Does anyone know of a library that exposes something similar to Linux futexes, using something like _umtx_op

dgeo: still having issues?

dgeo: from my scaleway vm I have no trouble, so its probably your ISP

dch: yes

can you share output of `drill www.freebsd.org` , `traceroute www.freebsd.org` & `curl -4vsSLo /dev/null freebsd.org` ?

just in case its geodns in freebsd cluster behaving badly

;; ANSWER SECTION:

www.freebsd.org. 10 IN CNAME web.geo.freebsd.org.

web.geo.freebsd.org. 150 IN A 96.47.72.77

1. (waiting for reply)

2. 147.94.19.209 7.1% 14 0.1 0.1 0.1 0.3 0.1

3. 193.51.105.249 0.0% 14 0.4 0.4 0.2 0.5 0.1

4. 10.4.61.11 0.0% 14 1.0 0.9 0.7 1.3 0.2

5. 193.55.205.167 0.0% 14 26.5 2.7 0.4 26.5 6.9

6. 193.55.205.166 0.0% 14 1.1 1.3 0.9 3.5 0.7

7. 193.55.205.0 0.0% 14 3.4 1.8 0.8 5.4 1.3

8. 193.51.180.128 0.0% 14 4.9 5.2 4.9 5.4 0.2

9. 77.95.71.77 0.0% 14 9.3 10.2 9.3 19.4 2.7

10. 64.125.29.94 0.0% 14 91.8 91.9 91.8 92.2 0.1

11. 208.184.34.238 0.0% 14 88.1 88.0 88.0 88.4 0.1

12. 96.47.77.210 0.0% 14 88.3 89.0 88.2 98.9 2.8

13. 96.47.66.42 0.0% 14 88.4 88.4 88.0 89.8 0.5

14. (waiting for reply)

dgeo% curl -4vsSLo /dev/null freebsd.org 1

* Host www.freebsd.org:443 was resolved. 1

* IPv6: (none) 1

* IPv4: 96.47.72.77 1

* Trying 96.47.72.77:443... 1

* connect to 96.47.72.77 port 443 from 147.94.19.169 port 49516 failed: Operation timed out 1

* Failed to connect to www.freebsd.org port 443 after 75067 ms: Could not connect to server

* closing connection #0

curl: (28) Failed to connect to www.freebsd.org port 443 after 75067 ms: Could not connect to server

other people using the same isp (RENATER / AS2200) have the same problem, other ISPs behave differently

please use some pastebin next time

RENATER's support saw the traceroute and told me the problem must be on server side (in fact, I can ping 96.47.72.76 and 96.47.72.79 but not 96.47.72.77)

nimaje: yes, sorry. I'll remember

dgeo can you do a paste like mine? also traceroute not mtr so I can compare it to what I see here

but based on what you have here it does indeed look like problems at the last hop

I wonder if your ISP / net range has been blocked because of bad crawler behaviour?

dch: I have the same results from other ISPs, the problem appears only from RENATER ISP and 96.47.72.77 IP (we saw this because a friend using IPv4 only can't join vuxml.freebsd.org/freebsd/vuln.xml.xz)

dgeo: based on this info please open a bugzilla ticket for clusteradm to look into

let me know the PR# and I'll attach my info from Paris for comparison

I don't know, but this would be a bit hard: this ISP is dedicated to all public universities and research in france

I'll open a PR and tell you

dch: #285877

hm, does devd not have any way to reload its configs? do I really have to reboot to make new rules take effect?

nimaje: can't you just restart it?

ah, yeah, that should work too, lets see if it breaks anything

dgeo: thanks, I added mine also

seems like it worked and webcamd gets started for my gamepad

\o/

your gamepad has a webcam?

no, webcamd is a bit misnamed

"The webcamd daemon is basically a port of Linux USB device drivers into userspace in FreeBSD."

oh, weird

runxiyu: in general anything ! firefox shouldn't be used on Firefox, chromium tends to lag behind on security patches by a good week or two

and its too big to just compile from source

sorry, wht was that in reply to

runxiyu: ungoogled chromium not working

also I typoed, shouldn't be used on FreeBSD

I have not tried ungoogled chromium, but considering it is a fork of chromium it would likely recieve security patches even slower than chromium

> in general anything ! firefox shouldn't be used on Firefox

I can't parse this sentence

runxiyu: its typoed, I meant anything ! firefox shouldn't be used on freebsd

Oh

for reference right now ungoogled-chromium within the port tree is 2 weeks out of date (4 versions, including 1 major update)

after being bumped it can still take a while for the port to be built

I'll just not use my FreeBSD system for web browsing them (since I mostly use Librewolf, and occasionally Ungoogled Chromium for certain webdev™ things)

I dont see the issue with firefox, for the most part you can still get it reasonably secure/private

polarian: I need unsigned extenions

Well I guess I could use firefox esr

in any case it might be wise to jail whatever browser you do use because it usually is the biggest attack vector on a BSD system

and unlike Linux distros which have a lot more compute, and a lot more devs able to port browsers, *BSD tend to struggle to keep up, with... in some cases, biweekly updates to fix security issues

which is generally why most people use firefox, its much easier to build, its much faster to build (when I benchmarked it a few years back when playing with gentoo, Chromium took something like 15 hours to compile, while firefox was just 50 mins)

polarian: Unfortunately sometimes I need to test various modern "web technology"

for testing on a more normal system, BSD wont be your firend

friend8

friend*

and I dont think anyone would disagree with the statement "FreeBSD is not desktop ready"

which is exactly why the freebsd foundation is funneling cash into freebsd desktop

but they are focusing on the framework laptop mainly

theres not really that manpower to focus on lots of different laptop-specific problems, so they standardised on the framework laptop as that is what a lot of freebsd devs use

FreeBSD can be used on desktop, in 1990s I was running FreeBSD and browsed the Internet with Netscape Navigator

mzar: compare it to Linux desktop, there is unfortunately no comparison

desktop ready never meant that it worked on desktop

you cant even try to say that freebsd is as desktop ready as anything else

Linux was wonky at that time and panicked a lot

yeah, and now look at it, the standard *nix

OK

mzar: but BSD used to be big in the early 2000s server side too

ISPs were renown for adopting OpenBSD for routing and firewalling

how many of the big networking players now use a BSD base? very few afaik

it works pretty good as a desktop system, of course there is always room for improvement, like wifi support, which is more a laptop thing than a desktop thing

I dont know of a single home router/modem/AP bundle you get these days which isn't a 5 year old Linux version with 101 security flaws

nimaje: they "borrowed" DRM from Linux using LinuxKPI

same with the other BSDs

The "desktop" experience, is a lot of Linux code

polarian: Tbh, "I can't get a stable Chromium installation" (which is not that important to my normal workflow) is my only problem with FreeBSD desktop, so far

I mean, I guess I have issues with i915kms, but whatever I can work around them

a lot of "linux" code mostly provided by hardware vendors

cyric: never said it wasn't, but the Linux folks simply blame that on the fact they use better licencing (the GPL)

and I have bumped into a lot of BSD people which are pro-GPL now

windows wins that vendor popularity contest by far, so those folks should be pro-proprietary then

it kinda feels like there is a shift, I read a lot of old ML archives, and the older BSD devs have always made it clear they oppose the GPL and do not want it within base, the younger people I meet are all for the GPL, usually coming from Linux anyways, many of them use the GPL for their code. There is discussions on moving DRM into base, which will fix the i915kms issues, but means merging GPL

code directly into the src tree...

Dont get me wrong I came from Linux, but it never really fit my beliefs that well, and I strongly aligned with BSD more, but was too scared to hop ship...

apart from ghostbsd, there isn't a BSD you can just slap on your laptop/desktop and have a out the box desktop experience...

then add the notorious wifi troubles, and the spotty hardware support, compared to Linux which today can run on almost anything

anyways I derailed the discussions, apologies

runxiyu: you haven't experienced mass coredumps in your homedir yet?

a notible one is code-oss which seems to randomly segfault

i915kms has also caused panics a few times, why? dunno, pretty rare though

tends to happen on a fresh update it seems (after rebuilding :))

morning

SFJulie1: afternoon :P

I wanted to understand what could have gone wrong in a BSD install pastebin.com/Gjg9yF1J

context : I use qemu on linux to bootstrap an installer config and I made a change to add podman to the custom image

polarian: I use, uh, wayland, nvim, librewolf, texlive, gcc, clang, go1.24.1

that's about it

afternoon polarian :D

I've got a few MCEs due to me messing around in /usr/src/sys/kern too much

SFJulie1: seems like it can't find the root partition

strange it used too 1 commit ago

polarian: my i915kms issues tend to only make my display unusable, and doesn't crash the entire system

polarian: Fortunately the laptop I run FreeBSD on has Intel WiFi

another one I own has rtl8821ce which sucks

runxiyu: librewolf lags behind on updates, 127.0 has hit firefox latest, it has been pushed to the port tree but not yet built for latest, both quarterly's are lagging behind obviously

just as an example :P

Yeah that'd be a tiny issue for security

polarian: were you running it on servers at that time ?

mzar: at what time?

early 2000s?

nah I wasn't born, but I know people who were :P

in fact during the XFS issues, freebsd was kinda the only choice for storage solutions at the time :)

OK

at that time RiserFS was trending, but for Linux

and then reiser killed his wife

that's another story

bigger concern is it has been 1 month since an xorg vuln, the patch hit latest about a week ago, there is still no patch for quarterly

its been 1 month since the patch was pushed to the port tree

so it's now in quarterly

so to be honest moaning about a few days difference between a first party browser, and a third party is negligable compared to the bigger fish

2025Q2

mzar: freshports last checked 4am today, and quarterly 14 still has the vulnerable version

freshports are awesome, we have to be grateful to dvl with that regard

polarian, how can BSD boot from a partition and ignore its root partition ?

I guess I miss a command to tell the kernel hey guy your root partition is here (I use installer config that normaly works well)

and maybe qemu is not perfect

mzar: indeed, very useful!

SFJulie1: I don't know, but what I am seeing from the pastebin is the kernel init, and then it failing to find the root (asking you to specify it)

btw, kudo : podman installation on freeBSD is a breeze and it works as expected

if this is a podman issue, it might be worth asking in #freebsd-jails (despite the name, they do all containerisation)

I have a giganormous /etc/installerconfig I play with on qemu (I added podman this morning on a perfectly fine customization), and I fear it is qemu not doing its job correclty.

well, at least the old « dichotomy » method will work : commenting half the patch and see who creates the problem

polarian, when given the right root partition it is booting

is there a rescue command to fix the issue (with let's say boot device being ufs:/dev/ada0p4)

.

?

gptboot ?

SFJulie1: probably a bootloader configuration problem, but afaik it should autodetect the root partition

gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 something ?

ah right, silly me I forgot

the root should be in /etc/fstab

LOL found it thanks to you

I think its only zfs which it detects it

on a zfs system the only thing you put in /etc/fstab is your swap

not sure on ufs, haven't played with it in over a year now

I did a stupid > in fstab instead of a >>

ah right

that would explain it lol

I wish there was a networking channel for freebsd

maybe a suggestion for th eops

ops*

I dont want to post my stupid questions to the mailing list, its cemented in the history then :P

polarian, for the sake of curiosity I put you where the bug was (with a comment BUG) pastebin.com/GSjxgpsA

as a linux boy this one was tough for me ^^

ok so reading rc.conf gateway_enable needs to be YES if you want packets routed between interfaces, which I would assume you would want if you have different networks (obviously need a gateway), so I was kinda hoping this would fix my vnet jail problem but it doesn't and now I am stumped. ICMP packets pass, TCP packets pass out to the webserver, pass back to the router, and leaves the router iface

(in this case wireguard), tcpdump'ing my laptop, the packet never hits the wg0 iface on my laptop, so I assume its been dropped, so I added a pass all under the nat rule on my pf and loaded it, and STILL its being dropped, there should already be a state within the state table so it SHOULD bypass the PF filtering within the network stack, so at this point I am clueless on what to try...

logging ?

SFJulie1: sorry wasn't replying to you, thats me having my own issue lol

polarian, I know. I have my issues with vnet in jails too, I was trying to help (poorly)

wait you suggesting I log? I already have tcpdump'd on all relavent ifaces

I am going to go with the MTU problem and see if I can bump wg back up to 1500

sorry, the default is 1420 not 1500

ah I never bothered with IPTables

nftable is meant to be better

I just used ufw on Linux

pf is way better :D

indeed

pf is fun to work with, until something breaks :P

describing a graph is more logical for networks than spaghetti code (à la ASM)

I think pf is technically better in my mind but I'm used to iptables.....

at the end of the day it is "whatever floats your boat"

right

and put butter in the spinach

BSD is like sailing at the end of the day when you are bored of your linux tesla with too much magic :D

I think it is time to embarrass myself on the mailing list

good luck and godspeed

I should make an alt just for asking stupid questions :P

wait I wonder if it is due to the routing table...

because I am using wireguard all packets go via wg0

I guess I should try it without wireguard

*pretty obvious I should have done this first*

ok I can see the routing table has nothing for managing this

ok its wireguard, found the issue

... and it was ?

SFJulie1: yes

hot tip: always check what route(8) outputs when using "show"

omfg selectively removing blocks of IPs from the wireguard AllowedIPs is painful

hmmm, does freebsd route IP addresses based on the smallest block first, ie: 0.0.0.0/0 would be the last matched rule, if there is a say 192.168.0.0/24 rule, it would match the smaller block over 0.0.0.0/0 which means in theory, I just need to add an explicit rule and the 0.0.0.0/0 will not match

polarian: yes, longest prefix always wins

all IP routers work like this

thought so

just had to make sure so I didnt seem like an idiot :P

never be too proud for doing that. I do that all the time.

Well. . . just remember, the metric trumps all.

People forget that.

CrtxReavr: not unless you're doing something quite unusual. a worse (metric) longer prefix is still preferred over a shorter but better prefix

hmm this one is a head whack

so I assumed the reason the response packets for tcp connections were being dropped ont he host was due to the routing table, but using route show the routing table should route the packet via the epair... but yet the host is still dropping the packet for some reason...

there is state, it shouldn't even be checked by pf, state bypasses it

polarian: do you by any chance have 'set state-policy if-bound'? also, add 'log' to all your block rules and check pflog to see which rule is dropping the packet

the only block rule is block all so I will log that

also I do not have set state-policy if-bound

I do not have pflog configured though

you should probably enable pflog and check there anyway to see if it's pf dropping the packet or something else

that would be a good idea

I will take a look later, thanks for the suggestion

also if this is wireguard, check AllowedIPs, that seems obvious but it's easy to forget

ivy: its 0.0.0.0/0

but its not the biggest priority in the routing table

I checked the IP address of the jail against the routing table, it should go via the epair

the thing I dont get, I have read a lot on pf, and afaik in all cases pf does not deal with the response if its stateful, (aka if you have keep state, and the state exists, then packet ALWAYS passes)

it doesn't hurt to setup pflog and check, but I doubt that is the issue

I also doubt it MTU either, as it goes from 1420 to 1500 just fine router side

I've never had an issue with FreeBSD getting MTU wrong when routing between interfaces, even with tunnels.

Now Linux, on the other hand. . .

I will have to check pflog and see if it is there

I am not really sure what else it could be though

the weirdest thing is that ICMP passes, but TCP doesn't

the routing table is correct, and the /24 route should match before the 0.0.0.0/0 route

I see it leave the router wg0 if but not enter the host wg0 if

polarian: you have to run tcpdump, sniff the traffic, check each TCP segment with it and you will find the culprit

you just need good, extended troubleshooting

mzar: no need to sniff - he's already got pflog, so can read the traffic from a file

polarian: I've seen wg behave... in various different ways across systems. And it includes FreeBSDs hypervised by 3rd party or my own bhyve.

polarian: please tl;dr, as I'm not sure what the issue is. I've read the buzz above, about the MTU or what not; but what's the tl;dr?

regis: good to know

anyway, good, extended troubleshooting will help

could you please fix the topic or #freebsd-pulse ?

koobs retired and we are now low on qualified ops

ober: er, release/stable/main?

14.2 release

ober: not sure but is it writing to the swap dev at startup and then the .eli swap from your fstab overwrites the crash dump metadata with geli ?

that's what I'm guessing. need a non-encrypted device

maybe so. i think i remember something like this happening to me

how big is your swap compared to your ram?

2GB swap, 64GB memory

I stupidly forgot to change mine during the installation and now I have a default sized swap partition of 2GiB to my 64GiB of ram, and dump fails because the swap is too small

regis: host is dropping packets when they come in via wireguard

heh that could also be an issue

ty

I didn't want to reinstall, because tbh I never need the swap for performance reasons anyway

you can use a USB drive as dumpdev

that was my workaround

that's an idea

there's also like a way to store the dump to another device over the network(which I freaking love btw, this type of thing is what I love about FreeBSD

will ddb_enable do the right thing from within X to drop to console?

most of my time in ddb so far has been after kernel panics from loading the graphics drivers, so can't help you with that one :P

I guess try it and see what happens

that's funny that we made the same brainfart during install with the same amount of ram. makes me feel slightly less silly, I guess

dumpdev="AUTO" should dump on your swap device in the crash handler before powering off and write the dump to your filesystem before mounting your swap

nimaje: yeah, but if the swap is too small, it won't

even just a backtrace would be nice.

was mostly meant for jmnbtslsQE

at least in my case, even on a fresh install with nothing running, not even X, kernel panic from loading i915kms, the size of the minidump was something like 2.5G, so no cigar

mtll: are there docs on dumping over the network?

dumpon manpage is your friend

netdumpd in ports

ty

though netdumpd is what you install on the receiving machine, to be clear

aye

again this is what i love about FreeBSD in general; it tends to have the kind of features that you rarely need, but when you do need them, you *really* need them

mtll: yep, the default of 2gb swap is weird, i really wish freebsd supported dumping to a zvol so you could resize that dynamically

Does anyone know if dtrace scripts can include another file? I plan to have a LOT of structs and the file will likely get quite large.

it seems to me that the bsd license could be extended to help protect the bsd licensers from having their software stolen from them by proprietary or gpl copyright trolls. i have been bullied out of using bsd license by nearly everyone I speak to threatening to sue me

farhan: yes cpp is used for that, so #include like you would in c

lisbeths: what? do they think your software is derived from some GPL software?

no they keep telling me that they are going to make a new version and sue me if I use that version

for example there will be a spelling mistake in my software and then they will fix the spelling mistake and then threaten to sue me

who are these jerks

any company that's interested in the software should be glad for the gift and not try to kill the golden goose

it's free as in puppies, not free as in beer