00:12:39 wish I had my session history so I could see the start of this conversation 00:22:18 sponix2ipfw: context is https://reviews.freebsd.org/D52174 00:23:42 thanks 00:23:56 hopefully a web browser will finish compiling soon and I can catch up :P 02:14:51 that is pretty interesting 03:22:10 trying to boot freebsd after installing it on a partition alongside debian 03:22:32 I tried Super Grub2 Disk and it said freebsd not detected 04:13:48 bleb: UEFI? 04:20:19 ek, I asked a linux friend about the need for the bpool in linux and it is amazingly close to the reasons that have been discussed recently in that recent feature review. Anyway linux grub is only coded to support a subset of zfs features. The root rpool defaults to all features enabled and upgraded. The boot bpool is limited to a subset of features that grub supports. 04:21:20 yeah 04:21:22 ek, Seems like that would be a big footgun if the bpool were fully upgraded and grub didn't support some feature. That would render the system unbootable and not so easy to recover. 04:21:44 we'd love to not have to regularly use a bootpool setup if we can avoid it 04:21:56 Agreed! 04:22:56 Compatibility properties are amazing. 04:26:03 rwp: Wait, so the pools have different ZFS limitations and/or features? They can be out of sync? 04:26:49 ek: You can have whatever features you want. You can't turn features off once they're on, is the trick. 04:27:25 ek: So if GRUB doesn't support a feature you've turned on, GRUB can't read the pool in question. 04:27:30 mason: I'm familiar with ZFS on FBSD. I'm talking about the rpool VS bpool in Linux that rwp had mentioned. 04:27:45 ek: What did you think I was talking about? 04:27:56 bleb: Anyway, if UEFI, look at this: https://wiki.freebsd.org/MasonLoringBliss/BootingFreeBSDfromUEFIGRUB 04:27:56 mason: At first, I wasn't sure. :) My bad. 04:32:12 I did do some testing with Ubuntu using root on ZFS and something that seemed strange to me was that a kernel update *appeared* to update ZFS snapshots as well. I haven't confirmed this yet. But, the way the kernel update reported things was strange, to say the least. 04:38:05 ek: Do you mean they took a snapshot of the dataset containing root before installing the new kernel? That'd be nice. Been a number of years since I poked at Ubuntu. 04:39:03 ek, That's the way it was communicated to me and the way I understood it. Yes. Don't upgrade your bpool unless you know grub will boot the new features. Good to know. 04:40:49 mason: Well, it's hard to say. I wasn't snapshotting the bpool, but I was snapshotting the rpool each day. When I decided to perform an update via apt, it looked like it update each daily snapshot as well. So, I dunno? I didn't look much more into it. But, it is just a VM I was using for testing. I need to look into it more, I supoose. 04:41:24 What did it look like that looked like a daily snapshot was updated? Because snapshots should be static, right? 04:41:25 rwp: That's kinda scary, but good to know. Thanks! 04:42:29 rwp: So, the reason why I mentioned compatibility was that there are GRUB compatibility files in /usr/share/zfs/compatibility.d with OpenZFS./ 04:42:56 rwp: You would think so, yes! That's why it was surprising. When the APT kernel install was performed, it reported over and over and over the install being done. Hadn't seen that before. But, when I counted the installs, it seemed to match the number of snaps I had. 04:43:11 I look at one Ubuntu root on zfs system with a bpool + rpool and zpool status does not nag to upgrade the pool to more features. As I would suspect if there were additional features available to upgrade to. So maybe this is a theoretical-only problem there? At this moment anyway. 04:43:13 So if you specify one of those, you'll never accidentally turn on features the specified version of GRUB can't use. I see grub2, grub2-2.06, and grub2-2.12 at present. These appear to exist for just this sort of caution. 04:44:47 grub2 appears to be identical to grub2-2.12, whereas grub2-2.06 lacks about eight feature flags. 04:45:20 ek, Total guess here but snapshots should be static. But snaps cloned to "fs" filesystems are live branches and writable. Could there be that many fs types there? "zfs list -t fs" 04:45:21 Frankly if I were using a bootpool I'd pick a grub set and just stick with it. 04:45:42 Anyway. G'night. 04:46:28 mason, How did you determine that feature set from grub? Oh, catch you later for it. Good night! 04:46:37 rwp: I've never seen non-static snaps. I don't believe there are any live branches. I'll spin up the VM now and take a look. 04:46:43 rwp: It's shipped with OpenZFS. 04:46:54 mason: G'night! 04:46:57 o/ 04:48:26 The Ubuntu machine I peek in at has grub 2.12-1ubuntu7.3 installed. But no idea how to tell what feature flags it supports. 04:49:40 Same. 2.12-1ubuntu7.3. 04:49:54 ek, zfs snapshots should be static read-only. But "zfs clone asnap321 zroot/somedatasetname" will turn it into a writable filesystem branch. 04:50:02 I don't have any "fs" snapshots. 04:50:21 rwp: Right. I have no cloned snaps. 04:50:23 Which of course is the basis for Boot Environments. Which are a totally awesome feature. 04:51:06 VM is up and running. I don't see anything out of the ordinary. Still not sure. 04:51:55 is there a quick guide to contributing to freebsd ports? theres a port I would like to update, and also a new port I'm considering to replace a no longer maintained one. 04:52:16 'zfs list -t "fs"' doesn't work since "fs" doesn't exist. But, I do have "filesystem" (obviously) but it just lists standard ZFS filesystems. 04:52:46 ek, I think by default you should have several cloned snapshots, because Boot Environments are set up automatically. See "bectl list". Each of those are cloned snapshots. 04:52:51 duskmoss: https://docs.freebsd.org/en/books/porters-handbook/ 04:53:45 That's about as good as it gets. Quick guide? You can go through the "Quick Porting" part, I suppose. But, it isn't really that quick. 04:54:30 Not many shortcuts when it comes to porting on FBSD (which is a good thing.) But, if you have issues or questions, a good place to start is #freebsd-ports here on Libera. 04:54:57 rwp: bectl exists on Ubuntu? 04:55:28 I'll just mention in passing that there are no shell meta-characters in fs and it does not need to be quoted to protect it from shell interpretation. :-) The short name fs is a short name for the longer filesystem. "zfs list -t filesystem" is the long form. 04:55:42 it's mostly an overview to the social/communicative part I'm looking for. the code part is relatively simple to understand :P 04:55:48 Sorry, no, bectl does not exist on Ubuntu. 04:56:22 rwp: Haha. Just checked. No bectl. :( I was hoping that was it. 04:57:24 Ew... I just crosschecked Ubuntu's zfs-list with FreeBSD and Ubuntu's lacks the fs shortcut there. But using the full "zfs list -t filesystem" does work to list live filesystem datasets there. 04:57:50 duskmoss: That's fair. #freebsd-ports or ports⊙fo (mailing list) will be the place to go for anything *ports* 04:58:15 Obviously, you're more than welcome to ask here. But, this is more of a general chat. 04:58:46 rwp: Yeah. I wasn't just joking around. "zfs list -t fs" doesn't work. lol 04:59:23 :) thx 04:59:55 I was surprised when I tried it that it did not work there. Because that feature has been in FreeBSD since I have been using it. It's a fork in the implementations. And since they are using OpenZFS I hope that doesn't mean that it will eventually be lost in the convergence here too. (shrug) 05:02:01 rwp: I hope not as well. I like the zfs command shortcuts. If I have to type "zfs list -t snapshot (instead of snap)" every time, I'll be lost. 05:02:25 Fortunately -t snap does seem to work there. Whew! 05:03:02 It does. 05:03:56 Still, though, why would it install the kernel updates to each filesystem? Why would rpool/USERDATA need a kernel update? 05:04:20 I'll have to actually log the update next time. It just threw me off a bit. 05:05:22 I did the update, kernel was apparently installed everywhere it possibly could be, and I rebooted (like a smart person.) Everything was fine so I just let it ride out. 05:05:28 I'll pay more attention next time. 05:06:11 This isn't even FBSD-related. I suppose we can move along to the next topic? 05:06:16 ... if there is one. 05:11:15 Just brainstorming but could the update-initramfs be updating the initramfs for each kernel that it has found? No idea. Just spitballing... 05:12:12 On the FreeBSD front I had fail2ban working. (Yes I know about blacklistd.) And now it is running but just never matching anything in any log file. I have poked at it a little but haven't tripped over the problem yet. 05:19:40 openzfs 2.3.0 seems to have shipped -t fs: https://github.com/openzfs/zfs/commit/c346068e5efeafd5676ab1644086877173ca4226 05:19:57 i'm surprised we hadn't upstreamed that before 05:25:10 It's a useful shorthand for the command line. 05:39:32 rwp: Could be. But, I tend to only keep two kernels available. Last known good, and current. So, I dunno! It really took me by surprise when I saw it but had no idea what was happening. I'll pay closer attention next time and report. 08:02:19 how's 15 shaping up? on track for stable branch next week? 09:15:25 i'm seeing lots of "zone: pf states] pf states limit reached" messages. does that mean i need to adjust the states limit in pf.conf upward? and if so, how do i find out the default value so i know what to increase it from? 09:16:16 current entries of state table it's 15,866 09:19:11 what's weird is i don't see that message on a box with 77,355 current state entries, so why i am for this box? exact same config fwiw 09:44:43 ok looks like pfctl -sm shows hard limits and it's 100,000 for states. so why tf was 15k state entries causing pf states limit reached msg in log? 11:28:12 i increased all pf hard limits by 4x. the ones shown by pf -sm 11:37:46 what main things should i look at to see if i need to increase limits or otherwise performance tune? i checked memory and congestion in pfctl -si, i looked at netstat -m, what else? it's a server doing lots of traffic 11:37:51 udp mainly fwiw 14:55:52 kerneldove, does 'netstat -m' show your mbuf and mbuf clusters getting maxed out? 14:56:34 <[tj]> anyone got an amd ai 300 series processor and want to send me acpidump output? (thj⊙fo) 17:03:28 I like how most of the utilities/commands in FreeBSD base system are 'jail aware' (the '-j' flag). Built-in container support right out of the box. Unlike some other "operating systems" that aren't really operating systems. 17:12:02 Is it possible to run an openVPN client from a jail? 17:22:38 trying to boot freebsd which I installed on a partition with linux, but atm I can only boot into linux 17:22:52 I was thinking of using efibootmgr to make an efi entry 17:23:35 linux, if I ls -l /boot/efi/EFI, there's a file called "freebsd" but it can't be read for some reason 17:24:11 ls -l shows d????????? ? ? ? ? ? freebsd 17:24:36 file freebsd prints "freebsd: cannot open 'freebsd' (Input/output error) 17:24:49 Did you install it with ufs or zfs? GRUB is very limited in its support for zfs 17:24:49 I get the same thing with a file called "boot" 17:24:53 ufs 17:26:54 tuaris: Been a long while since I used OpenVPN, but should be possible in a VNET jail, you should take care of some devfs rules too, unhide tun devices e.g. 17:27:42 I'm seeing some search results say I need to do "sysctl security.jail.param.allow.tun=1". Is that on the host or in the jail. 17:29:25 I'm not sure that you need the sysctls if you unhide tun interfaces in a devfs ruleset 17:32:55 the devfs rules happen on the host in /etc/devfs.rules. There is no need to do anything in the jail.conf file? I want it to only apply to this one jail. 17:33:42 Create a separate ruleset and apply it to just this one jail 17:33:53 Oh, I see.... I create the rule like "[devfsrules_jail_tun=10]" and then reference it in jail.conf with "devfs_ruleset="devfsrules_jail_tun"" 17:34:59 devfs_ruleset=10, yeah 17:35:13 I'll have to read up more on devfs.rules and understand the syntax. I have no idea what "[devfsrules_jail_tun=10]" means :) 17:35:32 It's just a name and a number :) 17:35:44 It can be any number/name? 17:36:37 Any.. non-overlapping one 17:36:58 Yeah, just a way to reference it 17:38:37 Have a look at the man pages, and use the default rulsets as a reference 17:39:21 The defaults in /etc/defaults/devfs.rules I mean 17:42:43 I found this thread 17:42:54 it suggests using this command to create a boot entry: 17:42:59 hmm, it didn't like the "devfs_ruleset="devfsrules_jail_tun"" -> jail: /etc/jail.conf.d/vpn.conf line 3: }: syntax error" 17:43:00 efibootmgr -a -c -l /mnt/EFI/freebsd/loader.efi -L FreeBSD-11 17:43:22 devfs_ruleset=10, use the number you gave it 17:43:33 ahh 17:43:46 but I can't see a "loader.efi" under freebsd, because "freebsd" gives me an input/output error when I try to read it 17:44:33 ls EFI/freebsd -> ls: cannot access 'EFI/freebsd': Input/output error 17:45:05 does that mean it's corrupted for some reason, and I should try reinstalling? 17:46:11 FreeBSD-11 ?! Are you copy/pasting some random commands? 17:46:42 I copied that from the thread that I linked 17:46:51 and pasted it into this channel 17:47:26 if I were to run the command I would write FreeBSD-14, but I haven't run it yet because there doesn't seem to be a "loader.efi" file 17:47:31 so I'm trying to find out what command I should run 17:58:08 Hi, I have a macbook pro mid 2014 that I recently installed freebsd (I was running openbsd), but I cant make the touchpad work properly. Tried with atp and wsp drivers but with both the keyboard and touchpad stops working the moment I either start Xorg or moused. 18:03:00 This is weird, according to the docs https://man.freebsd.org/cgi/man.cgi?query=jail&sektion=8&apropos=0&manpath=FreeBSD+14.3-RELEASE+and+Ports. This should work: "devfs_ruleset=10", but I keep getting a synrax error 18:03:52 oh 18:03:55 Paste your jail conf 18:03:59 it needed a ";" 18:04:48 yep, it does 18:35:12 I want to re-do my freebsd installation 18:35:57 I want to use an existing partition that I created a while ago 18:36:41 if I select the partition in the installer it says there's already a filesystem there and that I should run fsck 18:36:56 can I erase the filesystem without deleting the partition? 18:37:17 I don't know freebsd commands so I'm running dd if=/dev/zero of=/dev/sda4 from linux, but it's taking a while 18:37:53 feels like there should be a better way... 18:41:28 what... 18:42:41 even after the dd, the installer says "The chosen root partition has a prexisting filesystem. If it contains an existing system, please update it with freebsd-update instead of installing a new system on it. The partition can also be erased by pressing "No" and then deleting and recreating it. Are you sure you want to proceed? 18:42:58 why does freebsd thing the partition has a filesystem when I just zeroed it out? 18:43:56 then if I proceed it says Error mounting partition /mnt: mount: /dev/ada0p4: No such file or directory 18:44:39 so I guess I just can't install freebsd 19:00:07 hmmm, still no luck. I posted all the info here: https://forums.freebsd.org/threads/openvpn-client-inside-a-jail.99009/ 19:04:19 tuaris: why not `dev tun0` instead of `dev tun`? 19:05:11 Is that what I should change in the openvpn config file? I was just given that config file, it's unmodified. 19:05:44 istr that'd probably work, yeah 19:06:48 Slightly diffrent error message: Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2) 19:07:06 it might be the case that yu need to pre-create the tun0 outside of the jail 19:07:19 otherwise you're relying on devfs cloning, iirc 19:09:23 Oh, I need to add prestart commands like this guy did here: https://forums.freebsd.org/threads/configure-tun-device-for-openvpn-in-a-jail.48676/#post-272037 19:09:47 I'm not sure I know the addresses, hmm 19:10:14 let me recommend "dev tun10" 19:10:43 since dev tun0 can show up in the meantime and break things 19:11:52 tuaris: i don't believe you need to go that far 19:12:18 i believe you can just ifconfig tunfoo create in prestart and openvpn will do the other configurtion? 19:12:23 configuration 19:12:50 oh, maybe i'm thinking of vnet jails specifically, which this isn't 19:13:15 tuaris: add path 'bpf*' unhide 19:13:16 add path net unhide 19:13:16 add path netmap unhide 19:13:16 add path 'net/*' unhide 19:13:42 you can skip netmap and bpf if you don't need it 19:14:04 btw, netmap works just fine in jails 19:17:55 tuaris: in non-vnet jails you'll probably need this one too: https://reviews.freebsd.org/D49843?id=153694 19:18:08 and it wasn't backported to 14 19:20:30 if you have 15, then kldload if_ovpn on the host, extend devfs ruleset, allow routing according to D49843 and you should be able to run OpneVPN in non-vnet jail 19:44:46 # x=$((08 / 3 + 1)) 19:45:08 -/bin/sh: arithmetic expression: expecting EOF: "08 / 3 + 1" 19:45:14 # x=$((8 / 3 + 1)) 19:45:21 works 19:45:28 a bug? 19:46:25 bash says "value too great for base" 19:46:43 I guess 0 at the start of a number means the next digit is octal? 19:49:37 auto-pkg-branch has a bug related to this: 20:03:22 quarter=$(($month / 3) + 1) 20:03:30 also 20:03:45 quarter=$((($month - 1) / 3 + 1)) 20:04:03 causes problems if $month is 08 or 09 20:04:13 bug only appears two months of the year! 20:16:15 CrtxReavr, what do you mean by maxed out? the "denied" lines? 20:27:10 I mean like current hitting max. 20:27:40 Or yeah. . . allocation errors. 20:28:58 CrtxReavr, there are x/y/z requests for mbufs denied yea. dunno what lines correlate to "allocation errors" tho 20:29:54 how can i tell if max is being hit 20:47:22 kerneldove, you use bash? 20:47:29 ya 20:47:42 Type this: alias tb='ncat termbin.com 9999' 20:47:55 Then: netstat -m | tb 20:48:02 Then paste the URL it prints. 20:48:37 This is just a quick & dirty way to pipe to a pastebin site. 20:49:33 said ncat wasn't installed so i tried pkg install ncat and it said no pkg matching ncat found 20:50:16 Oh, change it to nc 20:50:25 silly OS differences 20:50:55 https://termbin.com/uy63 20:54:04 I dont' see 'mbbufs denied' 20:54:12 Sure you didnt mean delayed? 20:54:47 er - now I see it - sorry. 20:54:56 lol 20:55:23 do the same for netstat -i 20:57:59 https://termbin.com/b3jh 21:00:02 There anything in your logs? 21:00:15 like /var/log/messages? 21:02:14 Yeah, if they cover the time period where you encountered this. 21:02:53 lots of "Limiting icmp unreach response from x to y pack/sec" 21:03:29 grep igb1 /var/run/dmesg.boot 21:04:57 https://termbin.com/gqvx 21:06:10 pciconf -lv | grep -B3 -A1 network 21:07:09 https://termbin.com/rrlu 21:10:18 What's that funny MAC address: igb1: Ethernet address: a:f:6:f:0:5 21:10:36 i just took 1 char out of each segment for privacy 21:10:47 ill mention that if i do it again 21:11:02 I'm short on ideas. 21:11:13 so no obvious problems? 21:12:00 The last time I saw mbufs runnig, was back in the 3.x days when I jammed 13 NICs into a box and was using it as a router, while we waited for the right supervisor blades to show up for a Cat-6500E. 21:12:10 And I was able to figure that out and fix it. . . 21:12:37 Though, the OS has since changed to allocate mbufs automatically. 21:13:19 oh it does? 21:13:38 Supposed to. 21:13:55 so maybe the denials caused more to be allocated so prob solved? 21:16:12 No. . . I'd think the auto-allocation should have stopped it from happening in the first place 21:18:14 You encounter other symptoms? 21:18:35 not that i can think of 21:24:53 where's it documented that mbufs are automatically increased? 21:30:50 kern.ipc.nmbufs: 12823340 21:31:03 With 64k total, you are far from the limit 21:31:39 on my system the sysctl for that is 13022432 22:02:44 mzar: ah, so open vpn on non vnet jails is only supported in 15. Interesting. 22:02:44 divlamir, if i'm far from limit why were there denieds?