Very strange. I guess I'm just going to have to disable docs for eveything

so even with the latest 14-stable snapshot (through pkgbase), VT doesn't work with drm-61-kmod, still the "another device has precedence" error

I guess I just need to give 515 another shot and see if it still gives these linux_rcu_cleaner_func kernel panics after a few hours of using the system

and report the issue with 61

also reporting the issue with 515 if it persists

seems like at least for now I can still fall back to 510, presumably up until the build infra uses 14.2 where it won't build anymore?

might be a good time to learn poudriere

maybe also a hassle, but at least if you find something that runs for you, you can just build that

well my understanding is that at this point, 510 will just not build on 14-STABLE due to LinuxKPI header changes

ah, i see what you mean. hm

so I'm guessing the binary package that still exists is built on 14.1

anyway, back over to 515 I suppose

Here's the backtrace for the SSL failuire: bin.morante.net/?74706b7f7d16f1d0#3…rH2uniJA2CVAWL4ZN1Q1QyzpJ4f5Ew8eoC8

This seems to be the line of code it's failing on: github.com/psf/requests/blob/main/src/requests/adapters.py#L81

bummer, so this 8bitdo controller doesn't seem to work on FreeBSD. xb360gp binds to it, but none of the buttons or axes work at all

is there a way to kldunload a driver that's part of the kernel? for example, i'd like to kldunlod the if_em driver

the driver is currently reporting: em0: TX(0) desc avail = 1024, pidx = 0

it's a bug in the driver, but instead of restarting the system, i just wanted to unload and load the module

Hiya. If both an entry in /etc/jail.conf and a file in /etc/jail.conf.d/ exist, which one is used?

hey, having trouble getting sound from hdmi on 14.1

/dev/sndstat includes pcm2: <Intel Tiger Lake (HDMI/DP 8ch)> (play) default

It looks like this might be a pretty common problem, but I can't turn up any solutions

jfloren_: let me guess, you're a linux user?

this is progress, got the 8bitdo controller working with hgame. even wireless works

I probably should have read the instruction manual that came with the controller because it mentions holding B while connecting to "Android & Raspberry Pi" (i.e. Linux)

and it seems like that initialized the controller into a mode that FreeBSD works with as well

CCFL_Man: I've got more Linux experience, yes

I still gotta write the devfs rules to have these nodes readable by default for my user though. unless there's a group I can put my user in to automatically read input devices?

jfloren_: it shows.

you know enough to call out a linux user but don't know enough to provide any help?

yeah that felt pretty unnecessary

jfloren_: i don't really do anything complicated with audio, but this might be a hw.snd.default_unit sysctl thing

i believe the manual covers sound fairly well: docs.freebsd.org/en/books/handbook/multimedia

as a long time freebsd user, i wouldnt use it on desktop today

kevans: I've got default_unit set to 2 already. I can play a test file just fine from the onboard speakers but it doesn't come through the TV via HDMI

mjp: yeah I haven't run freebsd on a laptop since ~2008, but I wanted to give it another shake. I'd initially planned to just use this laptop (spare from work) as a jukebox plugged into my stereo but I thought I'd try Kodi too for the hell of it, hence the HDMI thing

if I don't figure anything out I'll throw Debian on it and roll, it's not a big deal, I only installed yesterday and haven't really done much besides installing my ssh keys and a couple packages

hmm

˜/1

jfloren_: did you restart applications after setting the default_unit, or did you set it in, e.g., sysctl.conf?

set it in sysctl.conf and rebooted for good measure (I had also installed libva-intel-driver per the handbook and wasn't sure if that needed a reboot)

funky =\

Can you have jail names of the form: foo/bar ? According to the man page, the only character you can't use is a '.'

yes

there's virtually no constraints on jail names besides '.', and that only exists because '.' is the jail hierarchy separator

I'm guessing the the path would then end up being /jails/foo/bar ?

the jail name doesn't affect the path unless whatever you're using to manage jails makes it so

ahh yes, good point. I don't *have* to set the path to use ${name} if I don't want it. That slipped my mind as I was working off a template, thought it had to be done that way.

But if I want to key off of ${name} for things like path and host.hostname, than I guess I should refrain from using "/".

what to people use to manage jails these days?

i've gone from ezjail to iocage which is now abandoned but still working

I've been using bastille, but there is also cbsd and there is appjail as well

my needs are simple, so I'm switching to maing jails without a jail management program. With variables and ability include files in /etc/jail.conf, the configuration can be templatised and you can script it on your own to your liking and taste.

ah nice quite a few there, bastille looks good

would like to move to native config as well, need to look into how hard/fiddly it would be to manage

a project for another day (whenever the iocage rug gets pulled)

i use iocage as well, but I'd like to sucker someone into writing a lua-based jail manager

whats so good about lua?

we have it in base

i would love nothing more than a low-dependency get-shit-done jail manager

that used to be ezjail.. which was written in sh i believe

i would love nothing more than a low-dependency get-shit-done jail manager that isn't a shitshow of sh :-)

haha

i like sh and i can competently write sh scripts, but it's just not a good fit for the task. i also like lua and i can competently write lua, and it's just as light

is the native tooling considered done/enough? people are using the 3rd party utils for a reason

That's interesting to know about Lua. I didn't realize it was in base

o0x1eef: i have some short writing on the matter here: kevans.dev/flua

mjp: I think it's largely considered good enough, it does meet the needs of many

kevans Lua was developed on our university (brazil \o/ )

kevans: where in base is f/lua ? I looked in /usr/bin, /usr/sbin, /sbin, and /bin and did not find it.

libexec/

duh!

mns: yeah. we hide it a bit to avoid people depending on it too much

devnull: PUC-Rio :)

ahhh ok.

o0x1eef Yeahl!!

what other languages are there in base, besides lua, c/sh, c, c++ ?

there's still some forth

awk :)

M4 i hear can be quite tricky at times en.wikipedia.org/wiki/XZ_Utils_backdoor

awk is pretty good.

the less in base the better imo, i like perl and use it a bit at work but glad the OS does not need to depend on it anymore

alright I have a vanilla thick jail with lighttpd installed. Now to get the config visible from the host inside the jail? use nullfs?

I always keep forgetting about awk and m4

nullfs works, have used it for a number of years to mount filesystems within jails

I actually just need one file, /usr/local/etc/lighttpd/lighttpd.conf to be available inside the jail. I'll have to get rid of the /usr/local/etc/lighttpd that is inside the jail, then mount via nullfs and see what happens when pkg runs. I don't think it would overwrite what's there

sounds like you're doing something a bit wacky, just copy the file in?

Nice (free) book that covers Lua: lua.org/pil/contents.html

why would you want the jail to depend on a file located on the host?

so that I can edit the file on the host and have the changes show up in the jail, or would that not be a correct/good workflow?

just edit the file within the jail?

unless you have a special need for lighttpd i would be looking at nginx too

I like lighttpd, simple for my needs and been using it for years now.

as you've got a thick jail its basically a self-contained OS anyway

fair enough

don't want extra copies of emacs being installed in the jails, so trying to keep the editing process outside of the jail.

hmmm outside of the certs I don't need to mount the lighttpd.conf, I still have access to edit them from outside of the jail as it is, no need to copy it.

emacs and lighttpd, i'm afriad you're too far gone to help hehe :)

haha

I can't live without emacs, I've been using it since 1988 or so

In my experience 'mg' can be a nicer match for servers, and leave emacs for development computers

I tried mg, but for some reason didn't work for me

mg microemacs was the gateway drug that got me hooked on the full size emacs. :-)

"didn't work for me" in the sense that I couldn't get used to it.

and now my native, thick-jail+vnet combo is up and running with lighttpd working as well

Congrats =]

thanks

hmm I'll have to see where my logs are going though, but that's for tomorrow lol

bastille is out, native jails are in.

native jails?

mns what's that?

native jails, vanilla jails, whatever the term is. no jail manager used basically

hi, I'm looking into a threaded apache/mod_php inifite loop hang in libc's jemalloc extent_heap_remove - pastebin.com/raw/jSLWLLKW

isn't bastille a jail manager?

my guess is that bad thread safety caused a loop to form in the heap tree (can't tell though), any idea how this could happen since presumably libc is meant to be thread safe (isn't it?)

Podman... on BSD?

Alver: gyptazy.com/run-linux-containers-on-freebsd-14-with-podman

oh, nice

deferred: thx for pointing out

:) no problem!

well that was fun just nmap'd a device on my lan to try figure out what it was and got a kernel panic

daemon: is this a device you can physically find at your house or is this at work with a large network of some sort?

oh its somewhere in my house its probably some random pi or beaglebone

deferred: huh. That is... creepy, and yet so handy

or an admin interface I accdentally left open for one of alot of switches

just install gdb to find out what caused it

I've spent way too many hours fighting shitty Linux code

+ing

deferred: wondering if that could run inside a jail. I suppose there's no reason why it couldn't

nmap'd it from a different box, android 6.0 - 7.1.2

so likely one of the kindles or tables

tablets

daemon: don't mind me, just stealing your wifi :3

TommyC, ;)

TommyC, go ahead but you can help with the firewall too!

hey all, having an issue with fail2ban and pf I left it setup mostly default accept adding a sshd service in jail.local all of which seems to have worked, I badly logged in 3 times from a system and its ip was added to its banned list. However what never happened was the actual ban, it never seems to have been added to pf, log and pf.conf is here: dpaste.org/EnSkN

not 100% sure what else I need to be doing

there appears to be no way in the fail2ban.conf to say pf, ipfw or well anything

all I remember is that there's supposed to be an anchor point in the config where new rules will be added, and fail2ban will probably call pfctl to add those.

from some guides, what you're supposed to do is to configure 'banaction' to the name of a conf file, and then put the conf file under action.d/, and inside you have [Definition] section with actionban = <commandline> and actionunban = <commandline>

basically you should check a guide for the specific firewall. I wouldn't be surprised if fail2ban's guides section has prepared instructions for the most popular solutions.

ultramage, thank you yes that is what I seen

well no I didnt

I seen some using anchors and some using tables

and it seems all their official docs are for linux

daemon: shot in the dark: fail2ban vs f2b with the naming of the tables?

will give it a shot

oh yea true, a table would work as well. I already have a table for ipbans but I only fill it at startup. Could easily add new entries I guess. Or have a second table.

they don't have sample configs / instructions for pf? not even the freebsd package provides one?

well that was fun

I found out that sshd is not reachable on any of my ips at all

just to make sure im not insane, can anyone see port 22 on these: 148.252.128.228 87.74.154.205 84.9.78.239

none of those

I have no block rules, hmmm

anyone have any clue why this would break inbound connections to ssh: dpaste.org/FmQP7

it does work on the lan side

Not sure how fail2ban does it but that's a relatively simple problem in plain pf: pf.conf: block in from <blocked> to self; sh: pfctl -t blocked -T add <someip>

fail2ban is just a log gobbler, follows auth.log and a few others apache nginx etc.

then does effectively what you just said

Roger that

ok I removed all blocks and still no connection to ssh

I wonder

# nc -vlk 9090

can someone throw a connect at that on 148.252.128.228

oh wait inbound connections will not be getting told what rtable to use

hmm

yikes I got it to work

that was unexpected

grats on accidentally fixing your networking

oh no I meant to fix it, I just did not expect it to be successful, I have been struggling with fibs for a week

I really wanted it working with IPFW but I just gave up yesterday and tried pf where it was much easier

afaik ipfw was replaced with pf as the preferred solution some 10 years ago (might be wrong though, but it's why I switched)

ipfw still gets updates the most recent was the inkernel nat thing

and I do believe it is a bit more performant than pf

but it really needs a cookbook, just 10-20 pages of common usages

cookbook.freebsd.org

would be quite a wonderful thing

ah, I dunno then. ruleset-wise things weren't that hard to flip over

ah few years ago I used it with DUMMYNET to create a fakr emulated 56k conection for instance

specify missing packets variable latency etc

it has lots of stuff, its just all so hard to understand and figure out at times

yay fail2ban is now working too, little bit vicious, one failed login it banned my server from talking to it at all

whom ever suggest the anchor over the block line, you was correct thank ou

you*

infact it does not even need the table

the result is probably the same, you just need to write the action commandline differently (creating a rule at anchor instead of adding ip to table)

daemon: my guess here is, that unknown tables materialize (hence no error with the previous f2b) - so it does not need the table line to get a working table. but the table line makes in your config makes it read the file, which most likely is also filled by fail2ban so this will survive restarts, pf-flushes, etc

I haven't used it yet but I assume f2b keeps its own state file and just re-populates the firewall at startup

table <whitelist> persist file "/etc/pf.table.allow" (persist means it doesn't get auto destroyed when empty)

I don't think pf saves table changes back to the source file. there might be a command for that. if f2b manipulated table files, it would have to issue a table reload.

can I use zfs snasphots + send/recv from a 14.1 client to a 13.3 server?

ridcully, I added the file thinking it would get entries added to it, so if the box was rebooted or something it would have a save state in effect, but nope

if the newer FBSD doesn't use any ZFS features not present in the older FBSD, ZFS is backwards compatible, sure

mage, I would assume so, but create a little 1M snapshot or something and give it a try

I'd check if/how f2b saves its state. It would be most obvious if it kept its own stuff and just reapplied it at startup. That way it could stick to the simple ban/unban commandlines as the only needed interface

it does write to a sqlite3 table in /var/db

sfox: yes bastille is a jail manager.

kevans Do you have news about koobs?

devnull: I do not

kevans thanks, I hope he is good.

devnull: what happened?

ober I hope nothing. He is a friend that helped me so much in FreeBSD. I didn't saw him since 2022.

devnull: heh... You could be walking in a stadium like I was last weekend and be stopped by someone who you haven't seen since 1999... How he still remembered what I looked like utterly shocked me (I was 100 lbs heavier then)

Tenkawa haha yeah, some people remember us, and mark us in a way that we do not forget.

Yeah it happened 2 weeks in a row at the soccer matches here with me

the other one was only since abour 2010 but still....

s/abour/about

˜/6

anybody here have experience with pcie sata controllers? are those the kind of device that just works out of the box regardless of brand/make?

phryk: i strongly suggest buying a PCIe SAS controller instead, e.g. an LSI card (make sure it has the 'IT' firmware). you can plug SATA disks into that, the cabling is neater, the hardware is better and they're supported by every OS (including freebsd)

ivy: i have 0 SAS experience, but the cheapest i find is over 10x the price of what i would otherwise get.

compare: mylemon.at/artikel/axagon/pces_sj2/pces-sj2-pcie-controller-2x.html (cheapo) vs mylemon.at/artikel/fujitsu/s26361_f…st-adapter-raid-controller-sas.html

phryk: It also depends on the environment/workload/number of drives

true, i usually visit ebay for this but that might not be a good idea if you're buying for work

There's several factors that will factor in.

i'm buying for my home setup.

SAS for a home setup is a bit complex on the hardware however I extensively use lower capacity NVMe drives.. I need speed more than storage.

current hardware of my homeserver has enough sata ports to plug in the two extra drives i'm about to order, but i already got a new board and (broken) cpu lying around that i'll upgrade the system to when i get around to rma the broken cpu. the new board only has 4 SATA ports, so I'll need at least 2 more for the new disks.

Tenkawa: fwiw, i find it preferable (talking about home here also) because the SFF-8087 to 4x SATA cables are nicer to run than normal SATA cables. ymmv, ofc

heh, meanwhile i'm starting to think about looking for a 19" case with more places to put disks. currently have 4 in there, soon 6, in a couple years, who knows?^^

ivy: indeed cabling becomes a consideration that I don't have to worry about much.

for now, i'm just looking for a cheap solution that's as plug-and-play as possible. since i don't want to connect any SSDs to the controller, speed/bandwidth shouldn't be too much of an issue.

hence me wondering if those pcie sata controllers work out of the box or if i have to take more care in picking one.

you do need to take care and it's more complicated than you might think as sometimes they have multiple different ICs on - i have an 8 port PCIe SATA card somewhere where 4 ports are on one IC and the other 4 ports are on a completely different IC and FreeBSD only supports one of them

is there a list of well-supported chipsets or something i can confer to?

at least some Marvell ICs are supported by mvs(4) and these are quite common on those cards

ahci(4) is also well supported but for some reason that seems uncommon on plug-in PCIe cards

isn't ahci what the on-board controller speaks?

yes, basically all onboard SATA is AHCI nowadays

hence being well supported :-)

alrighty, the cheap one i linked lists on the manufacturer page "Compliant with Serial ATA AHCI (Advanced Host Controller Interface) specification." under features. unless they're trying to bamboozle me, that should mean that this card will work with the basic ahci driver, right?

i would expect so, yes

great, thanks.

soon, i shall have fully mirrored 10TB storage :3

phryk: what are you going to store ?

mzar: things. O:)

phryk what kind of "things"? :P

8TB of assorted obscure erotica plus some squish space for non-essentials like the OS. (:

of course

I learned a long time ago that if I don't want to hear the answer then it is better not to ask the question.

rwp I agree, this is wise advice.

In this context, for sure. At other times, it can be an important part of challenging your own beliefs / understanding.

wondering again... I ran into an infinite loop in libc's jemalloc, presumably due to bad threading, but isn't it supposed to be thread-safe? I'm not sure how to investigate this further. pastebin.com/raw/jSLWLLKW

˜/42

The answer to all questions.

hmmm... is anyone running 14.1-RELEASE and having issues with pulseaudio

when I try to play audio nothing happens, I check it all and it shows up just fine

go to play audio, pulseaudio hogs an entire thread, until I send SIGKILL

pacmd exit (restarting pulseaudio) works for about 2 seconds before it hogs a thread again...

ooo correction, it hogs a thread when pavucontrol is open

so its pulseaudio causing it to hog a thread...

either way, audio doesn't work

dpaste.org/zOoxQ the devices are being picked up, and the kernel modules are being loaded...

rwp: only one question

Here's an example of per-jail metrics graphed, cpu usage, etc, per jails. bsd.network/web/@dvl/113319419745608966