sorry, i should find my charger. don't wait for the post. probably tomorrow

when setting up a RAID 1 situation, is there some sort of performance hit when utilizing UFS over ZFS on a created gmirror?

Gnea, UFS with gmirror is probably fairly close to the same performance as a ZFS mirror. But ZFS had extra work for robustness and so will likely always be just a little bit slower than UFS. Though I have not benchmarked them.

ZFS never rewrites in place. ZFS always writes a new block and then switches from the old block to the new block.

Gnea: if you're asking about ZFS on a gmirror - don't do that, you'll lose ZFS's ability to repair damage. ZFS has built-in mirroring

ivy: that's what I was gearing toward. thank you.

Oh, I didn't think that was what was being asked! Right. Don't do that.

rwp: it's okay, I hadn't gone into much detail just yet

I appreciate your answers

so, next question: does UFS have anything like what ZFS has for damage repair?

or does the geom take care of that?

UFS is mostly a traditional Berkeley Fast File System and if needs to be repaired requires fsck to run on it and try to recover what it can.

Using gmirror will present a redundant storage to UFS but if the file system becomes corrupted then you can only fsck upon it to try to clean up the corruption.

Better to use a zfs in a mirror so that if data blocks become corrupted that it is detected by the extra zfs checksums and repaired from the good side of the mirror.

Okay. So does ZFS just fix itself on the fly then withing having to unmount+fsck?

Yes. ZFS for the most part will automatically detect and automatically fix itself.

That's awesome.

in fact there is no fsck for zfs at all

Sold. "take my money!!"

If one tries to read something that has an underlying data corruption then it is detected and the other redundant block read instead and used to rewrite the corrupted block.

but for this to work you have to give individual disks to zfs - no gmirror, no hardware raid

then that could result in a disaster

Periodically run "zpool scrub" where periodically is by one default every 35 days, run more often if you have cheaper hardware, and it will read everything explicitly to force the repair.

Gnea, "then that could result in a disaster" what part equates to the "then"? What did I say wrong?

(you can still use gmirror for the EFI and swap slices on your root disk - general advice is not to put swap on zfs anyway)

Do not put swap on zfs as zfs itself needs memory and if memory is needed then swap is needed and it can deadlock. The installer always puts swap on a gmirror on a separate partition.

rwp: I was responding to "< rwp> If one tries to read something that has an underlying data corruption then it is detected and the other redundant block read instead and used to rewrite the corrupted block."

Okay. Why did that sound scary?

would that not result in a hardlocked system? potential data loss?

ZFS checksums all data, so it knows which copy of each block is the correct one, it will never overwrite good data with bad data

Regarding swap on zfs I don't think anything has changed since schmidp.com/2014/01/05/freebsd-10-does-swap-work-on-a-zvol and also openzfs/zfs #7734

Ubuntu tried putting swap on zfs bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1847628

oh dear

Klara Systems posting describing swap system klarasystems.com/articles/exploring-swap-on-freebsd

Meanwhile what ivy said, zfs checksums all so as to know if a block is corrupted for some reason (disk / ssd / cables / cosmic rays from space).

Cool, I just need to back out the root filesystem from the gmirror that I'm working on, then utilizing that space directly using zpool

I had zfs pull me through a nasty power hardware problem on one of my systems, things really looked grim, but after I figured out it was a bad power connector jiggling dropping power to the drives while they were writing I fixed that, ran a zfs scrub, and had 100% good data after repair ZERO data loss in a raidz2 array.

Nice.

If you haven't done it yet I would start small with a test system using the freebsd installer and let it set things up as a baseline, play with it to become familiar, then read wiki.freebsd.org/MasonLoringBliss/ZFSandGELIbyHAND to get more background, then *install for real*. I would not optimize before then.

okay

i found my charger and it is kept yellow and not working. pasteboard.co/3ZoJDyeKDYjX.jpg

maybe i should wait

it was dirt cheap that's why i bought it a couple of years ago. the price is now unreasonably high in Ebay. I think had searched it too often and sellers bulked up price, thinking that someone will buy it with the price.

Ok it appears that i used to use geli on coreboot pasteboard.co/ywSiEZdV2foo.jpg

you see i forgot the password

You forgot your GELI password? I am sorry for your loss.

rwp: i still have a chance that this keyboard is too old to get my input correctly

I don't recall ever having a Thinkpad keyboard fail in such a way.

But honestly if you have had this system in storage long enough to have forgotten the password for it then what data could be on it of importance?

rwp: i have my own machine-free system

I had an X60 for a while but the scrunged keyboard drove me crazy and I gifted it away to someone else who could use it.

rwp: it is an excellent laptop. but the current price you see now on EBay is scam

i think there has been some discussion of choice of file system protection and installation options last time iirc. i would like to add one: geli + coreboot

eBay prices fluctuate. I always tell people that on the used market to only buy what they know. It's a buyer beware market.

Coreboot is always good. And for me Coreboot systems are the only systems that have what appear to be bug free UEFI booting. All of the vendors UEFI firmware I trip over bugs.

On a laptop using GELI+ZFS to provide for a full disk encryption is definitely the way to go.

rwp: well, my thinkpad does not seem to use uefi but coreboot is not bad. fast and look cool

it wasn't so toy project because i used it quite long. my modern laptop was broken and i had to go out to collect more dishes to buy modern laptop. during the time I had relied on it

i had gone through extremely hard time(still hard time but better) with this machine. very meaningful to me.

how many of you use FreeBSD with a DE on a desktop or laptop as your daily driver for work in the IT or development field?

I'm curious to try it but i've seen where distro's like GhostBSD have users reinstall the OS for some upgrades which makes me think that I'll need to really watch changelogs if I update a FreeBSD system with a DE and used as a workstation.

freebsd.org/where <-- that page seems to have a bug at 14.2

14.2-RELEASE doesn't exist yet

but the beta is downloadable

and the bug is for 14.2-current

OK

there is no 14.2-CURRENT

sure the beta is build from it

only 15.0-CURRNET

nope, build is from releng/14.2 which is derrived from stabe.14

* stable/14

BTW 14.2-STABLE looks fine to me

FreeBSD 14.2-STABLE (VBSD) #52 stable/14-n269449-46d30932876f: Fri Nov 1 08:20:26 CET 2024

it's been available for a while

is there a non-janky way to set the password hash of a user? I have some users that I'd like to recreate on a new host but I don't necessarily know their plaintext password. I do have access to the /etc/master.passwd though and can see their hashes just fine

do I just re-create them and then edit the /etc/master.passwd to paste the hash?

foxxx0: you can just copy+paste your old master.passwd entries into the new, no need to create the user first. then copy their home directories over too

alrighty, then I'll do that. thanks :)

remember to use vipw to edit master.passwd (or manually rebuild the databases afterwards)

mhm, hypothetically speaking, if someone were to just edit using vim ... how would one rebuild the database? (asking for a friend)

foxxx0: pwd_mkdb -p /etc/master.passwd

thanks :D

foxxx0: use vipw(8)

is it possible to partition up an external drive into 4 chunks so bhyve could run 4 vms off of it, 1 vm per chunk?

say 500GB chunks, 4 vms, 2TB external drive

l00py: if you don't want to use files (which is the easiest way), you could simply create four partitions on the disk

why would you want static partitioning instead of just raw files?

oh i can make bhyve store a whole vm's "disk" in just a file on the drive?

that's the usual way you would use bhyve, yes

right now i give bhyve zfs vols to back vms with

what would i format the external drive?

zvols are, for whatever reason, slower than flat files, so i use files even on zfs

(although there's nothing technically wrong with using zvols)

filesystem is up to you, i'd probably use zfs just because i use zfs everywhere

can i put zfs on the single external drive, and have it totally separate from my internal zfs on root mirror?

yes, just create a new zfs pool, see zpool(8)

that's so cool. tyvm

and you can make the flat files only be as large as they need to be, like a sparse zvol does?

so a 500GB vm "disk" is only 20GB in reality if that's all that it's written

yes, if you create them using 'truncate -s 250g disk0.img' or whatever you will get a 250GB sparse file that only uses a few KB on disk

weeee 846 MiB/s over cifs/samba \o/

amazing, tyvm

ivy if you have this 1 external ssd, would you have zfs store multiple copies or any special stuff to recover from a single drive?

recover from an error in the single drive*

no, if i cared that much about the data i'd use a mirror

ya

ok tyvm

copies=N is somewhat useless because if the disk's basic metadata is damaged, you can't import it to recover the data. that feature only really exists to handle a few bad sectors on laptop disks

(and by 'laptop disks' i mean old 2.5" HDDs more than SSDs)

ya that's what i was thinking, sectors

ok

basically if you have a 1TB SSD and want to use copies=2, just buy two 512GB SSDs and use a mirror instead, price is basically the same

I'd even argue 1tb is cheaper per gb than 512gb, so 2x 1tb won't run you that much more than 2x 512gb probably

also true

unless you buy your SSDs from Apple of course :-d

(yes, i've been looking at the SSD pricing on the new M4 Mac mini...)

sweat, maxxed out my 10G link over samba/cifs.

sequential reads and write both just flatline at 1.2 GiB/s now \o/

foxxx0: i can do that when zfs is reading directly from cache, but i've never managed it for disk i/o, that seems to top out at 600MB/s or so (on 8x raidz2, 7200rpm)

this HBA is quite old though, that could be the bottleneck

i suppose as each disk does ~100-120MB/s sequential write, that's not too far off what you'd expect

once day i will rebuild this pool using 8TB SSDs, but prices need to drop a bit first :-)

8TB ffs. i'm working with 2TB nvme and feel like a baller 8TB is galactic

ivy - the mac mini you have been specing.. have you "looked" at if there is anything out there to ugprade the hard drive on it? SO far i have seen.. basically you pick it and you can not upgrade it, like the ram

voy4g3r2: correct, the NAND and DRAM is soldered onto the CPU package so you can't upgrade it later

voy4g3r2: my plan is to buy the base storage config (256GB) and use that for the OS, then add a couple of Thunderbolt SSDs for data

this powerbook (12 years old) is getting long in the tooth...

when signal tells me, it will no longer support the OS.. i think it will be retired soon

the hardware doesn't even include an 'SSD' in the normal sense, the controller is on the SoC and it talks directly to the NAND

ivy: i do have 4x 7.68TB NVME raidz1 ... from my benchmarks those could even saturate a 40GBit/s link

voy4g3r2: i don't think i will buy the M4 though, my M1 is still working fine and i'd like to wait until FreeBSD has proper Apple arm64 support so i can repurpose this to a server when i upgrade it

ivy: a m4 pro withj 64 gig of ram does look real pretty

ivy: the 2200 price tag is up there with what i paid for this laptop in 2012

yeah, for CPU performance the M4 Pro is competing directly with the old M1 Ultra in the original Mac Studio, which is a pretty big performance bump

yeah, the intelligence stuff.. no thank you.. i got an ollama (in a bhyve) for that

now i am at the "ceiling" of, applications are depcrating support for applications i use

need to grep for STRING\x00 but only print out STRING

is this possible with BSD grep?

I don't think BSD grep support lookaheads according to re_format(7)

i'd probably use sed for that (which i realise isn't really an answer)

its a good answer for trimming \x00

can i get it to do the search too ... mmm

oh derp we have perl in base system, thats fine

facepalm

yes, you want sed -n, then use a pattern to match the string, s// it, then use 'p' to print

# sed -n '/^root:/ { s/:.*//; p; }' </etc/passwd

root

something like this i suppose

ripgrep does exactly what i need, scary fast, but not in base

hah. I first do strings, then bsd grep is fine

ivy: sed would work but is surprisingly slow over this 9gb file

that doesn't surprise me, i think your idea to use strings is better

and grep has a handy -m (stop after N matches) which is a great find

getting a bunch of "GEOM_ELI: Crypto request failed (ENOMEM)." in dmesg. affected devices were part of gmirrors, which got degraded and don't add the geli partitions back to the gmirrors after the situation is resolved – anyone know how to fix this without adding them as new consumers to the mirrors and syncing from scratch?

in hindsight, i probably should have set up geli on top of gmirror and not the other way around, but i'd be glad for some bandaid in the meantime.

"geli: Cannot read metadata from /dev/gpt/down-a: Input/output error." nevermind, seems like i got more problems than that :'D

hi everyone, I have "13.1-RELEASE-p3 FreeBSD 13.1-RELEASE-p3 GENERIC amd64" an I'd like to have my sshd exposed to the public at port 22. moreover, i'd like to mitigate the security breaches this might introduce as much as i can.. e.g. i am seeing this in var/log/messages: "error: Fssh_kex_exchange_identification: Connection closed by remote host" and "error: kex protocol error: type 30 seq 3 [preauth]".

is there anything i should be doing about this? how about a standard tool to probe any vulnerabilities in my setup?

yashi: as long as you stay up to date on security fixes, you should have a secure (as much as possible) sshd. consider turning off root login and password authentication, which is good practice for any SSH server on the Internet

yashi: seconding ivy, don't let people log in as root, nor with passwords

yashi: you should probably also be aware that FreeBSD 13.1 is EOL and no longer received security updates. so, don't put that host on the Internet, and upgrade to 13.4

Do we have any old Thinkpad users in here? I'm trying to get one up to date with 14.1 and the new wifii stuff, but have hit an early roadblock with the keyboard.

wiki.freebsd.org/Laptops/Thinkpad_T550 <-- what I'm working with

spork_css: i have an old Lenovo X240 here, not sure if that's what you mean by old

currently working fine on 14.something

i did notice it requires 'atkdb' for the keyboard to work, but that's in GENERIC

After updating from 13.x (literally it's been sitting on a shelf for 2+ years), 14.1 works fine (no X though) but I literally can't login or do anything on the keyboard.

Letters type fine, but when I hit "return", say to enter my username, it echoes something like "~5~~". The numpad "enter" works.

Space bar also adds characters. To type a space I use the mouse to copy and paste a space. :)

It reminds me of a slightly funky serial console with the wrong term type set.

In 13.x it worked fine. Hard problem to google.

that's weird. might be worth asking questions@

Unrelated to that, mine is 2015 vintage, how old is your X240?

Are you using any of the reworked wifi stuff with it and is that working out well? I think I put this away because it had two main issues - doesn't wake from sleep and 2.4GHz-only wifi.

is there a way to remove route when "gateway uses the same route" ?

without reboot :)

what do you mean by that?

i have a route with UG1 flag

when route delete -inet6 fd00::2:0:0/96

i have : delete net fd00::2:0:0/96 fib 0: gateway uses the same route

then you need to find out which other route is referencing this one

i have allready removed the gateway

the route with gateway

Teraii: can you paste the output of 'netstat -rn' somewhere?

fd00::2:0:0/96 fd00::2:0:20 UG1 ---

I'd second the request from ivy

(note the interface removed ---)

no way to remove G flag ?

"route -6 del fd00::2:0:0/96 fd00::2:0:20" doesn't work?

possibly also try "route -6 del fd00::2:0:0 -prefixlen 96 fd00::2:0:20"

same error message

then we'd need a more complete picture with the output of 'netstat -nr'

I think your issue might be fe80::%lo0/10

fe80:: link-local routes are supposed to be of prefix-length 64

fe80::/10 includes all of your fe00:: routes

err, nvm.

scratch that, haven't eaten today >.>

=)

all fe80are automated LL :)

all fe80 are automated LL :)

how did you add that route? .... well there they go

it's probably PINNED route, with protection

I'm guessing at some point there was a route for that gateway, otherwise it wouldn't be a valid nexthop

and then just deleting that gateway route invalidated that /96 route as the nexthop is now invalid, not sure why it wasn't automatically cleared up?!

probably dirrect connected route

lost my zenitude and reboot :)

welcome back Teraii , we were asking how you ended up in that situation. did you have a manual route for 'fd00::2:0:20' at some point?

otherwise you wouldn't have been able to use it as a gateway, right?

indeed

or did you have a direct link with a subnet/prefix, that contained fd00::2:0:20 as directly attached?

reboot has removed the route O:)

we are not progressing much with troubleshooting Teraii

there was a route with fd00::2:0:20

in that case, the solution would probably have been to re-add a direct route for 'fd00::2:0:20' as directly connected to an interface, or possibly temporarily re-adding a prefix containing that, to then subsequently remove the static route first, and then the gateway route

but when removed the route with fd00::2:0:/ was not removed

/96

but when removed the route with fd00::2:0:0/96 was not removed

even when interface was destroy (tap1)

personally I'd expect that route to get purged in the same operation, but I'm not too familar with the routing table internals on freebsd. more of a linux user here

since a while we can use multipath routing, so routes have now "weights"

the route was learned via bgpd

and i'm correcting some structure mistake here :)

you have to filter it next time

ho yes

forget that

it's not possible to remove by hand all routes added by routing deamons

when you add it by hand, you should be able to remove it in the same way

ok

it's connected with the transition from rtsock to netlink

Teraii: please compare reviews.freebsd.org/D46301

well

we will reboot to force deletion ...

sometime there is no other solutions :)

yes, but filtering them in BGP will prevent that

Teraii: what are you using as routing deamon ?

openbgp

@ivy: well, booted into Windows and the BIOS and same keyboard issue, so I guess it's a Thinkpad issue, not an OS issue. Also clearer in Windows is that it's doing either a PAGE UP or HOME and *then* the carriage return. Very weird.

welp turns out if git fails to clone something it'll just tidy up after itself by deleting

1.6gb and half an hour later\

'sake

so let's  say i got an external drive i want to format zfs and then put bhyve vm flatfiles on. i plug the drive in then check gpart show to get its dev id like /dev/da1?

l00py: after you plug the drive, check 'dmesg' is the easiest way to find the new device node. then run 'camcontrol devlist' and make sure the model/serial displayed matches what you expect. then partition the disk with gpart

like gpart create -s GPT da1?

if it didn't come with an existing partition table (meaning it doesn't show up at all in gpart list) then yes

i mean gpart show, not list

although if you're planning to use it with zfs, don't use gpart

if it comes with 1 it's safe to use it?

just create the pool directory: zpool create mydisk /dev/da1

oh ya i want to use with zfs

s/directory/directly

wow

well

so 'mounting' hardware is as easy as mounting a dir?

it might be worth deleting the partition table in gpart first

so 'gpart destroy da1' then 'zpool create mydisk da1' (as long as you're sure da1 is the right disk!)

l00py: i'm not sure what that question means exactly

what is the easiest way (akin to pkg install ...) to upgrade 13.1 to 13.4?

ivy "mydisk" is like "zroot" right?

l00py: yeah, that's the name of the pool

so call it 'data' or 'data1' or 'disk1' or... you know, whatever name you like

yashi: freebsd-update fetch; freebsd-update install; (read what it tells you); reboot; freebsd-update install; (read what it tells you); freebsd-update install; (read what it tells you); pkg-static upgrade -f

you may need -r 13.4 somewhere there, i honestly haven't used freebsd-update for years

ivy tyvm. readingman zpool-create rn

Shouldn't need the "-r" arg for freebsd-update if it's isn't a upgrade. A simple update will do.

ek: he said he wants to uppgrade from 13.1 to 13.4

yeah, i think even minor release upgrades require the -r? like i said i don't really remember...

ZedHedTed: That's not an upgrade, though. Technically, it's just an update (same major RELENG.)

maybe someone else has a more useful answer :-)

If he wanted to "upgrade" to 14.1 or something, he'd use "upgrade -r 14.1-RELEASE" as well.

ek, ivy: what's the correct term? minor release upgrade or update?

i'm new to freebsd

ZedHedTed: Same major RELENG would just be an update (when referring to the use of freebsd-update, I guess.)

I've also heard really good things about sysutils/freebsd-rustdate. Apparently, it's much faster than freebsd-update. Of course, it isn't in base, though.

ooh a rust port of freebsd-update?

why use that when you could just use pkgbase

freebsd-update is dying, it has one maintainer who hates maintaining it and it's going away the moment we get pkgbase as default (maybe in 15.0-RELEASE)

ivy: I'm sure hoping pkgbase becomes the norm in 15.

me too!

the future is now

for 14.x, am i better off learning upgrade instead of freebsd-update?

ZedHedTed: what do you mean by "upgrade"?

ivy: wait i think i meant pkg-static upgrade. i missed that part. reading pkg-static's manpage noqw.

pkg-static is just pkg but not linked against dynamic libraries, so it's more likely to work after an upgrade

e.g this was recently required when 15.0 bumped libmd.so.6 to libmd.so.7, installed pkg still needed libmd.so.6

ZedHedTed: Have you looked at the FBSD Handbook yet? It explains everything you need to do with freebsd-update to update to the latest 13.X and to upgrade to 14.X.

You won't need to run a pkg-static -f upgrade when going from 13.x to 13.x, but you will going from 13.x to 14.x.

You'll likely need to upgrade to the latest 13.x before going to 14.x, though.

At least, that's always been recommended.

"freebsd-update fetch install" and follow the directions.

Once you're on the latest 13.x, run a "freebsd-update upgrade -r 14.1-RELEASE" and then follow those directions.

Hrm. Tempted to migrate to Wireguard but I don't like the fact that subnet access is controlled from the client/peer side.

ek: it's not?

AllowedIPs on the client just controls what packets it's willing to send over the link

it's basically a hint to the local system about what to send over the VPN, similar to pushed routes on openvpn

ivy: I've been looking through some docs trying to find out how to limit access to different subnets from the server-side but I can't seem to find any info.

ek: you would use a firewall (like pf) the same way you would with any VPN, basically

ivy: Right. I understand that. But, if the client does route those subnets, it's seems WG will route them without any limitations. So, if the client were privy to the network, they could access anything they wanted?

like if you hand addresses from 192.168.0.0/24 to your IPsec road warrior clients, you firewall what 192.168.0.0/24 can access, right?

I'll have to test it all out, I suppose.

Yep.

so that's exactly the same in wireguard

But, say I'm using OpenVPN, I can choose which subnets on the network to allow a client to access in it's config instead of the firewall.

yeah, you can't do that in wireguard. i'm not familiar with openvpn but i suppose this works more like ipsec

Yep. Seems that way (which is fine.)

how do you control this in openvpn, btw?

Not sure I want to create firewall rules per WG client, but I'll just go ahead and play with it and see what I can come up with.

i actually have used openvpn but probably not for 20 years

ivy: You can set which IPv4/v6 networks you want to allow clients to access in the server configuration.

ah. sort of makes sense wg doesn't do that as it's kernel based

That's my guess.

I just liked that I could configure it server-side to allow all subnets, then limit each client's access via the client-specific-overrides.

So, for myself, I can access everything. But, for a friend that just needs VPN for a specific thing, I can limit them to the VPN subnet or whatever.

you can still do that in wg as all IP assignments are static, fwiw

(i actually wish wg had dynamic IP assignments, but... it doesn't... so that's what it is)

thanks ek

i will keep reading the handbook. next, it's time to boot back into nomadbsd, and see how well things go w/ the iwm driver!

the stock wifi card used rtw880, but had problems establishing and maintaining a connection to any SSIDs i own. so i swapped out the wifi card w/ a 7265 i scrapped from a chromebook.

actually no. i need to charge the laptop first.

ivy: Yeah. I always assigned IP's statically in OVPN anyway just to keep track. But, it does allow dynamic which is nice for larger environments.

recently our openvpn is kernel based too

see opvn(4)

they behave the same with regard to routes added by clients

neither of them filters such routes - vpn is not firewall

firewall rules have to be set to deny clever clients abusing VPN

openvpn allows loading dynamic rules when the client connects, I am not aware of such a scripts for wireguared

wireguard*

well, I sure am learning fast

the zfs VM image does not have a lot of extra space

there's a zfs vm image?

zip: you can expand zpool on disk

so I've had to (1) expand it with qemu-img (2) use gpart to fix the record so it can see the new space (3) tell it to expand the last partition into that space and then (4) tell zfs to use that space for zroot

as long as you make the partition bigger

this is a part of a longer and sillier project to cross-compile the base image for armv7

seeing as the damn armv7 device itself does not appear to be able to doso

anyway I think I'm starting to get a feel for why people like FreeBSD

it's like zfs and jails do a kind of different slice of the cloud pie

like sure you can set up kubernetes and docker and have your lovely reproducible builds and your moveable services and that's lovely until you realise that where the fuck do you store your data

whereas jails are like, okay so you have a system that's been running since 2004 and you want to get it off linode or whatever, and you can just tarball that sucker up, pop it in a jail and resume as though nothing had happened

or, indeed, you can `zfs send` stuff around the place

zip: i mean freebsd is not incompatible with containers, there's podman for example, but generally yes it's a more traditional sort of approach

so sure I can't do evil insane stuff like, uh, `podman run --rm -ti quay.io/curl/curl:latest -- freebsd.org`

but also most of the time what I wanted out of containers was, well, containment

well, we'll see how I feel once I've had to upgrade a jail and/or its jailed contents I suppose

I don't suppose one of you folks has some insight as to why a win11 client is only achieving ~95 MiB/s sequential write speed to a 10GBit/s samba share? the same win11 client can read from the same share just fine at 1.1 GiB/s, and other clients can write to that same share at 1.1 GiB/s too, just the windows->samba write is painfully slow

iperf3 between win11 client and freebsd14.1 server is achieving 9.3GBit/s in both directions