installing drm-515-kmod solved the issue

Yaazkal: the drm-kmod packages are built on 14.1 and this is a known issue with 14.2. you can build the port (this worked for me on a laptop) or wait a bit until 14.1 is EOL

it's buried in the release notes somewhere (maybe a different document), there is also a forum thread

ok, thanks. Now I have i3 working

how are you supposed to build individual modules when they depend on an .m template file generating a header?

Yaazkal: i used qutebrowser for a while, it's pretty decent

i built the kernel, and there is mmcbr_if.h in /usr/obj/usr/src/arm64.aarch64/sys/GENERIC/, but when i go to /usr/src/sys/modules/allwinner/aw_mmc && make, it errors out on not finding that .h file

shouldn't the makefile add that include path?

the fact it's not in there means something is wrong

y

-y

so is portsnap like no more in v 14?

agent314: right. use git

portsnap was terrible and was basically a workaround for CVS also being terrible

now that ports are natively in git, there is no more need for portsnap

ok at first i was getting 'fetch-pack: invalid index-pack output'

but i switched to shallow clone and it worked

oh were they not in git before?

sorry, natively?

agent314: "before", ports were in CVS, which is a very old source control system that predates git. portsnap was created to avoid end users having to check out ports from CVS

now that we have git, we do not need portsnap

freebsd is older than git, which is why this migration is needed, if git existed when ports was first created, it would have been in git and there would be no portsnap

yeah makes sense, git only came out in 2005 and freebsd what in 1995?

1994

no, 1993

oh i knew it was a little bit after linux

it's just that a lot of manuals are using portsnap so i'll just mentally deprecate it from now on

unixdigest.com/articles/technical-r…s-to-choose-freebsd-over-linux.html caused me to have interest, so i'm installing it on a VPS now where i just need to run some python and nginx to process cvs files

i hope i wont have to use docker, i'm still not sure how friendly freebsd 14.2 is with docker

freebsd doesn't really do docker at all, or at least, if you want docker you should use linux

there's some similar thing on freebsd though, it's called... uh... Podsomething?

pot

that sounded more confident than i intended it to sound lol

yeah, pot sounds right

honestly, i wont be crying all that much about docker

as someone digging through gcc optimization flags and SIMD manuals and assembly tricks to optimize speed, i often found overuse of docker kinda blah

welcome agent314 & have fun

there's also the much newer podman tools, available in ports, these can run linux-flavoured containers, so long as they don't require pid1 / systemd specific featuers

but generally people use jails, often directly. podman will also run freebsd-native OCI containers but docs are sparse at present.

yeah can linux binaries run on freebsd if just use libc and it's the same cpu?

*if they just use

what is going on here

root@uk-myb-2:/usr/local/etc/bird.d # netstat -rn|grep 172.20.129.0/27

172.20.129.0/27 fe80::566:11%wg.surgebytes UG wg.surgebyte

root@uk-myb-2:/usr/local/etc/bird.d # ping 172.20.129.1

PING 172.20.129.1 (172.20.129.1): 56 data bytes

ping: sendto: Network is unreachable

(why am i asking i could just go try)

92 bytes from 172.23.76.2: Destination Host Unreachable

(172.23.76.2 is the local host)

try traceroute

root@uk-myb-2:/usr/local/etc/bird.d # traceroute -I 172.20.129.1

traceroute to 172.20.129.1 (172.20.129.1), 64 hops max, 48 byte packets

traceroute: sendto: Network is unreachable

1 traceroute: wrote 172.20.129.1 48 chars, ret=-1

uk-myb-2.le-fay.dn42 (172.23.76.2) 0.391 ms !Htraceroute: sendto: Network is unreachable

agent314: yes, docs.freebsd.org/en/books/handbook/linuxemu typically its `service linux onestart && pkg install linux_base-rl9` but sometimes you need to find a few other missing libraries, a little trial and error

172.16.0.0/12 is a private network afaik?

are you trying to ping someone in your own network?

does anything else ping?

it's RFC1918 space, it is not my own network, it's a network received from BGP over Wireguard

oh right you're over wireguard

ivy: is there a more specific route maybe?

dch: nope

and yes weird localhost is unreachable

that is very weird

i'm rebooting to make sure it's not something weird thing about adding the route before the address...

wiki.dn42.us/home is pretty neat, if I have more free time I would join up too

is there a firewall issue?

ivy: but its great you will have it all figured out soon and then I can piggy-back on your notes

good idea ivy

agent314: i don't think so, tcpdump shows nothing on pflog0

or at least restart network service

today I am trying to figure out why my server just sends TCP RST to the load balancer, instead of passing it to the application

which is definitely running

ah wait i have an idea

[76355] sonewconn: pcb 0xfffff803c0fda540 (0.0.0.0:4000 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (6 occurrences), euid 1002, rgid 1002, jail 0

well i thought it was this: pass out from (self) to fd00::/8

but changing that to include 172.16.0.0/12 didn't help

and all 'block' rules also have 'log'

oh dear lawd im getting hammered from 125.132.34.65 with ssh logins here

i almost feel like setting up a honeypot

day after i setup an ssh honeypot on linode (i forgot what it was exactly) linode decided to hit me with like an abuse ticket or something

ivy: have you seen anything relevant in /var/log/daemon.log ethcon.log or another log or just dmesg?

(i'll stop pretending like i know anything about freebsd now and go rant about scriptkiddies to #networking)

agent314: blocklistd / blacklistd is in base, works very nicely for these things. fail2ban is in ports.

this probably isn't ideal but i'm not really sure what it means

Mar 15 10:53:07 uk-myb-2 bird[60388]: nl-myb-1: Invalid NEXT_HOP attribute - neighbor address fd5b:a83:b06b:500::1

Mar 15 10:53:07 uk-myb-2 bird[60388]: nl-myb-1: Invalid route 172.20.24.0/24 withdrawn

that's not the affected route, though

okay, wait, it just magically started working

fc00:: is a private net range, is that being intentionally excluded?

ivy: cool, I guess. hope you figure out what the flakey bit is caused by

ah, that's because the peer i was receiving the route from shut down...

now it's going via another interface

traceroute to 172.20.129.1 (172.20.129.1), 64 hops max, 48 byte packets

1 nl-myb-1.le-fay.dn42 (172.23.76.6) 5.964 ms 5.854 ms 5.791 ms

2 fr1.edge.kioubit.dn42 (172.20.14.39) 13.736 ms 19.244 ms 18.712 ms

3 fr-rbx1.burble.dn42 (172.20.129.189) 14.308 ms 14.057 ms 14.603 ms

4 de-fra1.burble.dn42 (172.20.129.169) 26.338 ms 26.427 ms 26.671 ms

5 ns1.burble.dn42 (172.20.129.1) 27.003 ms 28.709 ms 26.612 ms

such dn42

ah, found the problem. Wireguard AllowedIPs was wrong

oh yeah i found wireguard to be harder than openvpn

what is this dn42 thing i'm curious now

(it's a rhetorical question)

dn42.us - it's basically a VPN-based overlay network on top of the Internet using BGP over Wireguard/OpenVPN/IPsec

anything that even acknowledges the existence of BGP gets an immediate interest from me

does it still use IP?

ipv4/ipv6, yes

oh ok so it's beginning to deviate somewhere around l3?

i'm not sure what you mean

osi layer

i know what L3 means, but DN42 doesn't "deviate", it's based on standard protocols

sorry it just said "Since dn42 is very similar to the Internet,"

which made me think it's something like fideonet

*fidonet

no, it's more like the internet on top of the internet

it's all the same protocols (ip, bgp, ospf/isis/whatever you want to use for igp), just running over vpn tunnels instead of fibres

or meshtastic

oh makes sense

it sounds more like I2P

i think I2P is a new, separate protocol? so not really

it now makes sense why you were pinging that 172.x.x.x ip and you yourself were on 172.x.x.x

it seems like main IP subnet (but not the only subnet) according to wiki is 172.20.0.0/14

yes, but they also interconnect with some similar networks like freifunk and ChaosVPN that live in 10.0.0.0/8

i just renumbered my wifi network from 172.16.0.0/12 to 198.18.0.0/15 to avoid conflicts :-)

yeah ive heard of freifunk

my openwrt router had something from freifunk somewhere in it

so I think the erlang runtime 28.0rc1 has a socket leak or something like that

not looking forwards to tracking this down

is wiki.dn42.us the official "canon" on dn42?

dch: which is why real programmers code in APL

once they remember all its symbols

;-) "for improved readability"

*some of its symbols

*three of its symbols

:-)

So uh. Any idea why `service pf reload` would take ~75 seconds? (almost exactly 75 seconds each time, actually --- +/- 1 second, typically)

(which makes me suspect it's waiting for something, and then hitting some sort of a timeout)

DarkUranium: DNS?

I don't *directly* use anything DNS-related in there, but I am using Podman, and that has its own tables.

(IOW, it's all IPs and interface names)

I just tried commenting out everything Podman-related, and it's still taking a while. Hm.

DarkUranium: dtrace

I'm not used to dtrace, but you did remind me that truss is a thing, ha.

Looks like there is 75 seconds of `ioctl(3,DIOCIGETIFACES,0x324ab144e9d0) = 0 (0x0)` going on, in a rapid (~11ms between calls) loop.

gt, ivy: (I've added the `time` for good measure, since truss is following multiple forked processes --- and thus the runtime is off): vpaste.net/tzZ6s

I'm not sure what to make of it. Why would it run ~10000 of the same ioctl over ~74s?

Once it's reloaded, pf runs 100% fine (at least as far as I can tell)

DarkUranium: how long does a normal `ifconfig` take? and how many interfaces do you have?

dch: I've quite a lot of interfaces, including (for some inexplicable reason) duplicated `eth0`s and whatnot --- I'm guessing related to podman's vnet stuff, maybe.

But ifconfig takes 0.00 real/user/sys

I.e. immediate.

define "quite a lot" perhaps ...

Lemme grep it.

like 50? 100? more ?

9.

ok so not a lot then ;-)

And 17×vnet*

Heh, fair.

I mean, it's a lot for me --- I wasn't expecting more than 1 interface with the same name :P

FTR, my external IF is not eth0, which is why I suspect it's vnet-related.

(also, it's always listed just after an vnet*)

you will never have an interface called ethN on freebsd

My external is ext0, renamed from igb0.

Sounds like vnet-related, then.

(unless you manually rename it...)

brb, bio

oh, podman, who knows

maybe it does that to be more like linux

I have podman and it doesnt rename stuff

9 ifaces here too, just on my desktop

without even trying

no vnet tho

Weird.

dch: which podman version?

I'm on 5.2.5

(also, re, in case you haven't guessed)

5.3.2 here, latest wot dfr@ put in ports

I need to try that one, 5.2.5 had a nasty bug with --remote (I use --remote for my Linux thingies)

DarkUranium: so `service pf reload` does actually 2 things

you can time these independently

`pfctl -n /etc/pf.conf`

and append any $pf_flags you might have set in rc.conf

I'm expecting that to be quick, it just parses the rules, not loading them

-nf, you mean?

Yeah, 0.00

derp yes sorry

and we can run the other one in the foreground, maybe the timing of output is interesting

OH RIGHT

I forgot!

I tried this yesterday, and it's relevant.

`pfctl -vvef /etc/pf.conf`

Even if I put a single rule in some random file, and do `pfctl -f /tmp/single-rule`, it'll take the same amount of time.

oh that *is* curious

Mind, that's without a flush first.

Feels very relevant, but I did this yesterday, so I completely forgot by today xD

reload doesn't flush, so thats fine

i am very curious how you ended up with multiple interfaces all called "eth0", something seems very wrong there

ivy: so am I :D

a) because freebsd will never create such interfaces, and b) because two interfaces with the same name does not seem right

Maybe I should just reboot the server and see if podman fixes it.

maybe pastebin your `ifconfig`

Yeah, b) is especially weird to me. Q.

If I have the same interface in two different vnets, e.g. eth0.1 / eth0.2

Will that show up as eth0 twice in ifconfig, or will it actually show eth0.* ?

do you mean vlans

Bah. Yes.

Sorry.

those will show up as eth0.1 and eth0.2 in ifconfig, they're separate interfaces from the kernel's point of view

Weird then. Hm.

dch: my ifconfig (I've replaced my real IP with 100.100.100.*, I hope that's okay): vpaste.net/BdSH1

Though OTOH, it's pretty easy to get anyway <_<

ivy: `pfctl -vvef ...` --- I've added timestamps to be able to better log where the delay is: vpaste.net/va8m8

so to go from `ALTQ related functions disabled` to `[2025-03-15T12:55:32,126035591+00:00] warning: macro 'ext_ip_a' not used` takes basically all the time

when DU comes back, ask them to remove the unused macro perhaps

it doesnt look like a very long ruleset

and anyway reloading with a single ruleset suggests this is nothing to do with the rules themselves

agent314: dn42 is a BGP based overlay network. basically its members run their own AS which is *NOT* connected to any BGP speaker on the "real" internet. any kind of IP capable link works from vpn tunnels to long range radio links to carrier pidgeons (if you adjust the bgp timings :-P)

its a great place to learn about dynamic routing protocols

and can be useful to interconnect hackerspaces or makerspaces with their members or other similar locations

think of it as dozens (or 100s) of interconnected home labs etc.

i want to see people actually using birds

you'll not just learn BGP, OSPF, but also do deal with other operators and their fuck ups

the ip over avian carrier was a reference to an old april fools day rfc

if you want to play multiplayer game but don't want fps nor rpg

so you do this

:p

crest: but you can avoid having to learn OSPF by deploying IS-IS instead

then you get to learn about freebsd layer 2 tunneling solutions

spoiler: there aren't any

(ok, there's vxlan)

crest: i wonder how dn42 works

radhitya: what do you wonder specifically?

it's basically just BGP over Wireguard tunnels

dn42[a] is a decentralized peer-to-peer network built using VPNs and software/hardware BGP routers.[1][2][3][4]

(some people use OpenVPN or IPsec+GRE...)

oh yeah, i understand now

Good afternoon. Is it possible to add a vlan interface to a jail without a vnet? thanks

sukamu: you can add ip{4,6} address to the jail and you don't need any vnet for it

How can I address this? I have the line `php_fpm_enable="YES"` in my rc.conf file. Yet, service php-fpm start gives "php-fpm does not exist in /etc/rc.d or the local startup directories (/usr/local/etc/rc.d), or is not executable"

montxero: service php_fpm start

vkarlsen: That doesn't work

montxero: What happens when you try?

vkarlsen: Sorry! it worked!

It was changed from php-fpm to php_fpm a while ago :)

service php_fpm start worked. Thanks

silly me

Thanks vkarlsen

I remember it well because I updated php on a prod web server without reading the updating info. My face melted.

ivy: what address do you expect to be used as a source instead of 0.0.0.0 ?

Is there any way to redirect all internet traffic via ssh. I run this command ssh -D .... I managed to curl via socks5 , but I want all traffic pass via ssh

holopeinen: sure, see ssh(1) -w option

ivy: there 1000s of ways to use netgraph for layer 2 encap

then there is etherip (add a gif interface to a bridge)

is there an easy way to display which drives are under what controllers? i'm trying to figure out the best way to spread out the drives in my pool

rtprio, I got help solving that problem in this channel once, and I think I can dig it out from my shell history

it was a little convoluted

that would be great, thanks

rtprio, actually "dmesg | grep -i 'ahci'" does most of the work... the only thing which was convoluted is matching adaX to physical drives

for example, this gives me the following

ahci0: <Marvell 88SE912x AHCI SATA controller>

ahcich0: <AHCI channel> at channel 0 on ahci0

ada0 at ahcich0 bus 0 scbus0 target 0 lun 0

so I can deduce that ada0 is attached to the Marvell controller card

thre's all sorts of weird structures in dmesg, like xml and dot files for geom but a tree format for some of these would be nice

futune_: pastebin.com/PRwbEXmn

rtprio, what is pmp0? I don't recognize this driver

anyway it seems that ada0, ada1, ada8, ada9 are on ahcich0 which belongs to ASMedia ASM1061

ada2 until ada7 are on various channels which belong to Intel ESB2

does that look reasonable?

devinfo?

e.g. devinfo -p ahcich0

crest, can I deduce from this which drives are attached to the controller? if so I don't understand

if i try that I get ahcich0 ahci0 pci4 pcib4 pci0 pcib0 acpi0 nexus0

pciconf -lv ahci0 ?

camcontrol devlist?

camcontrol identify ada0

sysctl kern.disks?

geom disk list / geom disk status?

each tells you something slightly different

devinfo / pciconf looks at the (system) bus attachment

camcontrol is the scsi (like) storage subsystem

geom is a (block) storage transformation layer that handles things like partition tables, multi pathing, raid, encryption, and optionally even its own network storage protocol

its what sits between the device drivers and the file systems

so it consumes complete disks, and provides partitions, labels, raid, decryption, etc. to the file systems

DarkUranium: did you ever solve your problem?

gt: the reload one? No.

DarkUranium: i can't tell you exactly what it is, but having a bunch of interfaces with the exact same name seems very fishy

gt: I've rebooted the system, and those IFs are gone (though I did notice they all belonged to jails, anyway)

pf reload is now instantanoues, though granted, the podman thingies aren't running, so

oh ok so it was probabaly that then

i was going to suggest that you removed them

crest, none of your suggestions give the mapping from disks to controllers

it's an educated guess, but i'm pretty sure most programs and programmers are expecting interface names to be unique, so having a bunch with the same name can definitely lead to unexpected behaviors

tbh i didn't even know you could have multiple interfaces with the same name

moving files from one zpool to another, would it probaby be faster to zfs send-recv or rsync?