rtprio: Same local disk transfer or remote pool?

To be honest, I'd likely use zfs send/recv for either just for piece of mind. I know that's going to be correct.

But, rsync can be handy when moving data from outside a dataset into another while keeping perms correct. It just depends on exactly what you're doing, I suppose.

same host

i get the feeling it's just going to take forever regardless which way i do it

rtprio: Just use zfs send/recv if you don't need any changes to anything.

You want an exact copy?

yeah

(a different destination dataset name is fine.)

Yep. I'd use send/recv then.

rsync -rpvTa /old /new but ... yeah send/recv is probably better

also at least if there are many small files, i think that would be one item in favor of send-recv being faster

good point, for sure

It's be more reliable on the zfs-side of things. But, it actually might be a bit quicker since it's a supported ZFS built-in feature.

jmnbtslsQE: Exactly.

i was also going to bring up compression, but i think send-recv always decompresses/recompresses (depending if compression is enabled on the two sides), so no advantage there

(and i guess that's the reason why there's a send-stream compression option, for in-transit compression)

And it looks like rsync (given the options provided above) would compress and also encrypt the transaction?

some of the partitions are pretty big files, so may not make too much difference

no, i don't have -z to rsync

rsync isn't going to compress or encrypt anything operating locally, but if the zfs datasets have compression enabled, the compression will happen just to read and write the files

(and yeah -z isn't there, i forgot about that option)

though, hmm wonder if it would actually do -z if it's local

i think so but it would be unnecessary overhead

heh

yeah

Well, you could always turn compression off and turn it back on with ZFS. Of course, nothing transferred during the send/recv would be compressed, though.

It would remain uncompressed after transfer. So, it's not really unnecessary unless you don't need compression.

Hey, not sure if this is more appropriate for FreeBSD or #networking, but I'll try here first... I have a box running FreeBSD with pf acting as a firewall. I recently got a second WAN connection, delivered over PPPoE on a 10Gbit port. I want to set things up correctly so that programs can bind to the IP/interface of the WAN connection, and have the traffic be routed appropriately. I have something

that "kind of" works, using reply-to and route-to, but the performance seems to be abysmal even though my CPU usage is low. What's the right way to do this?

tun2 is "inet 76.70.104.235 --> 10.11.1.177 netmask 0xffffffff" and I have the lines "pass in quick on tun2 reply-to (tun2 10.11.1.177) keep state" and "pass out quick route-to (tun2 10.11.1.177) inet from 76.70.104.235 keep state" in my pf config.

It's a 3gbit symmetrical connection and I get at best 400mbit but sometimes a lot worse. The connection works at its full potential to the same test endpoints without FreeBSD in the mix

Also, incoming TCP connections to 76.70.104.235 seem to not work, but ICMP works fine.

(Don't try to test it yourself, because the IP address just changed - or if you do, replace the 76 address with 142.112.130.103)

hello, I've been using OpenBSD for a while on an old thinkpad x200, with 8GB of RAM and an SSD (but a Core 2 Duo). It is considerably slower than any of the Linux distros I've tried, even after tweaking OpenBSD for performance. How is the performance aspect in FreeBSD? Would it run at least faster than OpenBSD? The same? How would it fare against Linux. I am using it a desktop environment, not a server, and I would like to keep using one of the BSDs

probably better to just try it out and see

that was my plan regardless, excited to see how it differs from OpenBSD

Out of curiosity, slower how/where? Video playback, gaming, wifi, compiling, booting?

slower is extremely subjective

No way. If your girlfriend wants to take things "slower," you know exactly what that means.

psychonate: video playback, internet browsing, compiling and booting

Hi, ZFS gurus. can i migrate my current ZFS layout to the default FreeBSD layout shipped in images? my layout: termbin.com/h6h9

without reinstalling from scratch

where is / mounted?

lsblk shows it

angry_vincent: where is / mounted?

la_mettrie: that's not a freebsd program

rtprio: vixen/os/main is my /

i think it could be done

take a snapshot with bectl, install a new environment to vixen/ROOT/default

boot off of it. then go back and add the rest of /var and /usr in single user mode

I just installe freebsd on my x200, but I can only boot in (and could only install it) in safe mode? is there a reason for this? I have already upgraded the system, but I still need to boot in safe mode. How can I make this the default?

Safe mode?

for me each mode with FreeBSD is safe

Does it only boot in single user mode?

not single user mode, safe mode

it's a special boot option

I wonder, has anyone encountered an issue where an NFSv4 FreeBSD export mounts fine on a Linux client machine, but any attempt to access it returns "Input/output error"?

Does anyone know how I could begin to start debugging this?

lil_lasagna: I don't have a safe mode option in my boot loader. What are you using?

vkarlsen: I am using an x200 thinkpad. When I boot it gives me a welcome screen, and if I press 7 it goes into boot options. From there you can disable/enable stuff like safe mode, acpi, single user and verbose. I have tried all combinations and works only with safe mode on and acpi on

lil_lasagna: Ah, I see! Now we just need to find out exactly what this does. What happens if you don't turn on safe mode?

well, this time it did not get stuck

I guess this is it, from stand/forth/menu-commands.4th: paste.karlsen.tech/?e4971616fcf2851…yNJha151HFUpqsavLgKbri51QE1oAfd1KGg

I'll reboot just in case it was just a fluke, but before it would get stuck at random parts. Right now it is stuck after starting the dhclient

I'll set all of those in the /boot/loader.conf and report back

I already had some of those set from testing stuff

Rather try one by one to find out which one(s) you actually need

You shouldn't need to disable smp

I'll test them all one by one

it also gets stuck after starting devd

iwn_read_firmware

vkarlsen: seems like it works if I disable smp

dch, you around?

dch, I was wondering whether there was a "misunderstanding" regarding D49360 approval

just to be clear: I am very good at being patient - just wanted to check :)

jbo np, whats missing?

dch, approval :p

I wasn't sure whether this was given implicitly we fought thru my brain meltdown on IRC

aah ok so this is reasonably common. to avoid another round of minor changes we just go "approved, just tidy up this last thing"

dch, indeed - but I didn't see/hear that either - unless that was implicit :p

weird, I definitely accepted the revision, but theres no green tick in phabricator

so it's not just me then

so I just clicked send again

thank you!

I think I didn't click send again this morning

the kids stole my coffee

how dare them

for all port changes I use `portfmt` and `portclippy` and try to keep them happy, and for new ports, `portlint -AC` as well

btw I did go thru portfmt/portclippy as usual. however, I decided to leave the variable order because having github before gitlab is misleading in this case (at least in my opinion)

given that gitlab is the "primary source"

the `nodefault` tells me its fetching multiple sources

it does. but the primary upstream source is coming from gitlab. the github ones are submodules

and I just let auto-formatting tools have their way, its not worth the effort of swimming upstream

so I figured having gitlab before github is "more sane"

but as i said those are quibbles, not required changes

ooh I'm asking for _your_ personal opinion :)

you might get a stroke if you'd ever decide to run portfmt/portclippy over the whole tree. there is some nasty stuff in there :x

as for pkg-descr: upstream doesn't give me a lot to work with that seems reasonable :p

but I'll try harder!

yep the tree is a moving target indeed

occasionally I go back and check my old ports, that guy was terrible

Dooshki: check with tcpdump what message nfs is sending back. it might say "unk 10020", or it might say something about authentication or similar

i think usually it's because your client isn't in the ACL specified in the export, or it's because mountd hasn't been restarted since something was mounted over that exported path

"programname[3766]: stack overflow detected; terminated" <- interesting, what part of system takes care of guarding the stack ?

SSP maybe?

client to server: NFS request xid 2623060516 208 getattr fh 0,2/53

server to client: NFS reply xid 2623060516 reply ok 96 getattr ERROR: unk 10020

Dooshki: tried restarting mountd?

jmnbtslsQE: Several times

I've even updated the Linux kernel on the client machine from 6.1 to 6.12 (debian bookworm -> debian bookworm backports)

hmm, i forgot what else that error can mean - maybe there's a synax error in the export line and it's not being added correctly. i think showmount -e is the tool to check that. or check your var/log/messages for an error for that exports line

it's NFS4 right?

jmnbtslsQE: Yeah, NFSv4. I was actually setting up a kerberized setup, but while I got the kerberos authentication to work, NFS file access itself doesn't. Right now, I'm testing it with a bare/unsecured configuration

# cat /etc/exports

V4: /test_export -sec=sys

hmm, you need an export line aside from your V4 declaration

at least, i think you do. that's always been my understanding

yeah, just checked. so add an export line for /test_export and see then

i don't remember if the export line needs to be relative to the root under "V4"

Oh, that actually works, thanks! Interesting how the mount command did work without that

Fascinating

yeah i think that's related to how state is organized in NFS4, i guess those conditions are held at the lvel of requests instead of the overall mount

however, now I'm getting the following warning in the messages file: mountd[4193]: Warning: exporting /test_export exports entire / file system

not sure about that one, it might be that it's just talking about your export is the same as the "root" defined in your "V4"

Yeah, could be, I'll try to play around with it

OK

It's actually working, that's amazing, even with Kerberos now :D Thanks a lot!

ah great. sure

quick question, just wanna make sure this is an across-the-board thing: is there any legitimate way to have direct memory access in userland in any BSD system?

by legitimate i mean officially supported

Matt|home: yes, mmap

Look at how vpp works with dpdk as an example

It’s not a simple example, I’m sorry

lil_lasagna: That's unfortunate. I was hoping it would be one of the others.

jmnbtslsQE: I found out something fascinating: If I enable NFSv4-only mode by setting nfsv4_server_only="YES" in /etc/rc.conf, mountd rejects the existing /etc/exports file that worked before, and if I remove them and only have the V4 line, I get the same "Input/Output Error" as before

*if I remove the NFSv3-style export lines

With NFSv3 enabled, and the NFSv3-style lines present, Linux is able to work with it properly, and it is using the NVSv4.2 protocol, I see it in the mount options

So for some reason, you need to have NFSv3 enabled and configured in order for NFSv4 to work...

Dooshki: not sure how to explain that, but i also have nfsv4_server_only and it works (without nfs3). i wonder if there is a problem with your export line(s)

to be sure though, NFS config certainly can be a mysterious subject, so i don't blame you for being fascinated

jmnbtslsQE: Well, here's the export lines:

V4: /shared -sec=krb5p -network 192.168.100.0 -mask 255.255.255.0

/shared/dooshki -sec=krb5p -network 192.168.100.0 -mask 255.255.255.0

/shared/dooshki_bulk -sec=krb5p -network 192.168.100.0 -mask 255.255.255.0

with NFSv3 enabled, this works perfectly. With it disabled, named complains that the two lower lines are invalid

*mountd

i seem to remember something about -mask no longer working in nfsv4. and/or also maybe something with -network. can you try -network=192.168.100.0/24

but you should have seen messages in /var/log/messages about this

I might take a look at it next weekend. For now, I'm happy it works, and I appreciate your help. I thought setting up this NFS server would be a quick 2-hour ordeal, since I already had everything ready for it (DNS with reverse look-up, NTP, etc.), but I've spent the entire day on it :)

OK

this thing is accessible over the internet?

nope, but it's a network with potentially hostile devices attached on it

ah, maybe not, i see your ACL is private addresses

OK

that's why kerberos

jmnbtslsQE: Out of sheer curiosity, may I see a sample working configuration? I think I might try to see if I can reproduce this behavior between two VMs next weekend

Dooshki:

V4: /

/mnt/mountpoint -mapall=root -alldirs -network=192.168.1.0/24

not sure if -alldirs still does anything anymore, but it doesn't seem to break anything

this is with nfsv4_server_only="YES"

Thanks, I'll try experimenting around with it

OK

anyone running on AMD Ryzen Embedded V1500B? I can't get past the loader screen on the installer. i had opnsense running on this before, so i know it's capable. i'm guessing there's some loader option i need to pass.