Hi.

I installed a FreeBSD server. Is it normal behavior that VNET jails do not respect the PF rules defined on the host? Do VNET jails use their own packet filtering?

dziq: yes, they have their own network stack so if you give them a real interface they are like little real computers

[tj]: thanks for explanation :)

I think netns would act the same way, but I've avoid learning anything about firewalling on linux

can to pass through usb devices to a bhyve guest

I am unsure, you can pass the entire pcie device for the usb controller through

I think pcie pass through is the best you can do right now

is the py311-sqlite package currently broken? I get the error "ImportError: No module named '_sqlite3'" and google helps not mutch there are only ports related solutions (i.e. forums.freebsd.org/threads/sqlite3-on-python3-fails.53114)

this is freebsd 14.2 and pkg quarterly repo

crb: yes only by pcie device. getting a separate pcie USB hub is feasible for most desktop PCs though, but for laptops its a bit complicated.

super helpful, thank you

[tj]: any recommendations for a replacement wifi chip in my laptop, with a view to being able to test the work you're doing?

satanist: try asking in the #freebsd-python channel, its relatively slow response time, but much higher level of expertise

dch: if you get whatever is in the framework 13 12th gen intel then you will have the hardware in my laptop

[tj]: I was thinking of getting something slightly different but still in the same h/w line, to keep you busy / find different bugs

but I will use that as a starting point

satanist: it works fine for me here,

I have 8 interfaces that should be supported

satanist: anyway I suggest you post your uname -a, pkg info, and exactly what happens during import.

dch: thank, I'll ask in #freebsd-python

this is widely enough used that I would expect something in bugs.freebsd.org

I haven't found something on bugs.freebsd.org

I see no new commits on ports latest, and on bugs there is nothing significant bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=sqlite3

ah I fucked up and installed the package on the host not in the jail

sorry for the noice

no worries :D

ok, so if i'm at 13.2, should i upgrade to 13.3 before going to 13.4, or just upgrade straight to 13.4?

geli attack

Also, what's the RW-DETACH flag for geli? Seeing it on one of my partitions, but pretty sure I didn't specify that.

Can I append to PATH (i.e. PATH=/foo:$PATH) in a user crontab?

I don't believe we do any kind of variable expansion there

mhh, seems to work. OTOH i currently only call executables in the prepended directory in this crontab.

lemme see if i can get a look at it

ah yes, $PATH is just a literal in there.

env > /tmp/env.out early on in the script just to confirm?

ah

echo $PATH, but yes

you should still be able to do it for individual cron entries, though

I /think/ it's purely interpreted by teh shell

yeah, but crontabs on this system will pretty much exclusively only call one program, so it should be defined for the entire crontabs anyhow. :)

wrote a little backup tool, this machine will collate and verify backups (from multiple machines in the medium-to-long run) and everything is run from cron. also has some niceties like outputting prometheus metrics.

and neat, i don't even have to set PYTHONPATH for it to find the library code in ~/.local/lib/python*. so i can have my tool cleanly separated from the rest of the system with pip install --user without having to maintain yet another environment.

since sony picke freebsd up for the playstation, have they contributed back to the project? either through donations or code

s/picke/picked

so i haven't updated in a while, and looking at my procedure to update my EFI loader. it appears maybe it wasn't updated last time? dpaste.org/UjpDK/raw

i did strings on the loaders and the strings match, but the cksums dont, so how can i tell what version the loaders are?

we would like to propose an experiment called "AF_IPSEC_LEGACY + AF_IPSEC"

it would basically provide an API somewhat similar to this developer.android.com/reference/android/net/IpSecManager but it'd look a lot more like regular sockets, you'd create a socket, bind with a private key + address, connect with a public key + address, etc

(well, the actual name of the experiment would be "IPsec as an address family")

for more context: mailarchive.ietf.org/arch/msg/ipsec/u-GM9QQiwXa5TNhd5K4Y68O9Q2Y

pf firewall last match wins right?

except for with quick

Read that as "fireball" and went directly to 8d6 space

Devastating effect in any case

Is there any way I can find a log of what was done last time pkg upgrade ran?

Something is broken since then and I'm having trouble finding the cause

Oof I got it

It was something with libccid