rennj: features like OpenBSM auditing which is in FreeBSD?

not in the 1990's?

walnut creek cdrom came with fbsd/linux and sunsite.edu and maybe drivers supported your 386sx/dx or pentium.

im talking $10K per workstation sparc5 had 24bit graphics, sound, scsi drive..ran WABI also...wine came from wabi...

win3.11 on sparc

like wine on linux

same people...WABI window ABI

the auditing on solaris and hp-ux was for DoD foobar

DISA STIG

opensauce/freesoftware came into it own in 2000's...the 1990's was joke compared to hp,sun,ibm,sgi,dec

xfs,lvm give away...ibm dumped 1billion into linux to fight m$

now they own REL

almost like that was the plan all along

plan9, bell labs/lucent fucked up that..

plan9/inferno sad...

help

Hi

who was the other person here that owns a banana pi?

I am on 14.0-RELEASE-p6, as far as I can tell, the ungoogled-chromium package should be there, as well as chromium right? I ask because when I do a "pkg search chromium", I only get the chromium-bsu package displayed.

Oh, it's not in latest, only in quarterly! Why the flip?

If iio7 comes back, beefy12.nyi.freebsd.org/build.html?…140amd64-default&build=aeab170c7654 indicates that both chromium and ungoogled-chromium ran out of time on latest.

rwp: did u get your banana pi running?

is there some command to run for setting up compilers etc

like apt-get install build-essential

libtool: warning: remember to run 'libtool --finish /usr/local/lib'

env: /usr/local/bin/perl5.36.1: No such file or directory

i only can find 5.36.3_1 in pkg search perl

sometimes jails not stopping is frustrating

voy4g3r2: Likely some process or resource hung up inside it. Debugging that would probably help.

nomia, Banana Pi? I have a couple running but they are running, ahem, Devuan. Using one for a hostapd software WiFi Access Point.

I used to have the house WiFi running on an Intel Atom box for years and years but then the box up and failed completely on me. I also got hooked to a fiber connection. So in the disruption I changed my access point out for a Banana Pi instead. I wish I could say it is running great but honestly I think my USB WiFi adaptor, an alfa, is freaking out every so often and needs to be power cycled.

rwp: i couldn't get devuan to run on mine

how did u do it?

hello

how can i rollback my graphics driver so i'm not affected by this bug? forums.freebsd.org/threads/intermit…ease-dri-crocus-driver.91824/page-2

Title: Intermittant bug in 14.0-RELEASE DRI/crocus driver? | Page 2 | The FreeBSD Forums

the developer is being an asshole and saying it works on my machine because he doesn't use X11 and uses wayland and never switches Vts

and refusing to fix or rollback a bug they introduced

I can't just "Switch to wayland" because none of my software works with that nor do I want to run alpha quality redhat software. That's the whole reason I got away from Linux is having that stuff forced down my throat

and even if I did, I still need VTs

Well that is totally annoying.

I think their saying the bug was introduced in version 22 of xf86-video-amdgpu, but it actually effects all non-proprietary video drives including i915kms

crochet is broken or out of date

thankyou for understanding rwp

nomia, can you elaborate?

env: /usr/local/bin/perl5.36.1: No such file or directory

i get that error when building

that is the wrong version

only perl 5.36.3_1 is in pkg search perl

your not talking about the gpu issue are you?

also idk why libtool gives warnings

no sfox sorry

oh

sfox, You said rollback and graphics driver, is this a binary pkg install?

yes

So I don't clean out /var/cache/pkg/ really ever at all so that if I need to I can return to a previous package. Look through there and see if you have your previous package still available.

this is a relatively new install

Was it ever working?

and this issue has been going on since 2022 at least

i don't know which version of i915 i'd need to rollback to or if it's an issue with a 'FreeBSD vty rewrite'

Do you possibly have a snapshot that includes a working configuration and then you could return to that previous snapshot?

I do not.

% xdriinfo

failed to authenticate magic 1

failed to load driver: crocus

Screen 0: swrast

i think this can be used to tell wether the bug is in effect or not

what was that freebsd graphics support chat?

i'm confused does this mean i need to compile libmesa with i915g instead of i915c? bugs.freebsd.org/bugzilla/show_bug.cgi?id=269006

Title: 269006 – graphics/mesa-dri enable i915(i915g)

i think i found it

Title: 267915 – x11-wm/mutter: after graphics/mesa-* 21.3.8 -> 22.2.3 update OpenGL compositing fails on Intel Iris Pro

it says Downgrading to drm-54-kmod can fix the problem.

54 is really old, is it even compatible with freebsd 14?

currently only 510 and 515 are available from packages

does freebsd have cpu metigations that can be disabled for a performance boost?

sfox: you can search the pretty cool manual on that by typing "apropos mitigations" :)

oh thanks

how come when I search for what sysctls do with arpopos nothing comes up?

% apropos hw.acpi.lid_switch_state

apropos: nothing appropriate

am I using it wrong?

yes, try apropos Va=hw.acpi.lid_switch_state

this is an incredibly good man page

this is so much better then having to grep through linux's source tree

concussious, thank you. What does the Va= part mean?

oh nvm

i see it in apropos's man page. I wasn't aware of that functionality

it doesn't work with everything, but sysctls are required to use Va in freebsd manuals for this purpose.

is there a way to fix that sysctl so that it actually suspends when I close my laptop instead of when i open it?

I saw that openbsd is adding a tuneable to turn off Nagle's algorithm (essentially setting TCP_NODELAY on all tcp sockets) and went looking to see if freebsd had such a thing and I could only find tcp.delayed_ack which does not disable nagle's, but does disable delayed acks which does not work great together with nagle's (which I think is the same as setting TCP_QUICKACK more or less) so my question is if I have missed anything and if it is something that FreeBSD

maybe should have as well?

is it normal for most of the software in freebsd to be several years out of date of upstream and tons of bugs open in the bugtracker?

or for someware packaged to come so broken that a network daemon can't even accept incoming connections?

I don't think these are super niche softwares eithers

there now seems to be duplicates of the same package under different names

murmur and mumble-server?

what's the difference?

tldr: yes. long answer: there are so many different computer usage models

further, you can switch quarterly to latest and for my usage model, freebsd is up-to-date faster than other things ive used

i've already done that

the problem is that the software in the ports tree despite having maintainers doesn't look like it's actually being maintained

something especially weird is going on with murmurd/mumble-server

two ports of the same software by the same maintainer

programs like gajim looked abanonded

then there's this bugs.freebsd.org/bugzilla/show_bug.cgi?id=274504

Title: 274504 – mail/opensmtpd tls fails with FreeBSD 14.0-RC1

eported: 2023-10-15 20:22 UTC b

it's like, there you go just update to the latest source version

here's a patch to do it one way, here's another patch to do it differently

*crickets*

I don't know.

I want FreeBSD to work I really do, but it seems like i'm just having so many issues with it I would have on any other OS.

It's really discouraging when you see an issue that's a known issue for 2+ years with a bug tracked and everything but won't get fixed because 'just install wayland LOL' or already HAS several patches just waiting to be upstreamed but just sits there in silence

sfox the answer to the mumble mystery is answered in the commit messages freshports.org/audio/mumble-server

Title: FreshPorts -- audio/mumble-server: Server component of Mumble

Seems that in janurary upstream renamed murmur to mumble-server

So murmur should probably be deprecated at some point.

oh wel lthankyou

how do I do a lockscreen with xdm?

I normally use slimlock with slim but a freebsd dev said slim isn't maintained anymore and I should switch to xdm

Smack it with a hammer.

Serious answer: dunno. I just use Suckless slock, because it just works.

remiliascarlet, i tried that and now the battery won't stay in reliably anymore

jk

i seemed to settle on metalock. based in slock remiliascarlet but less primitive and with background support

looking through ports I found this crazy thing freshports.org/x11/hyprlock

Title: FreshPorts -- x11/hyprlock: Hyprland's GPU-accelerated screen locking utility

talk about overkill

i'm thinking about moving poudriere to a jail

that does look a bit overkill

wow

i guess mumble did get updated in freebsd

this works so much better now

hi all

jauntyd, poudriere works fine in a jail

but it needs jails to work

sfox: "'just install wayland LOL'" Just imagine recommending something that doesn't even work.

Also, why the fuck would you need GPU acceleration in a screen locking utility?

You're a screenlocker, not a video game!

it's to render a static image with fonts to the screen

mason: that was it.. process taht was not "dying" in jail not allowing it to stop

gpioctl question. I have a DS18B20 connected I'm pretty sure correctly to my raspberry pi, I've added "dtoverlay=w1-gpio" to config.txt. The sensor is on pin 7. How do I access its value?

Incidentally, `sysctl dev.ow` says "sysctl: unknown oid 'dev.ow'"

And `ow.ko` and `ow_temp.ko` are kldloaded.

Do I need to do something in gpioctl to activate the 1wire bus?

does freebsd.org/releases/13.2R/signatures have a copy somewhere else that isn't cloudflare? cloudflare is currently not letting me access that page

Title: FreeBSD 13.2 Release Checksum Signatures | The FreeBSD Project

xx: are you gaetting an error?

Hello, I am seeing bsd.to timeout. It's a cloudflare page that I'm seeing

(I just got here so I'm not sure if someone has already brought it up)

maybe it's not just me then, cloudflare seems to be having issues

i am able to get to the above page xx

try again

xx: you're experiencing the same?

and i am also able to download an iso file troo

This might help (cf status page): cloudflarestatus.com

Title: Cloudflare Status

oh, cloudflare is saying that it's the host's error. As in it's bsd.to

Cloudflare is full of shit.

i know that cloudflare can hiddenly block clients

so you keep fucking wondering

wtf

or should i saw waf

few elements didn't load on this site and some elements didn't load on that site and then some transaction didn't go through on some e-shop thay processes payments with xyz... the conclusion was that all those used cloudflare, that cloudflare tracked my browser throughout several uplinks and noone else had any issues despite coming from same ranges

My $40, half TB USB stick with 400 MB/s reads just arrived.

it's fun to think that this didn't exist 20y ago

Hi! I have a FreeBSD machine with some jails and bhyve vms. However, I really need to redirect an IP like this: a connection arrive at the external IP XXX.XXX.XXX.XXX and port YYYY. I need to forward it to the IP ZZZ.ZZZ.ZZZ.ZZZ port YYYY. Something like creating a wire between the two IPs. I could do this using Linux but pf does not allow this kind of routing.

is there anything I can do? Should I spin a Linux VM just to make this routing?

There's a few different NAT options. . . can prolly also do it with ncat.

it works if you have different networks

but that was the issue, right?

instance9, bsd.to upstream has been down for a couple of weeks now. It's fronted by CloudFlare but the upstream behind it is down. Nothing CloudFlare can do about that until the backend comes back online again.

oh, it was pastebin there?

ketas: yes, only one network

Yes. See the /topic for it. It has been offline long enough that I would like to see the topic updated to reflect a different pastebin recommendation.

ketas: that's why I cannot use pf to redirect

Ronis_BR, Are you trying to connect into one of the VMs/Jails and it is using pf based NAT there? What's the topology?

oh right, it's indeed in topic

Ronis_BR: isn't `rdr` in pf not good enough for your problem?

And it is the same problem for pad.bsd.to as well. Pretty sure they were the same backend system. Both down for weeks.

ridcully: No, I am not trying to use NAT in jails. I just need that this FreeBSD machine (which uses pf), redirect all the packages it gets in a port to another IP (external to the FreeBSD machine).

and obviously to send the replies back

ridcully: rdr did not work because pf cannot send the packages to another external ip in the same interface

it would mean spoofing src too

ridcully: it is something like this: forums.freebsd.org/threads/redirect…ll-traffic-from-ip-to-another.59364

Title: PF - Redirect all traffic from ip to another | The FreeBSD Forums

but there is not an answer :(

I don't know enough about pf to answer so I should keep quiet. But I also feel that the problem statement is ambiguous because the network topography hasn't been clearly stated making any answer impossible anyway. If the network topography was better understood then more help might be provided.

socat will work if rdr won't

I was just about to suggest socat!

If you ever thought... Maybe I should write a program to proxy between here and there... Then socat can already do it for you.

socat, or net network

new

rwp: hum, let me try to address that. I have two machines (A and B). I want to create this connection INTERNET <=> A <=> B. "A" connects to internet. I need that all packages that arrive at A in a specific port to be redirect to B in the same port.

The problem is that A only has one network

vlans?

that's not l2 there?

ketas: sorry, I did not understant

So A has both a public IP address and a private RFC1918 LAN address. And B has only a private RFC1918 LAN address. Gotcha.

understand*

rwp: Actually A has the same IP, only that the firewall allows outside internet connection to it

rwp: A and B are in the same network, but only A can receive outside connections

and I want to access a service in B by connection through A

but can't, why...?

isn't that the fw/gw there

So for example (using example.com) A might have 93.184.215.14/24 and B might have 93.184.215.15/24 but the firewall only allows traffic to 93.184.215.14?

ketas: for some reason pf does not allow this kind of redirect using the same LAN

rwp: yes!

Linux netfilter also complains about that case too. It will send an ICMP redirect and of course that's where things break down on the Linux kernel side too.

can't add more ips?

ketas: no :(

then socat0

?

In linux, I did something like this: iptables -t nat -A OUTPUT -d old-ip -p tcp --dport some-port -j DNAT --to-destination new-ip

if you can't modify network

ketas: I will search about! thanks!

Is this for a service other than SSH? Or are we talking SSH here?

rwp: no, it is not ssh, it is a connection to a database

hmm

I don't see how that iptables -t nat rule would apply, even if we were on a linux system. I have been there before.

socat seems promising. Can I use it inside a jail?

yes

There is also stunnel which I have used before for such things too.

thanks!

rwp: I will search about it

thanks!

The advantage of stunnel is really only that it can be used to terminate TLS connections and has an infrastructure for starting a persistently running daemon. For all other reasons socat is the swiss army chainsaw for network plumbing. But you will need to set it up persistently yourself as a DIY thing.

all those issues vanish if only you could have different networks

rwp: perfect! Thanks!

An issue that you will run into is that your database on B will look at the peer address and the peer address will always be the proxy machine A and never the remote system. That's probably not a showstopper for you but databases using IP addresses as part of the security can't do it then.

ketas: fully agree

vlans or vpns or vxlans or whatever

I like the idea of a VLAN here. But the default route would need to be out through the VLAN routing all traffic through A. Not sure if that is acceptable or not.

I am not sure

rwp: depends...

I recently put a WiFi Access Point on the end of a VLAN so I could overlay it on the existing LAN. And thought it would also work to have it directly connect through the LAN to other systems. Nope! That created problems due to the asymmetrical paths of packets heading in the different directions. In the end I removed the LAN address and connected through a separate VLAN subnet on the same wire.

you could add a fib

make it super complex

I am not really a network engineer. I just play one sometimes on my LAN.

machines with more than one network regularly appear on internet... in fact it's built with those

just need correct config :p

Ronis_BR, You asked if this could be in a jail and yes of course it can but... What networking is the jail using? Is it piggybacking on the host network? That's the easy case and it should just work. Is it a VNET jail using NAT? Is it DHCP'ing an address? Those other two cases create complications.

rwp: it was using ANT

NAT*

but I just realized I can install in the host

Then you would need to route the inbound through your NAT.

rwp: yes, the complication is not necessary

ketas, Certainly my connection is on a machine with three networks right now.

Four actually if I count the VLAN too and I think that should count.

wifi ap eh

why did you need this

you could bridge vlan into untagged lan

just switch craps out here often

My fiber enters my house on the far south side and I located the fiber modem and house router there due to wanting it online quickly and not wanting to pull the fiber through to another place. So it's there. But a WiFi AP there cannot cover the entire house and not up into the bedrooms. So I put a Banana Pi online centrally located but on the house LAN to be the WiFi AP and connected it over a VLAN to the house router. Works great!

Note that my WiFi AP connects to the Internet just fine for anyone using it but is firewall off from the house LAN systems. Hence why I put it on a VLAN.

but why did something fail here

i also do it here

wifi ap has vlan for traffic and untagged for management

You said your network switch fails out every so often? Then do you power cycle it or something to get it back online? Might be time to find a replacement switch.

rwp, ketas: socat worked perfectly! :)

thanks

socat FTW! :-)

i mean if you want to connect vlan to another vlan, switch won't generally do this

but a router can

hell router is what one should use here anyway

I must run. Real life is calling! TTYL

question: what is the best practice to start socat at boot?

oh, it seems there is already a service

@reboot daemon -f ... crontab is one quick hack

just don't "reboot" the crond

ketas: there is a file to configure instances and the service socat

which does also use daemon :p

in more proper way

man... I cannot believe that the solution was SO simple. I was about installing a linux VM (bhyve) just to make this routing.

thanks you very much rwp and ketas !

but now src ip is all wrong

?

ketas: yes, probably the connection in the B machine comes with the IP of A, but there is no problem at all

you didn't know you can proxy?

one can always proxy

ketas: no! I am not network expert, I was just trying to solve connection problem here :)

:p

thanks!

how good

SH3LLC0D3R, hack the Gibson.

cyberdelia is in 2 more days CrtxReavr

Ronis_BR, I am very glad to hear that you got everything figured out! As with most things, "Knowing is half the battle." :-)

There are many things that I am completely stumped by. Just completely stuck. But then someone will help me out and get me unstuck! It's the community which makes it all work.

i agree. the community here is second to none

gpioctl question. I have a DS18B20 connected I'm pretty sure correctly to my raspberry pi, I've added "dtoverlay=w1-gpio" to config.txt. The sensor is on pin 7. How do I access its value?

Incidentally, `sysctl dev.ow` says "sysctl: unknown oid 'dev.ow'". And `ow.ko` and `ow_temp.ko` are kldloaded. Do I need to do something in gpioctl to activate the 1wire bus?

Nobody plays with BSD on rpis?

Which file would I add commands to so they get executed and piped to the daily 3 am emails? It'd be /etc/daily.local on OpenBSD

i got a rc.d script that uses daemon to keep a bin running. child and supervisor pidfiles exist. service mybin start works, service mybin status identifies the daemon pid. service mybin stop works. but if i make bin's config file have an error and it crashes on start, service mybin stop doesn't work. keeps waiting on daemon's pid. in mybin's log

file i can see it keeps being started (by daemon) and erroring with config file. any way to improve this?

vortexx, Try /etc/periodic/daily/

gh00p, Not yet.

rwp: thanks