scoobybejesus: if you choose to re-do the partition and re-do the resilver, i think you will want to use `replace`, not `online`

because it is technically a different entity than before from ZFS's perspective

an alternative is to use glabel, which provides one option to label without modifying the device, but i personally would re-do the partition and then re-do resilver like you said

however, i wonder how you are adding space to this pool by adding a drive to a mirror?

i'm replacing the first 1TB drive w/ a 2TB drive, and resilvering, and then replacing the 2nd 1 TB drive with another 2TB drive

probably have to gpart expand or something like that at the end, i guess

gpart resize wouldn't be called for at any time after adding to the pool. if you're adding the full 2TB to your pool each time, i think ZFS is able to intelligently handle this, to calculate the free space on a mirror based on the largest device in the mirror

in fact i think i learned of this intelligent mirror mechanic on this channel a few years ago (i've never personally done it though)

right now, zpool isn't happy that ada1 is already a part of the pool. even with zpool replace -f, it won't work. it says it needs to be manually repaired.. but I will continue digging

if that happens after you re-do the partition, you may need to run `zpool labelclear`

i mean, to run it (on the new device) before trying to replace it into the pool

it's a dangerous command though, so make sure it's run on the correct device

that actually seemed to work, thanks. now I will let it resilver again. and then hopefully I can zpool export tank, zpool import -d /dev/gpt, and it'll show the gpt label instead of one drive showing gpt/ada0-vol0 and the other just showing ada1

new disk ada1 is samsung evo870. old disk is adata SU760. the ada0 is reading at 100%, and the new ada1 is writing at average 45% (according to gstat)

thank you very much for the push and tips

OK great sure

Hello

I want to install gitea inside a freebsd-13.5 jail using this instruction: docs.gitea.com/installation/install-from-package

but 'pkg install gitea' doesn't work at all!

Is gitea removed from freebsd 13.5 repo?

What does 'portsnap fetch extract' do?

F... that didn't work

momken: gitea is only available in the latest repo, not quarterly

scoobybejesus As the last step I am trying to make it from source. Is is wrong?

Or should I only change my repo?

it's just a go binary, i think, so source might be easy enough if you already have go installed, but I'd just go with the pkg. I prefer the latest repo, in general

scoobybejesus I downloaded the latest binary and followed these instructions:

Until I reached "1. Creating a service file to start Gitea automatically (recommended)" which doesn't have any manual for creating a freebsd service for it

this should work: paste.debian.net/plain/1364491

I'm using that with version 1.22.3

scoobybejesus How did you find that?

there is a way to find it in the ports tree, but I always forget. i took it from my jail

scoobybejesus I hope it work. Compiling in /usr/ports/www/gitea takes a lot of time and is extra work

scoobybejesus The service file didn't work as expected

I will continue with compile process

what's the error?

did you try service gitea onestart? did you do sysrc gitea_enable="YES" ?

root@gitea-manual:~ # service gitea onestart

Command error: stat /usr/local/bin/custom/conf/app.ini: no such file or directory

why does it search for app.ini inside bin directory?

scoobybejesus I downloaded the binary fie from: dl.gitea.com/gitea/1.23.5

mine is in /usr/local/etc/gitea/conf

scoobybejesus I can't change the path

are you sure there is no paste error in creating the rc script? It is adding to the env GITEA_CUSTOM=${gitea_custom} which was set above as /usr/local/etc/${name}

scoobybejesus No I didn't change GITEA_CUSTOM

you created a file called /usr/local/etc/rc.d/gitea, made it executable, and used exactly as I pasted? put gitea_enable="YES" in /etc/rc.conf, and try to do service gitea start, rather than onestart

Yes

I will go with compiling from scratch

it sounds like an environment thing.. a script thing

i'm sorry i haven't been more helpful

you can always put yourself on the latest repo, install gitea, rc script and all, and then take yourself off latest, if you don't want that branch

scoobybejesus Thanks. How can I put the repo on latest?

mkdir -p /usr/local/etc/pkg/repos

echo 'FreeBSD: { url: 'pkg+http://pkg.FreeBSD.org/\$\{ABI\}/latest', enabled: yes }' > /usr/local/etc/pkg/repos/FreeBSD.conf

sorry. having my own tech problems rn

scoobybejesus: you still here?

that seems like a no

scoobybejesus: if you are trying to do pkgbase for -CURRENT. I can help you with that

SponiX: I was trying to help momken with getting gitea going. and i was getting help earlier with an ongoing thing with replacing both disks in a non-boot mirror pool

scoobybejesus: Oh, I just saw you doing something with /usr/local/etc/pkg/repos/ with the URL line, and "assumed" it had something to do with pkgbase at that point

I don't even know what gitea is, so I'm no help at all with that

I do know a slight bit about zfs, and might be able to help with the replace process

I think i finally got it. Of course, figure out the zfs stuff, and then i have physical device issues, but finally fixed that too... sheesh

glad you are getting it all figured out

spoke too soon. zpool status during resilvering said 40000 errors or somehting like that. tried zpool status -v, and now zfs is toast. in htop, i can't sigkill that zpool status -v command, nor a regular zpool status from another terminal... something is toast... F

pastebin what you have if you can

but if you still have one drive, good then there you go

I would love to pastebin the output of zpool status, but i can't because it won't return

^C doesn't break out of it.

i'm ssh'd in. the session becomes unusable if I run a zpool command.

zfs list works. it shows the zroot/boot pool. the tank pool isn't there. ada0 and ada1 are in /dev (which are the tank pool). hm.. zpool status zroot will work fine. that's good.

always fun when the house gets crowded in the middle of working on something like this, and then get back to it when it's super late, and then you rush, and then things go wrong

I have to shut it down. need sleep. so annoying. thanks for the help

It is disconcerting that it does not finish. That's not good. I would look for errors logged to /var/log/messages system log file.

I have the ASRock System DESKMINI A300W, which has two nvme slots (my boot drives) and two goofy ssd sata cables/connectors. I have had problems before, and I'm guessing that's the cause. I love the small form factor, but this is a stupid problem. I would love something relatively small that can have four drives like this, so I have my nvme mirror zroot and sata mirror tank

which should one use for a static heavy nginx with clients likely to have high rtt? tcp_bbr.ko or tcp_rack.ko ?

I've read somewhere that tcp_bbr.ko was abandoned by Netflix and is likely to be removed in future, but I am not sure

HTTP/3 isn't an option for these clients, unfortunately

found in sys/netinet6/nd6.c: panic("%s: paths in a dark night can be confusing: %d", __func__, ln->ln_state);

kevans: i have this commit in my local branch and i don't remember why, was this something we were testing regarding INET6-only kernels? llfw/freebsd-src 5098b89

ivy: are you working on freebsd wg kmod by any chance?

ei: using cc_cubic isn't good enough for you?

nimaje: not enough to satisfy even 200 mbit continuously for a single client with ~240 ms rtt and 8% packet loss

bbr works fine enough but I am not sure if I am using abandonware or not

> 240

it is 140

fat fingered

ei rack is well supported in general, but 8% packet loss seems rather high

I guess it is, what it is, right?

anybody know what's the thing that disables the FreeBSD tips on login? I thought it was .hushlogin but I am wrong

scoobybejesus Thanks dude. I compilted gitea from freebsd ports, configured app.ini, but gitea service does not start

however 'su - git -c "gitea web &"' works

dch: i don't think you can disable that, it's just run unconditionally from .profile

(i mean, you can disable it, but only by editing .profile)

aaah its `if [ -x /usr/bin/fortune ] ; then /usr/bin/fortune freebsd-tips ; fi`

thanks ivy yes indeed

I was awake last night until 6:30 am trying to install gitea, still no success

momken: did the provided gitea rc.d script not work?

dch Do you mean this one? paste.debian.net/plain/1364491

I mean the one in /usr/local/etc/rc.d/gitea that comes with the port

it looks the same as your pastebin

I completely did 'make install clean' in my jail and it took ~2 hours to build. Now 'gitea doctor check' shows everything ok. 'su - git -c "gitea web &"' also seems ok. But the service doesn't start

momken: unless you're wedded to gitea, I suggest trying forgejo, it comes with a template app.ini, is a fork of gitea, and has a pkg-message telling you how to get started

but if you *are* wedded to gitea, use forgejo as reference

momken: I just tried gitea, and yes you need some serious guess-work to make it run

dch But gitea has more users, more irc channel people online and I guess is more supported (not in FreeBSD though)

I may end up using forgejo if I can't install gitea

forgejo is supported by codeberg, fwiw

momken: it's worth logging a bug at bugs.freebsd.org mentioning that its hard to get started, and linking the files here cgit.freebsd.org/ports/tree/www/forgejo/files

momken: try following the pkg-message.in ^ but for your gitea install

I expect its 90% the same

ivy: I'm just going to remove /usr/bin/fortune everywhere as a simple fix

*boom*

why not removing .profile instead?

random idea: "user jails". like service jails, but for users: when the user logs in, they get put into a specially created jail similar to a svcj, with optional restrictions

ivy: yes please. Today I do this with some ssh shenanigans and tmux

i think it might be tricky to handle things like cron and at, but not impossible... i might have a look at hacking something together to test

actually, i guess you would just do it in the PAM session in pam_unix

or maybe a new pam module like pam_usrj

At last I became able to run gitea by installing it from "latest" repository and access it from browser. But I had to run it using

su - git -c "gitea web &"

service gitea start     still doesn't run

There is an important change to be made in app.ini: HTTP_ADDR = 0.0.0.0  so the server will listen to external requests

I still have issue to fixing gitea service

I can not change gitea to listen on port 80 instead of 3000. It says:

Command error: listen tcp 0.0.0.0:80: bind: permission denied

momken: ports <1024 are privileged and only root may use them - if this software does not allow to shed privileges and you don't want to run it as root (maybe a wise choice) you could map the port in your firewall settings

mzar: I believe they do, but it's not static.

ridcully Thanks. I don't want to run this software as root. How could I map the port in firewall settings?

huh, C doesn't have nullptr? i thought that got added at some point... or is it still a proposal?

you could use mac_portacl instead, afaiu you would load the kernel module and add the rule uid:<gits uid>:tcp:80 to security.mac.portacl.rules

I throught nullptr was added to C23, but not sure

maybe our llvm is too old

do keep in mind that on most systems, NULL already is defined as a pointer and not a number

the C standard permits both IIRC

in a pointer context the constant 0 is a null pointer constant, you can add a void* cast in ´#define NULL´ to make sure it is only useable in a pointer context and gives a type error otherwise (more or less)

How can I map port 80 -> 3000 inside a jail? Configuring PF inside the jail is hard

reverse proxy?

wsky Do you mean ngingx?

i use apache but yes

how about using mac_portacl and allow the user to bind that port?

nimaje How?

afaiu you would load the kernel module and add the rule uid:<gits uid>:tcp:80 to security.mac.portacl.rules docs.freebsd.org/en/books/handbook/mac/#mac-portacl

any ideas on what's needed to direct-connect 2 FreeBSD servers via ethernet?

- I did the cabling ofc

- added a static IP to each NIC, in a separate dedicated subnet

- added a route for that subnet to the NIC

that's insufficient

`arp -i cc0 -a` shows only the local NIC, not the remote one

tried various things to add statically the remote IP : ethernet addr, unsuccessfully

I think the last time I had to do this was a windows NT 4.0 cluster ...

doing `arp -S 10.0.0.5 00:07:43:4a:90:40` yields an error `arp: delete: cannot locate 10.0.0.5`

the NICs think they're UP and ACTIVE

dch: you don't need to add a route, just configure one ip address on each side in the same subnet

if it doesn't work, something else is wrong - look at tcpdump to start with...

(one obvious thing to check: pf/ipfw?)

the only thing I've not checked is (they're dual port nics) is perhaps the ports are wired wrongly

no firewalls atm, just boxes with the nics

and i see nothing on tcpdump at all

show ifconfig output on both sides?

also how are you testing, ping?

I'm going to gist this .. gist.skunkwerks.at/dch/156a689 so I can just update/refresh it

for the moment, not even ping, just `arp`

I definitely need the route, otherwise it tries to go via the gateway, I guess /32 should be /24 or something

aand there it is!

use a /24 #facepalm

you definitely do not need the route :-) a route is created automatically when you add the ip address (as i guess you just discovered)

ivy: do you know if LACP can be done over direct connect?

i see no reason why not, but i've never tried it on freebsd

me too, lets see

btw, freebsd supports /31s for this type of link net, i.e. a network with just two addresses

i wish jail_set would return something more informative than EINVAL... is there some sort of debugging mode?

oh, you're meant to pass the parameters as name, value pairs, not a list of "name=value"

ivy: you mean `jail_set(2)` ? the iovec thingy?

yes, although i just found that you're probably meant to use jailparam_set instead - but it still doesn't work :-(

ivy: gist.skunkwerks.at/dch/9e85d523bfce4c4999cf5fdc6ed6adb3

reasonably sure we recommend `jail_set` these days

wait, what's &persist? i thought that would be a valueless parameter

ivy: see PM. its `int persist=1;`

okay, i tried with just name and path and now i get ENOTTY, which isn't even a documented errno value for jail_set()

ah, "errmsg" looks interesting...

how are you running it?

hang on, let me see what errmsg says then i'll show another example

I am stuck :((

I just want to bind gitea to port 80 in a jail

jail_set failed: Inappropriate ioctl for device (path cannot be changed after creation)

can I decrease

sysctl kern.securelevel

inside a jail?

dch: le-fay.org/tmp/7d/jailparam.txt - this is what gives the "path cannot be changed after creation" error...

momken: I used this when I set mine up, though I still had to figure a couple things out ccammack.com/posts/jail-gitea-in-freebsd

dch: it works if i remove JAIL_UPDATE, which... i sort of understand but that's a bit unhelpful

momken: no, you cannot decrease securelevel ever, that is the point of it, you have to change config file, then reboot.

i guess i need the TOCTOU dance with jail_set(JAIL_CREATE) / EEXIST / jail_set(JAIL_UPDATE)

ivy: I guess `JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH` is the equivalent of `jail -cm ...` from the terminal

dch Thanks for response. Which config file should I change?

yes, and jail_set(2) says it should work, but if you can't specify the path i'm not sure what good it is!

momken: man.freebsd.org/securelevel

scoobybejesus I was able to run gitea on port 3000 using

su - git -c "gitea web"

Not able to run it on port 80 and its service don't work too!

ivy: I like your IOV macro. Not a C programmer myself.

1000x more readable

next problem, setting "ip4" to "inherit" does not work, i guess you need a magic value like 0.0.0.0? is this stuff documented anywhere?

ivy: what happens if you just leave ip4 and ip6 out, doesn't that do what you want?

no, then i don't get any IP addresses at all

or does that give you a jail without net at all

IDK on that

momken I suggest running caddy or another reverse proxy in another jail, and it'll listen on 80/443, and it will connect to gitea on 3000

i'll try a few things :-)

I will look later for you

thanks for the help

ivy: why do you do `JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH` there?

I'd expect only one of them, not or'd together

scoobybejesus Isn't there any other option to force the jail to allow gitea to listen on port 80?

momken: yep, ummm

dch: jail_set(2) says you can use both to either create a new jail or attach or an existing one if it already exists

ivy: fair enough, it does! I guess if you try to change e.g. the path, this should fail.

great (partial) success - didn't sort out the networking yet

momken: use either `net.inet.ip.portrange.reservedhigh=0` ion /etc/sysctl.conf (on the parent) or look into man.freebsd.org/mac_portacl

personally I would go for wot scoobybejesus said, use a reverse proxy, have it do the TLS termination as well

ivy: please let me know when you figure it all out!

dch: i think you follow me on mastodon, i'll post something there once i have a workable PoC

then the bikeshedding can begin :-)

would like to get this into base so it's properly integrated with login.conf, manpages etc

oooh yes

much better than our janky solution

command="/usr/local/bin/sudo /usr/local/bin/jenkins-tmux.sh" ssh-ed25519 AAAAC3N...'

the idea is you'd be able to say stuff like jailed:userjail:userjail.ip4=1.1.1.1:tc=default:

said script being `/usr/sbin/jexec jenkins su -l $USER -c '/usr/local/bin/tmux -u new -DAs jenkins'

or any other jail parameter, so you could set it for a whole class or a specific user

ivy: please join #freebsd-jails when you have something, I'd love to see this in base

sure

dch Yeah I need to enable https for gitea too. It seems it's not possible with gitea's config file app.ini

god bless gitea api

luke_sb Was it a mocking?

scoobybejesus I found out why gitea service didn't work. It immediately receive a sigterm signal.

I don't know from where?

I am going to try forgejo on another jail. Maybe its service work fine.

dch: found how to do networking, you need to set "ip4" or "ip6" to the binary value JAIL_SYS_INHERIT

ivy: wtf how did you divine that? in `jail.h` its `L107:#define JAIL_SYS_INHERIT 2`

dch: spent 15 minutes reading sys/kern/kern_jail.c :-)

I guessed

"it must be around here ... somewhere"

where would you have expected to find this? in jail(2) or jail(3) ?

i think jail(2) or something Xreffed from there

momken: did you already try mac-portacl? what problems did you have?

i feel like it's (somehow) possible to get this information out of sysctl, which is how jail(3) does it, but the mechanism is unclear

nimaje I couldn't use mac-portal. Because I don't know how to configure it?

p.s. I am running gitea inside a jail over TrueNAS Core

momken: ok that would be something worth mentioning earlier

dch Running on TrueNAS core? Is it very different from FreeBSD?

in the same way you can have a car with an engine made by porsche

but you can put it in a truck or a car or a train

the config files are different, and in different places

the ease of tweaking stuff is different

dch I thought TrueNAS Core is only a FreeBSD using ZFS and iocage and having a decent web console

truenas is not really expecting you to change securelevels, or load kernel modules in general

momken: true in a very general sense, its a completely custom distribution of freebsd

no worries

so your best bet is to look on truenas.com/community for carry or haproxy. These days caddy is easier to get started with, but there might not be many posts for it

hm, not sure how well mac-portacl works with jails, you would need to load the kernel module on the host, but no idea if you can configure it to allow that bind and if so, if you would need to configure it on the host or if you have an additional sysctl namespace in the jail where you can configure it

nimaje: its a kernel module, you load & config it on the host

ideal for a jail :-)

momken: I skimmed the forums, truenas.com/community/threads/rever…y-with-optional-automatic-tls.75978 looks like a good place to start for you

dch Sorry for not telling that.

However TrueNAS (previous FreeNAS) is a very stable professional storage OS "out of the box"

momken: no worries :-)

ivy: oh, yeah, I forgot about that one

wg(8) is trivially broken with INET6-only by that, so we were going to switch it to just do what ifconfig(8) does since the exact family doesn't really matter for control operations

dch: this is only very basic and probably doesn't do what you want exactly, but: github.com/freebsd/freebsd-src/comp…main...llfw:freebsd-src:lf/dev/usrj

dch Whether using Gitea or ForgeJo, I guess I have to setup a reverseproxy anyway, because:

dch: as you are my #1 actual potential user, any feedback would be welcome :-)

1- I need to forward the traffic 80 -> 3000

2- I need to setup TLS (https)

ivy: seems nice, does the JAIL_ATTACH move the process into the created jail or how it the user session moved into it? what about ordering with other pam modules?

nimaje: yes, JAIL_ATTACH moves the calling process (the PAM user, e.g. sshd-session) into the jail. ordering i'm not sure, for testing i put it after pam_unix

as long as path=/, the attach operation is fairly benign (i think), using a different path will probably make it more complicated, but that's future work

especially if you want to allow restricting the filesystem it could be a problem if other pam modules assume to run in the context of the host or user

(i'm not convinced there's a huge benefit to using a non-root path compared to just running sshd in a jail, but perhaps someone has a reason to do that)

or maybe you would want to restrict the network for some user, but first do networked auth, but well auth would need to come before jailing anyway

yeah, this is a session module, so everything else should be done by then (... i think, i am far from an expert on pam)

kevans: ah yes. well, i've been running this in production for almost a year, so i guess it's safe to commit :-) although now i remember we had a problem where putting IPv4 addresses in AllowedIPs would crash on a non-INET kernel

yeah, that one I had a hackaround for and we were trying to convince someone to port OpenBSD's solution instead

I didn't commit it because I had hoped someone else would find the time since it didn't look like a complicated exercise, but no bites

dch I tried installing "forgejo" in another TrueNAS jail and it also can not be started with 'service forgejo start'

It receives SIGINT like gitea

Because Forgejo is just a soft fork of Gitea, because the far leftists controlling Codeberg didn't like that Gitea wanted to make money.

If you're the owner of a project, the ability to make money is a right.

momken, did you look around /var/log ? i seem to remember something similar happening, and I found the error in the logs

this comment in a bug thread helped me too: Try running gitea in the foreground:

`/usr/bin/env -i 'GITEA_WORK_DIR=/usr/local/share/gitea' 'GITEA_CUSTOM=/usr/local/etc/gitea' 'HOME=/usr/local/git' 'PATH=/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin' 'USER=git' /usr/local/sbin/gitea web`

scoobybejesus Here is output of cat /var/log/gitea/gitea.log

scoobybejesus Actually gitea was not run as service recently. Becuase now is 19:39 in Tehran and the last log line was for 17:03:43

is anything in /var/log/messages? i found there why it was panicking for me, which happened to be because it couldn't create a sublogger

There are some log lines in /var/log/messages but not related to gitea

I couldn't run gitea as a service. I must sleep a little. I will continue debugging when I am awake

momken: here's my app.ini (chowned to git user) with secrets removed paste.debian.net/1364608, and you already have my rc script, and this is a caddyfile snippet if you choose that route paste.debian.net/1364610

My home lab in the basement has somePv6 network problems. hosts can ping each other. hosts can't ping the gateway. gateway can't ping the hosts. When pinging the gateway, I can see the incoming "neighbor solicitation" requests on the gateway, I don't see any replies. Getting lost there.

dvl: show ifconfig from the gateway and one of the affected hosts?

also show the tcpdump output with the NS queries, there's one particular non-obvious behaviour here that depends on a sysctl i'd have to look up the name of

ivy: see dpaste.com/7A9D8SLKA for the first request

ivy: for the tcpdump dpaste.com/3BR3CNGUA

ivy: Some of the IPv6 addresses are prefixlen 64, some 128 I see. Many of those are jails.

dvl: because your hosts are sending NS from a GUA, try setting net.inet6.icmp6.nd6_onlink_ns_rfc4861=1 on the gateway and see if it makes a difference. i don't remember what exactly triggers that behaviour; might be related to the fact that you're using the subnet all-routers anycast address as the gateway address

A GUA?

global unicast address, i.e. not a link local address

the IPv6 spec says you're allowed to send such packets but FreeBSD drops them by default because they can be a security risk (since you now have routable NS/ND packets which is a bit weird)

ivy: done, seems to have no affect.

On the ping, checking tcpdump

dvl: next thing i would is using ::1 instead of ::0 for the gateway address (you could add it as an alias just to test), i don't know if that'll make a difference but the ::0 address is special

s/i would is/i would try it/

i assume you checked pf already and it's allowing NS/ND on the gateway :-)

ivy: OK, and for what it's worth, I'm copying this config based on another host, which was working just fine.

ivy: I've been checking pflog0 for blocks, nothing, and I've been dumping other nics too, in case of a mis-route issue. Nothing.

if neither of those things work i'm not sure what else to suggest, it seems weird :-/

ivy: ::1 added and tested: dpaste.com/HFAPE7FRC

00:00:00.015219 20:7c:14:f5:8e:53 > 33:33:ff:00:00:00, ethertype IPv6 (0x86dd), length 86: 2001:470:8abf:7055:: > ff02::1:ff00:0: ICMP6, neighbor solicitation, who has 2001:470:8abf:7055::, length 32

what?

oh, maybe that's DAD

Very interesting.

DAD sounds familar

ivy: dest unreachable on lo0 (first time I bothered to look at that nic): dpaste.com/FH4RPYBDF

uhm

dvl: what's in netstat -finet6 -rn ?

on the gateway

ivy: dpaste.com/FHD6X8K28

and, FWIW, the gateway can ping6 google.ca, and others.

2001:470:8abf:7055::/64 2001:470:8abf:7055:: UGS vlan7

that doesn't look right

it should be a link route

That might have been my manual attempts

[18:31 gw01 dvl ~] % sudo route -6 delete 2001:470:8abf:7055::/64

delete net 2001:470:8abf:7055::/64

ivy: what is meant by a `link route`?

you may need to remove/re-add the IPs on that interface to get the normal link route back, i'm not sure what the kernel does there

dvl: like this one: 2001:470:8abf:1055::/64 link#4 U igc3

oh

so an [18:34 gw01 dvl ~] % sudo route -6 add 2001:470:8abf:7055::/64 -iface vlan7

add net 2001:470:8abf:7055::/64: gateway vlan7

i strongly suggest letting the kernel add it rather than doing it by hand, just to be sure

[18:35 gw01 dvl ~] % sudo route -6 delete 2001:470:8abf:7055::/64

delete net 2001:470:8abf:7055::/64

I am seeing some "neighbor advertisement, tgt is fe80::" replies.

At one time since the last gateway reboot, this was working for a bit, I think. It may be time to reboot it and start from a known good configuration.

ivy: ironic, these started about 50 minutes ago. Mar 22 18:32:44 gw01 kernel: Limiting ICMPv6 neighbor discovery redirect output from 119 to 105 packets/sec

dvl: i don't even know what a neighbour discovery redirect is, but it does not sound like something normal :-) at this point i'd probably redo from start...

(as in start with one IP address on everything and make sure that works)

ivy: yeah, I'm sure something else I was working on earlier this week has had unintended consequences.

removed: sudo ifconfig vlan7 inet6 2001:470:8abf:7055::1 -alias

you know, one thing i really miss from VAX C is that you could write something like &JAIL_SYS_NEW to take the address of a literal value, which saved creating some temporary variable for it

ifconfig add inet 234.242.243.234/24 doesnt work

yamada: That's supposed to be an interface name, that second word there.

eh freebsd doesnt have electricsheep nomore ?

in pkg at least

i wonder why

btw is there a way to restart OSS service ?

or restart audio service completely ?