media all together.

dstolfa: debug from git - 21:26:50.512185 http.c:820 == Info: Trying [2604:1380:4091:a001::24ca:1]:443...

let me try to git that address directly

there are 2, maybe i'm hitting the other one

Info: Connected to git.freebsd.org (2604:1380:4091:a001::24ca:1) port 443

ALPN: curl offers h2,http/1.1

TLSv1.3 (OUT), TLS handshake, Client hello (1):

f451: i'm able to curl the ipv6 address just fine from everything, but i can't figure out how to get git-clone happy with the ipv6 address lol

use it like [ipv6address]

i did, it's very unhappy with that for some reason

ah whats yr shell

i use ksh or tcsh

try from sh

on openbsd sh is aliased to ksh argh

it might be that https:{blah} wont owrk if the cert doesnt have that ip in it i guess - hmm git:// should work?

f451: seems like it's an invalid certificate for that address. try it in your browser

Unable to communicate securely with peer: requested domain name does not match the server's certificate.

just quote your shell meta characters instead of relying on the shell to quietly discard failures and assume it is a string literal then

curl -v -6 git.freebsd.org/src.git - stops at CAfile: /etc/ssl/cert.pem CA Path: none

Title: src - FreeBSD source tree

with curl you could use --resolve, no idea if git has something similar

with git i used export GIT_TRACE_PACKET=1 export GIT_TRACE=1 export GIT_CURL_VERBOSE=1

but those don't help you to specify which ip you want to use for a domain name

you could set it in /etc/hosts temporarily

set it to one ipv6 ip and it should use that

i can get to git.freebsd.org/src in lynx it (nginx) rewrites to cgit

Title: src - FreeBSD source tree

f451: forwarded the information to the people who can fix it :). probably tomorrow, though. it's late and a saturday

:D

you did?

dstolfa: xlnt!

i'll make a PR if you think they'll need it, have lots of debug output

f451: probably worth doing. more information is always useful

okeydoke, many thanks for yr assistance, have a good night ;)

f451: thanks for taking the time to report it and debug

guys i have problem with pkg, please look pastebin.com/sFfSYRkr

Title: [2319][root@kilitary:~]$ pkg update && pkg upgradeUpdating FreeBSD repository - Pastebin.com

what i should do

xFCFFDFFFFEFFFAF: you should update your kernel

dstolfa: bugs.freebsd.org/bugzilla/show_bug.cgi?id=277606

Title: 277606 – git.freebsd.org SSL connection timeout out over ipv6

It's time for a "freebsd-update upgrade -r 13.2"

ok, will try now

f451: thanks!

*13.2-RELEASE