wish I had my session history so I could see the start of this conversation

sponix2ipfw: context is reviews.freebsd.org/D52174

thanks

hopefully a web browser will finish compiling soon and I can catch up :P

that is pretty interesting

trying to boot freebsd after installing it on a partition alongside debian

I tried Super Grub2 Disk and it said freebsd not detected

bleb: UEFI?

ek, I asked a linux friend about the need for the bpool in linux and it is amazingly close to the reasons that have been discussed recently in that recent feature review. Anyway linux grub is only coded to support a subset of zfs features. The root rpool defaults to all features enabled and upgraded. The boot bpool is limited to a subset of features that grub supports.

yeah

ek, Seems like that would be a big footgun if the bpool were fully upgraded and grub didn't support some feature. That would render the system unbootable and not so easy to recover.

we'd love to not have to regularly use a bootpool setup if we can avoid it

Agreed!

Compatibility properties are amazing.

rwp: Wait, so the pools have different ZFS limitations and/or features? They can be out of sync?

ek: You can have whatever features you want. You can't turn features off once they're on, is the trick.

ek: So if GRUB doesn't support a feature you've turned on, GRUB can't read the pool in question.

mason: I'm familiar with ZFS on FBSD. I'm talking about the rpool VS bpool in Linux that rwp had mentioned.

ek: What did you think I was talking about?

bleb: Anyway, if UEFI, look at this: wiki.freebsd.org/MasonLoringBliss/BootingFreeBSDfromUEFIGRUB

mason: At first, I wasn't sure. :) My bad.

I did do some testing with Ubuntu using root on ZFS and something that seemed strange to me was that a kernel update *appeared* to update ZFS snapshots as well. I haven't confirmed this yet. But, the way the kernel update reported things was strange, to say the least.

ek: Do you mean they took a snapshot of the dataset containing root before installing the new kernel? That'd be nice. Been a number of years since I poked at Ubuntu.

ek, That's the way it was communicated to me and the way I understood it. Yes. Don't upgrade your bpool unless you know grub will boot the new features. Good to know.

mason: Well, it's hard to say. I wasn't snapshotting the bpool, but I was snapshotting the rpool each day. When I decided to perform an update via apt, it looked like it update each daily snapshot as well. So, I dunno? I didn't look much more into it. But, it is just a VM I was using for testing. I need to look into it more, I supoose.

What did it look like that looked like a daily snapshot was updated? Because snapshots should be static, right?

rwp: That's kinda scary, but good to know. Thanks!

rwp: So, the reason why I mentioned compatibility was that there are GRUB compatibility files in /usr/share/zfs/compatibility.d with OpenZFS./

rwp: You would think so, yes! That's why it was surprising. When the APT kernel install was performed, it reported over and over and over the install being done. Hadn't seen that before. But, when I counted the installs, it seemed to match the number of snaps I had.

I look at one Ubuntu root on zfs system with a bpool + rpool and zpool status does not nag to upgrade the pool to more features. As I would suspect if there were additional features available to upgrade to. So maybe this is a theoretical-only problem there? At this moment anyway.

So if you specify one of those, you'll never accidentally turn on features the specified version of GRUB can't use. I see grub2, grub2-2.06, and grub2-2.12 at present. These appear to exist for just this sort of caution.

grub2 appears to be identical to grub2-2.12, whereas grub2-2.06 lacks about eight feature flags.

ek, Total guess here but snapshots should be static. But snaps cloned to "fs" filesystems are live branches and writable. Could there be that many fs types there? "zfs list -t fs"

Frankly if I were using a bootpool I'd pick a grub set and just stick with it.

Anyway. G'night.

mason, How did you determine that feature set from grub? Oh, catch you later for it. Good night!

rwp: I've never seen non-static snaps. I don't believe there are any live branches. I'll spin up the VM now and take a look.

rwp: It's shipped with OpenZFS.

mason: G'night!

o/

The Ubuntu machine I peek in at has grub 2.12-1ubuntu7.3 installed. But no idea how to tell what feature flags it supports.

Same. 2.12-1ubuntu7.3.

ek, zfs snapshots should be static read-only. But "zfs clone asnap321 zroot/somedatasetname" will turn it into a writable filesystem branch.

I don't have any "fs" snapshots.

rwp: Right. I have no cloned snaps.

Which of course is the basis for Boot Environments. Which are a totally awesome feature.

VM is up and running. I don't see anything out of the ordinary. Still not sure.

is there a quick guide to contributing to freebsd ports? theres a port I would like to update, and also a new port I'm considering to replace a no longer maintained one.

'zfs list -t "fs"' doesn't work since "fs" doesn't exist. But, I do have "filesystem" (obviously) but it just lists standard ZFS filesystems.

ek, I think by default you should have several cloned snapshots, because Boot Environments are set up automatically. See "bectl list". Each of those are cloned snapshots.

duskmoss: docs.freebsd.org/en/books/porters-handbook

That's about as good as it gets. Quick guide? You can go through the "Quick Porting" part, I suppose. But, it isn't really that quick.

Not many shortcuts when it comes to porting on FBSD (which is a good thing.) But, if you have issues or questions, a good place to start is #freebsd-ports here on Libera.

rwp: bectl exists on Ubuntu?

I'll just mention in passing that there are no shell meta-characters in fs and it does not need to be quoted to protect it from shell interpretation. :-) The short name fs is a short name for the longer filesystem. "zfs list -t filesystem" is the long form.

it's mostly an overview to the social/communicative part I'm looking for. the code part is relatively simple to understand :P

Sorry, no, bectl does not exist on Ubuntu.

rwp: Haha. Just checked. No bectl. :( I was hoping that was it.

Ew... I just crosschecked Ubuntu's zfs-list with FreeBSD and Ubuntu's lacks the fs shortcut there. But using the full "zfs list -t filesystem" does work to list live filesystem datasets there.

duskmoss: That's fair. #freebsd-ports or ports⊙fo (mailing list) will be the place to go for anything *ports*

Obviously, you're more than welcome to ask here. But, this is more of a general chat.

rwp: Yeah. I wasn't just joking around. "zfs list -t fs" doesn't work. lol

:) thx

I was surprised when I tried it that it did not work there. Because that feature has been in FreeBSD since I have been using it. It's a fork in the implementations. And since they are using OpenZFS I hope that doesn't mean that it will eventually be lost in the convergence here too. (shrug)

rwp: I hope not as well. I like the zfs command shortcuts. If I have to type "zfs list -t snapshot (instead of snap)" every time, I'll be lost.

Fortunately -t snap does seem to work there. Whew!

It does.

Still, though, why would it install the kernel updates to each filesystem? Why would rpool/USERDATA need a kernel update?

I'll have to actually log the update next time. It just threw me off a bit.

I did the update, kernel was apparently installed everywhere it possibly could be, and I rebooted (like a smart person.) Everything was fine so I just let it ride out.

I'll pay more attention next time.

This isn't even FBSD-related. I suppose we can move along to the next topic?

... if there is one.

Just brainstorming but could the update-initramfs be updating the initramfs for each kernel that it has found? No idea. Just spitballing...

On the FreeBSD front I had fail2ban working. (Yes I know about blacklistd.) And now it is running but just never matching anything in any log file. I have poked at it a little but haven't tripped over the problem yet.

openzfs 2.3.0 seems to have shipped -t fs: openzfs/zfs c346068

i'm surprised we hadn't upstreamed that before

It's a useful shorthand for the command line.

rwp: Could be. But, I tend to only keep two kernels available. Last known good, and current. So, I dunno! It really took me by surprise when I saw it but had no idea what was happening. I'll pay closer attention next time and report.

how's 15 shaping up? on track for stable branch next week?

i'm seeing lots of "zone: pf states] pf states limit reached" messages. does that mean i need to adjust the states limit in pf.conf upward? and if so, how do i find out the default value so i know what to increase it from?

current entries of state table it's 15,866

what's weird is i don't see that message on a box with 77,355 current state entries, so why i am for this box? exact same config fwiw

ok looks like pfctl -sm shows hard limits and it's 100,000 for states. so why tf was 15k state entries causing pf states limit reached msg in log?

i increased all pf hard limits by 4x. the ones shown by pf -sm

what main things should i look at to see if i need to increase limits or otherwise performance tune? i checked memory and congestion in pfctl -si, i looked at netstat -m, what else? it's a server doing lots of traffic

udp mainly fwiw

kerneldove, does 'netstat -m' show your mbuf and mbuf clusters getting maxed out?

anyone got an amd ai 300 series processor and want to send me acpidump output? (thj⊙fo)

I like how most of the utilities/commands in FreeBSD base system are 'jail aware' (the '-j' flag). Built-in container support right out of the box. Unlike some other "operating systems" that aren't really operating systems.

Is it possible to run an openVPN client from a jail?

trying to boot freebsd which I installed on a partition with linux, but atm I can only boot into linux

I was thinking of using efibootmgr to make an efi entry

linux, if I ls -l /boot/efi/EFI, there's a file called "freebsd" but it can't be read for some reason

ls -l shows d????????? ? ? ? ? ? freebsd

file freebsd prints "freebsd: cannot open 'freebsd' (Input/output error)

Did you install it with ufs or zfs? GRUB is very limited in its support for zfs

I get the same thing with a file called "boot"

ufs

tuaris: Been a long while since I used OpenVPN, but should be possible in a VNET jail, you should take care of some devfs rules too, unhide tun devices e.g.

I'm seeing some search results say I need to do "sysctl security.jail.param.allow.tun=1". Is that on the host or in the jail.

I'm not sure that you need the sysctls if you unhide tun interfaces in a devfs ruleset

the devfs rules happen on the host in /etc/devfs.rules. There is no need to do anything in the jail.conf file? I want it to only apply to this one jail.

Create a separate ruleset and apply it to just this one jail

Oh, I see.... I create the rule like "[devfsrules_jail_tun=10]" and then reference it in jail.conf with "devfs_ruleset="devfsrules_jail_tun""

devfs_ruleset=10, yeah

I'll have to read up more on devfs.rules and understand the syntax. I have no idea what "[devfsrules_jail_tun=10]" means :)

It's just a name and a number :)

It can be any number/name?

Any.. non-overlapping one

Yeah, just a way to reference it

Have a look at the man pages, and use the default rulsets as a reference

The defaults in /etc/defaults/devfs.rules I mean

I found this thread

it suggests using this command to create a boot entry:

hmm, it didn't like the "devfs_ruleset="devfsrules_jail_tun"" -> jail: /etc/jail.conf.d/vpn.conf line 3: }: syntax error"

efibootmgr -a -c -l /mnt/EFI/freebsd/loader.efi -L FreeBSD-11

devfs_ruleset=10, use the number you gave it

ahh

but I can't see a "loader.efi" under freebsd, because "freebsd" gives me an input/output error when I try to read it

ls EFI/freebsd -> ls: cannot access 'EFI/freebsd': Input/output error

does that mean it's corrupted for some reason, and I should try reinstalling?

FreeBSD-11 ?! Are you copy/pasting some random commands?

I copied that from the thread that I linked

and pasted it into this channel

if I were to run the command I would write FreeBSD-14, but I haven't run it yet because there doesn't seem to be a "loader.efi" file

so I'm trying to find out what command I should run

Hi, I have a macbook pro mid 2014 that I recently installed freebsd (I was running openbsd), but I cant make the touchpad work properly. Tried with atp and wsp drivers but with both the keyboard and touchpad stops working the moment I either start Xorg or moused.

This is weird, according to the docs man.freebsd.org/cgi/man.cgi?query=j…path=FreeBSD+14.3-RELEASE+and+Ports. This should work: "devfs_ruleset=10", but I keep getting a synrax error

oh

Paste your jail conf

it needed a ";"

yep, it does

I want to re-do my freebsd installation

I want to use an existing partition that I created a while ago

if I select the partition in the installer it says there's already a filesystem there and that I should run fsck

can I erase the filesystem without deleting the partition?

I don't know freebsd commands so I'm running dd if=/dev/zero of=/dev/sda4 from linux, but it's taking a while

feels like there should be a better way...

what...

even after the dd, the installer says "The chosen root partition has a prexisting filesystem. If it contains an existing system, please update it with freebsd-update instead of installing a new system on it. The partition can also be erased by pressing "No" and then deleting and recreating it. Are you sure you want to proceed?

why does freebsd thing the partition has a filesystem when I just zeroed it out?

then if I proceed it says Error mounting partition /mnt: mount: /dev/ada0p4: No such file or directory

so I guess I just can't install freebsd

hmmm, still no luck. I posted all the info here: forums.freebsd.org/threads/openvpn-client-inside-a-jail.99009

tuaris: why not `dev tun0` instead of `dev tun`?

Is that what I should change in the openvpn config file? I was just given that config file, it's unmodified.

istr that'd probably work, yeah

Slightly diffrent error message: Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)

it might be the case that yu need to pre-create the tun0 outside of the jail

otherwise you're relying on devfs cloning, iirc

Oh, I need to add prestart commands like this guy did here: forums.freebsd.org/threads/configur…penvpn-in-a-jail.48676/#post-272037

I'm not sure I know the addresses, hmm

let me recommend "dev tun10"

since dev tun0 can show up in the meantime and break things

tuaris: i don't believe you need to go that far

i believe you can just ifconfig tunfoo create in prestart and openvpn will do the other configurtion?

configuration

oh, maybe i'm thinking of vnet jails specifically, which this isn't

tuaris: add path 'bpf*' unhide

add path net unhide

add path netmap unhide

add path 'net/*' unhide

you can skip netmap and bpf if you don't need it

btw, netmap works just fine in jails

tuaris: in non-vnet jails you'll probably need this one too: reviews.freebsd.org/D49843?id=153694

and it wasn't backported to 14

if you have 15, then kldload if_ovpn on the host, extend devfs ruleset, allow routing according to D49843 and you should be able to run OpneVPN in non-vnet jail

# x=$((08 / 3 + 1))

-/bin/sh: arithmetic expression: expecting EOF: "08 / 3 + 1"

# x=$((8 / 3 + 1))

works

a bug?

bash says "value too great for base"

I guess 0 at the start of a number means the next digit is octal?

auto-pkg-branch has a bug related to this:

quarter=$(($month / 3) + 1)

also

quarter=$((($month - 1) / 3 + 1))

causes problems if $month is 08 or 09

bug only appears two months of the year!

CrtxReavr, what do you mean by maxed out? the "denied" lines?

I mean like current hitting max.

Or yeah. . . allocation errors.

CrtxReavr, there are x/y/z requests for mbufs denied yea. dunno what lines correlate to "allocation errors" tho

how can i tell if max is being hit

kerneldove, you use bash?

ya

Type this: alias tb='ncat termbin.com 9999'

Then: netstat -m | tb

Then paste the URL it prints.

This is just a quick & dirty way to pipe to a pastebin site.

said ncat wasn't installed so i tried pkg install ncat and it said no pkg matching ncat found

Oh, change it to nc

silly OS differences

I dont' see 'mbbufs denied'

Sure you didnt mean delayed?

er - now I see it - sorry.

lol

do the same for netstat -i

There anything in your logs?

like /var/log/messages?

Yeah, if they cover the time period where you encountered this.

lots of "Limiting icmp unreach response from x to y pack/sec"

grep igb1 /var/run/dmesg.boot

pciconf -lv | grep -B3 -A1 network

What's that funny MAC address: igb1: Ethernet address: a:f:6:f:0:5

i just took 1 char out of each segment for privacy

ill mention that if i do it again

I'm short on ideas.

so no obvious problems?

The last time I saw mbufs runnig, was back in the 3.x days when I jammed 13 NICs into a box and was using it as a router, while we waited for the right supervisor blades to show up for a Cat-6500E.

And I was able to figure that out and fix it. . .

Though, the OS has since changed to allocate mbufs automatically.

oh it does?

Supposed to.

so maybe the denials caused more to be allocated so prob solved?

No. . . I'd think the auto-allocation should have stopped it from happening in the first place

You encounter other symptoms?

not that i can think of

where's it documented that mbufs are automatically increased?

kern.ipc.nmbufs: 12823340

With 64k total, you are far from the limit

on my system the sysctl for that is 13022432

mzar: ah, so open vpn on non vnet jails is only supported in 15. Interesting.

divlamir, if i'm far from limit why were there denieds?