00:02:22 i don't think it's a shortcoming that your desired functionality is not the default. whether it's a shortcoming that the function is not possible, i don't have any view on 00:02:33 probably 00:03:08 so there's hope that there's a way? that would be SO nice 00:03:37 by "probably" meant: probably a shortcoming if it's not possible. i have no idea if it's possible 00:04:22 but i'd think just using NAT port forward would be better frm a design standpoint. principle of least surprise 00:04:42 unless you have some strict performance requirement 00:06:08 but that requires some extra setup in the host to make it possible? 00:06:38 it doesn't, aside from whatever setup exists in the host to configure your jail. you perform the NAT in the jail 00:07:38 so how could i have some nat thing bind to the 80/443 then forward, but caddy bin caddy user can't just do it itself? 00:11:07 it's done by the firewall 00:11:29 oh like pf can do it? 00:12:47 yeh 00:12:50 or ipfw 00:13:53 mind showing me what an example rule would look like? 00:15:50 freebsd handbook no examples ? 00:16:16 something like this: https://bsd.to/Rixg 00:16:17 Title: dpaste/Rixg (Plain Text) 00:16:24 handbook probably has examples too though. port forward 00:17:26 to debug it, run natd manually with -verbose and the proper config, using 'divert natd' in your rulset instead of 'nat 1' 00:17:53 wait so natd has to be run it's not just done in the fw? 00:18:04 natd is just to debug it in case you have issues 00:18:15 what's it do? 00:18:33 i'd recommend researching the topic 00:18:55 i guess that example looks pretty simple. still wish it was possible more directly 00:18:56 it just does the same nat function but receives packets sent from the firewall via divert 00:19:04 tyvm for plan b 00:19:09 sure 00:20:19 https://forums.freebsd.org/threads/pf-port-forwarding.56995/ looks like pf can do forwarding too 00:20:21 Title: PF - PF port forwarding | The FreeBSD Forums 00:20:34 yeah, surely. i'm just more familiar with ipfw 00:21:17 so fw based forwarding is a way to reuse the privileged network position of the fw to bind to low ports then locally redirect to higher ones 00:22:31 it's not that. the firewall doesn't do any binding, it changes the content of the packets (that's what NAT does) in and out 00:22:44 what you describe would be more like a tcp/udp proxy running as root 00:23:39 # Vncviewer 00:23:40 /sbin/ipfw add allow ip from 192.168.253.1 to any 5901 via eth0 00:25:41 ahhh 00:26:06 bsdsocket : ip and port 00:26:09 actually rewriting the packets that's pretty interesting. i guess the overhead of that makes it better if we could directly bind to low ports? 00:26:55 hence my comment about any performance requirement, but i think you are unlikely to encounter a bottleneck in this case 00:33:38 rfc 1918 and nat why you dont have to learn ipv6 00:34:35 pf or ipfw..either should do... 00:36:51 "latest" being behind "quarterly" is so confusing. Just installed a system, pkg 1.21.0 from quarterly. Update to latest to find pkg 1.20.9. 00:46:21 https://spectrum.ieee.org/how-dec-engineers-saved-ethernet great read 00:46:22 Title: How Engineers at Digital Equipment Corp. Saved Ethernet - IEEE Spectrum 00:46:33 invented switches 00:46:47 Should I log a bug against the handbook? "And the Latest branch provides the latest versions of the packages to the users."" Or is it a ports bug? 00:50:54 log ALL the bugs!!! o/ 00:53:45 dec gigaswitch a multiport device supporting both Ethernet and FDDI. 00:54:14 fddi smoked ethernet and fast ethernet..2 100Mbps rings 01:01:26 dumb hubs to switches..was big deal 01:01:59 routers,bridges,gateways...prior to switches 01:02:36 https://spectrum.ieee.org/how-dec-engineers-saved-ethernet 01:02:37 Title: How Engineers at Digital Equipment Corp. Saved Ethernet - IEEE Spectrum 01:29:01 mac:ip:port arp/rarp nat/dhcpd vlans.firewall/pf..local lan...rarp into the mac 01:29:01 to assign ip..rfc1918. 01:33:25 https://oxide.computer/ and https://maas.io/ say they can bring up rack of computers from BMC 01:33:26 Title: Oxide Computer Company 01:36:56 in all the pf port forwarding examples i'm finding the destination includes a literal ip. any way to make it just redirect to 'self' or whatever address it's coming in on? 01:45:56 its all nat to the jail.. 01:47:28 unless your doing ipv6 02:01:37 so you have to respecify your ip? 02:41:43 vmware already figured out the SDDC why they sold dell/emc/vmware to broadcom for 60+ billion. 02:41:59 now they are going to milk top 600 customers 02:42:31 https://regmedia.co.uk/2022/05/30/supplied_broadcom_software_go_to_market.jpg 02:42:57 mike dell knows when to bail on product 02:45:47 now is your chance fbsd, you got SDDC nsx vsan dsr vcenter... 03:49:54 always remember to add epair to your bridge.. or your jails won't work 03:54:08 alepzi: during your jails adventure, have you ever had a "hanging" jail.. that just takes FOREVER to stop? 03:56:48 not yet 03:56:56 only been at it a week tho 03:57:03 and only 1 jail at a time not hundreds yet 03:57:24 if you get hanging can you isolate which jail it is that's hanging? 03:58:26 voy4g3r2, The default stop.timeout is 10 seconds so I am surprised it would hang forever. 03:58:49 exec.timeout is unlimited though so an error might cause it to take infinite time to start. 04:01:03 tail jail console during stop 04:01:06 ? 04:02:32 voy4g3r2: often. and it appears to have gotten worse over the last.. year? or so 04:03:10 it is typically ifconfig hanging for me, trying to remove the epair from the bridge maybe, dunno 04:09:54 rwp: it eventually timed out stopping after 90 seconds 04:10:55 Either a single 90 second timeout or a combination of timeouts adding to 90 seconds. 90 seconds is much too precise to be an accident. 04:13:39 it just says a statement timeout after 90 seconds 04:13:44 which i agree, is too exact 04:13:59 but i think this jellyfin package.. needs more 04:14:19 press ctrl-t while it is hanging to see what command is running 04:22:02 90 second watchdog timeout expired. Shutdown terminated. 06:00:58 what was the first -RELEASE for arm64? 06:14:28 paulf: looks like 11.0 06:15:02 kevans thanks 06:18:46 voy4g3r2: i'm already shopping for a jellyfin replacement 07:48:16 my laptop's audio gets all glitchy and crunchy when i make -j4 07:48:33 is this a problem with the scheduler? 07:50:23 video is glitchy too even when using nice make -4 08:08:28 perhaps you don't have enough IO to do both 08:08:44 i have an ssd 08:08:49 and it was never a problem on linux 08:09:27 you build freebsd on linux ? 08:29:04 no 08:29:17 i'm building a custom fork of multimc 08:29:22 on freebsd 09:10:54 markmcb: it's probably because the quarterly build is a lot faster, so it can run more often 09:11:25 it can easily take a week or two for source changes to make it into latest packages, depending on architecture and timing 09:36:15 why is there /rescue/ipf but not /rescue/ipfw? am i missing a package? 09:37:39 hm there's no /rescue/pf either, that's weird 09:38:55 it's all the same inode, make your own link 09:39:24 rtprio: you mean they're compiled into the binary already and the link is just missing? that would be even weirder :-) 09:39:59 i wonder if in any rescue having pf, ipf, ipfw is of much use but eh 09:40:12 anyway that doesn't work: 09:40:15 [25!] yarrow /rescue# ./ipfw 09:40:15 rescue: ipfw not compiled in 09:40:29 hah, at least it's nice enough to tell you 09:40:43 rtprio: well, if your kernel is configured to drop packets by default (this is the default in GENERIC for ipfw) you would need ipfw/pf to add a pass all rule to use the network from rescue 09:41:02 which i assume is why ipf is there 09:41:10 (handy for the 3 people still using ipfilter) 09:42:55 with darren reed being one of them 09:44:16 39ae372d787513 looks like it was removed in 2003 ? 09:45:25 hmm. i am going to submit a patch to put it back :-) 20 years later a couple more small binaries might be less of an issue 09:46:20 i notice that commit also removed a bunch of other stuff that definitely doesn't need to be there like nfsiod and natd 09:51:58 Greetings. Trying to build an RAID1 interoperable with GNU/Linux at least. Thus I've used graid with "Intel" metadata in order to be able to assemble it with mdadm and its "imsm" metadata support. But it does not. The "container" and the array is being recognized, but mdadm refuses to start the array because of absent disks. 09:52:59 Although it _does_ recognize present disks as "belonging here", it fails to recognize that these disks are actual ones used to build the array. 09:54:06 i've never heard of that being compatible 09:57:36 Fortunately, the array is empty now, so it can safely be destroyed and reassembled in other ways. Could it help to assemble the array using mdadm with '-e imsm' option? 09:58:13 what filesystem were you going to put on this, assuming you can get it recognized in both systems 09:58:21 and followup question, why isn't it zfs? 10:00:00 I'm going to partition it into several UFS/FAT/NTFS volumes. ZFS is not being used because the going-to-be fileserver is ancient and has 1GB of RAM. 10:01:08 BTW, is there any stable enough Ext4 driver at FreeBSD at the moment? 10:01:35 i ran pkg upgrade and now all my qt applications won't launch and seffault 10:01:38 i feel like you should have started with "get a filesystem working between systems" and expand it 'make it more redundant' 10:01:44 Cannot mix incompatible Qt library (5.15.12) with this library (5.15.13) 10:01:49 Abort (core dumped) 10:06:32 Crap 10:06:40 Upgrading pkgs broke my computer! 10:06:43 How do i rollback? 10:12:10 rtprio: I used to have FAT32 on all volumes and will continue doing so on volumes which don't need POSIX semantics (like the WWW volume which will hold CGI scipts) or huge files support (like the volume which will have sparse IMGs shared via ctld to a VMX-capable node). Considering that the main reason of interoperability is the ability to retrieve 10:12:10 data in case of non-booting file server, UFS2 (which can be seen RO at least) would be sufficient for "POSIX semantics-supported" voulmes, but are there reliable alternatives? 10:14:01 Actually, I've mentioned the NTFS because of forgetting the instability of both drivers in RW mode. So, now I have only FAT32 and UFS2 kept on eye. 10:15:39 Ext4 would also be a good option, so, are there stable Ext4 (or Ext2 at least) drivers at FreeBSD? Also, how reliable is UFS2 itself? 10:18:38 Is fusefs-ext2fs driver stable enough (except a case with a Pi and fstab-mounted Ext2 volumes from DAS)? 10:23:32 we should really remove routed(8) from base, the few people left still using RIP/RIPng have plenty of other options in ports for that 10:25:14 could even just be moved to a net/freebsd-routed port 12:04:25 Hmmm, is it just me, or is /bin/sh kinda buggy? 12:04:40 when it comes to interactive user input 13:12:54 i solved my NAT64 problem from the other day by creating a service jail to do it with ipfw: https://www.le-fay.org/tmp/30d/nat64.txt - seems to work fine, and i don't need ipfw or tayga on the host 13:13:08 add to patch rescue to include ipfw and pf though 13:13:11 s/add/had 13:21:48 include pf and ipfw in rescue, what? 13:22:05 debdrup: https://github.com/freebsd/freebsd-src/pull/1169 13:22:06 Title: rescue: add ipfw, pfctl by llfw · Pull Request #1169 · freebsd/freebsd-src · GitHub 13:22:21 wait, ipf is in rescue?! 13:22:36 uh huh, i was surprised too, but it makes sense 13:22:49 if your firewall drops all packets by default, rescue is not very useful if you can't configure the firewall 13:23:02 yeah no, that makes sense 13:23:08 to balace it out i added https://github.com/freebsd/freebsd-src/pull/1168 :-) 13:23:09 Title: rescue: remove routed, rtquery by llfw · Pull Request #1168 · freebsd/freebsd-src · GitHub 13:23:11 balance 13:31:44 i feel like +560kB is a lot though and people might object to it 13:32:01 considering it's only 17.3MB right now 13:33:31 (which is fine, i guess if that happens i'll just build my own crunchgen... or just leave this patch in my local branch) 13:48:06 lw: yeah, the constraint that makes latest not the latest is clear, but it seems like a documentation bug as many packages are not the latest every time quarterly updates, and the docs say otherwise. 13:54:19 yaay, I'm chatting from FreeBSD now :D 14:03:07 Dooshki: yeehaw 14:05:09 I have to say, I really like how well-integrated FreeBSD is, so many different things can be configured in rc.conf, whereas on Linux, every small thing would be in its own config file with its own syntax and everything. Like, I was surprised how painless setting up bridging for my jails was, it would've been absolute dreadful hell on Linux 14:08:13 Dooshki: congrats! :) 14:08:24 Thank you! 15:33:53 lw, ping 16:40:24 how can I save an accent character to file? 16:41:04 I want to make a git push with a name with an e grave è 16:42:03 my locale is normally en_GB.utf8, I wave tried switching to fr 16:42:53 just about everything that I try saves the è as a ? (ascii 3f) 16:47:19 EDITOR=kwrite git commit --amend 16:48:54 and set it to iso-8859-1 16:48:58 seems to work 17:11:06 paulf, From the data given I don't know where the conversion failure is happening. Working with accented characters normally works for all of the rest of us. 17:12:08 The only clue I see is "my locale is normally en_GB.utf8" but en_GB.utf8 is not a valid locale. AFAIK that should be en_GB.UTF-8 not en_GB.utf8. What is the output of the "locale" command? 17:13:00 The other problem is ISO-8859-1 aka Latin1 which is the now obsolete character encoding predating UTF-8 encoding. 17:15:07 I think it's safe to assume he's not literallt using en_gb.utf8 17:15:42 When dealing with computers it is always best to be literal. Because computers are literal! :-) 17:17:39 In any case... The output of "locale" would clarify what is actually happening. The setting of LANG and LC_* variables. The presence of installed locales or not. 17:22:47 so a jail can't set the security.mac.portacl.rules sysctl i guess? there any way to let the jail's caddy user (also caddy bind to and listen on a low port? there's the plan b of using pf port forwarding but i wanna verify that's my only option 17:31:40 o/ 17:38:21 alepzi-: the MAC framework is part of the kernel, and since jails don't have a kernel, you can't modify it - but check https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259149 17:38:23 Title: 259149 – mac_portacl not in affect when running VNET jail 18:07:20 Right now it is LANG=fr because I tried switching 18:07:51 right now it is LANG=fr because I tried switching 18:08:07 What is the output of "locale"? 18:08:50 LANG=fr 18:08:59 the rest "C" 18:12:26 The rest is "C". That's the telling point. Since "fr" is not a valid locale it means that everything is falling back to using the C/POSIX locale. 18:14:42 and en_GB? 18:14:51 As I understand it locales must be set from one of the existing ones at "ls /usr/share/locale". 18:15:27 And if it is not set from one of those existing locales then it falls back to the compiled in default C/POSIX locale. 18:15:35 en_GB.UTF-8 is there 18:15:57 Right. "en_GB.UTF-8" is there. But not "en_GB.utf8" nor is "fr" there. 18:16:47 I meant en_GB.UTF-8 don't be pedantic 18:17:04 The computer is even more pedantic than I am! :-) 18:17:54 I think you should set "export LANG=en_GB.UTF-8" and then test everything all over again. I normally use "export LANG=en_US.UTF-8" and accents work okay everywhere. 18:18:51 Since you were saying "git" then I will ask if this is all local sandbox commits or if the problem is a problem when doing a git push to a remote system? Because then that gets the remote system involved in the debugging too. 18:20:14 In defense for being literal how should I understand setting the local to fr? Should I assume that you actually meant "fr_FR.UTF-8"? But no it was actually "fr" so not being literal there would have been wrong. :-) 18:21:41 no "fr" 18:25:35 The other hint I provide is that these days using Latin1 ISO-8859-1 is discouraged as being obsolete. It still works. My outgoing email encodes in order of ASCII, ISO-8859-1, UTF-8, in order to provide the most interoperability. If it can encode in ASCII then it does, or if Latin1 then okay, then UTF-8 if otherwise. But email also states the encoding used allowing the receiver to handle it. 18:26:15 Related to this is a problem with a name that I just love because it is so interesting. https://en.wikipedia.org/wiki/Mojibake 18:26:16 Title: Mojibake - Wikipedia 18:39:11 jbo: hi 19:41:37 i feel like netstat should be in rescue... or is there some other way to print the routing table? 19:43:02 lw: like https://man.freebsd.org/cgi/man.cgi?route ? 19:43:03 Title: route 19:44:01 Hecate: how do you make route print the routing table? (route get seems to be just an individual route?) 19:45:43 heavens 19:45:50 I reckon you can't 19:45:57 even the route man page says so 19:46:00 > The routing table can bellhyve listed with netstat(1). 19:46:04 fucking hell 19:51:52 netstat -rna 19:52:09 rtprio: read scrollback :-) 19:52:24 bah 19:52:26 :D 19:54:14 there is some weird stuff in rescue... iscsid, nos-tun? 19:58:37 perhaps it doesn't get used as much anymore? 20:01:24 i've been using it for jails recently, it's pretty handy for that 20:01:31 like service jails that don't want a whole OS installed 20:04:50 you could always build your own lwrescue and put netstat in it too 20:05:18 i'll probably do that with some things, but i think generally useful things like this should be included for everyone 20:05:39 i think there's a way to build your own rescue-like multicall binary that isn't rescue, i should look at that 20:15:51 hi lw 20:16:34 lw, let's say there's a port I'd like to use which uses a bunch of python libaries and it's marked as BROKEN because it requires 3.10. is there any way that I can build that port using 3.10 as a default version but leave all the other ports as is? 20:17:53 jbo: as far as i know, no. 20:18:36 lw, so I have to risk bumping all my ports to 3.10 and deal with the fallout? 20:18:42 if it only uses Python and nothing else, i think setting required Python version in the port Makefile works, but that doesn't work for dependencies 20:18:56 jbo: yes, although i recommend going to 3.11 since that's what ports will move to anyway 20:19:13 lw, the port in question is finance/odoo/ 20:19:20 i've been using 3.11 for months now with no problems 20:22:36 lw, so just via DEFAULT_VERSIONS ? 20:22:44 yes 20:22:57 somewhat scared 20:23:31 if you use -b latest, expect longer build times as nothing that uses python can be fetched as a binary package anymore 20:24:25 that's fine. I got a proper build server. I'm just scared about breaking stuff that worked before 20:36:41 * lw wonders what the point of /usr/bin/cd is 20:44:26 in case the shell doesn't have a builtin 20:44:50 funny, but even then it wouldn't actually work 20:47:05 actually, that's right 20:48:30 i think i will send a patch to remove this as it seems completely useless 20:48:42 except maybe as an extremely roundabout way of doing 'test -d' 20:55:46 o// 21:33:59 apparently there's a bunch more of these, /usr/bin/fg, /usr/bin/alias... apparently usr.bin/sh just installs one for every builtin 21:34:28 lw: are they actually full programs, or just symlinks? 21:35:45 SponiX: they're hard links to a single shell script that uses $0 to determine what to execute 21:39:26 ah they actually come from usr.bin/alias 21:40:41 apparently at this some of these are required by POSIX 21:41:18 even the commit that added them calls them "useless" :-) 22:02:13 The point is that any program can exec a known utility, by name. Not so useless. 22:05:16 https://cgit.freebsd.org/src/commit/usr.bin/cd/cd.sh?id=b107f944adcc3cb203dd283c45c7be193b3f8ada 22:05:17 Title: src - FreeBSD source tree 22:05:23 hmokay 22:09:33 where can i find docs on all the sysctl oids? 22:09:36 jgh_: it is useless - why would you want to execute /usr/bin/cd, ever? 22:09:39 i want to read about kern.randompid 22:09:47 it's not in man sysctl or man sysctl.conf 22:14:26 lw: That one I'll give you (mind, history... Unix Version 6 did actually have a standalone "cd" program!) 22:17:51 hmm, not in https://www.tuhs.org/cgi-bin/utree.pl?file=V6/usr/source/s1, i wonder if that tree is incomplete 22:21:26 I have no clue how it ever worked, mind... and the note I just dug up on the Thompson shell (predated Mashey, predated Bourne) say it had a builtin "chdir". So maybe I recall it wrong 22:22:48 i do remember one version (might have been V6) had a /usr/bin/if that worked by seek()ing the fd the shell was using to read the script, or something like that 22:23:10 kinky! 22:23:58 ah wait maybe that was goto, not if: https://www.tuhs.org/cgi-bin/utree.pl?file=V6/usr/source/s1/goto.c 22:24:16 ah yeah, if was a builtin, but you had to do something like 'if goto label' 22:45:47 is there an easy way to recover from a corrupted .git 22:45:59 eh we'll figure soemthing out... 23:33:11 Hrm. Setting up an Ansible server, and I found https://www.adminbyaccident.com/freebsd/how-to-freebsd/how-to-install-ansible-on-freebsd/ which talks about example hosts and ansible.cfg files, but these appear not to exist in current versions of the package in Ports. 23:33:12 Title: How to install Ansible on FreeBSD - Admin... by accident! 23:34:28 If someone has advice for a sane set of default configs to modify I'd be grateful to know about them. Alternately I'll see if I get defaults from a Debian package that seem plausible. 23:37:20 Not seeing example configs in (at least) the Debian Bullseye package. Guess I'll just dig up something online.