always run ntp!

if i run a command `jexec -l myjail acommand < /tmp/foo.txt` is it pulling foo.txt from the /tmp of the jail host, or the /tmp from within the jail?

Don't you mean sth like `jexec -l myjail sh -c "cmd args < /tmp/foo"`

kerneldove: that < redirect is a feature of your shell, so it is reading from the host, as your shell doesn't even have an idea what the executable does

nimaje, i knew it!

so pull from within the jail, i guess i need to format the invocation like how divlamir said?

yes, then a shell started inside the jail handles the redirect

ty guys

there any probs with making huge swap space like 128g? other than burning up disk

I don't think there should be problems, but why would you need that?

maybe im feeling cute and might just overcommit ram

hi, is pf capable of layer 2 filtering yet, or are there plans to have it? ie filtering by MAC address. The openbsd pf is, but freebsd pf AIUI was forked from openbsd pf around openbsd 4.8

the ETHERNET FILTERING section in pf.conf(5) reads like it can

w00, packages for current exist again :D Poor cluster...

f451, looks the opposite when comparing FreeBSD and OpenBSD man pages. FreeBSD supports it while Openbsd dropped it.

Although for something as easily spoofed, I don't see great use

divlamir: it's use case is for a bhyve server filtering for bridge, but bypassing filtering for tap (also a bridge member)

i remember kp@ saying something about it a while ago. openbsd man page indeed says layer-3 and layer-4. i thought i saw an example on the lists of layer-2 hence the question

(openbsd)

looks like i need to think a bit more deeply before moving this middleware box ;)

nimaje & divlamir yes you're right, it appears to be the opposite. tyvm :D

for the exact syntax, look at the bnf grammar at the bottom of the page -- ether-rules

tyvm

where do i find eol dates for currently supported releases?

phryk: freebsd.org/security/#sup

nxjoseph: thanks.

phryk: you're welcome :)

so i'll have to update to 14.3 before 15.0 comes out if i want to avoid running an EOLd version (again)… and within this month.

is there a tool that will tell me this info, either in the base-system or as port?

phryk: IIRC, FreeBSD itself (maybe pkg?) warns you if you are reached to eol

because i keep running into EOLs only when poudriere refuses to build packages. to keep proper track of this, i'd really like to just integrate that shit into my monitoring.

nxjoseph: yeah, but i want to know *before* i actually run EOLd versions on my entire infra…

phryk: i suggest keeping an eye on the dates then

i also didn't understand why you need to do it before 15 released

according to security/#sup, 14.2 EOLs on september 30th. 15.0 release is scheduled for december.

so i either upgrade to 14.3 or run an EOLd version for at least 2 months.

what are you on right now

14.2

i mean why else would i care about when 14.2 is EOLd?^^

you can keep using it until 30th of that month, then you can upgrade to 14.3, then wait for it's eol too, then update to something newer version, maybe 14.4 or 15.0

yeah, sure. my main issue is that i want that info in a machine-readable form so i can integrate it into my monitoring so i don't have to manually keep track of this.

i couldn't find ports' made for this purpose

not really surprised. IMO freebsd-version would probably be the most fitting place to integrate this as a feature…

there is json api

maybe one can create a program

mhh, IMO this shouldn't require network access – i.e. the system should be able to report this itself. i'll sit on this a bit and maybe open a report on bugs.freebsd.org if i can get some coherent thought about it together.

but thanks for the link, that definitely goes into my bookmarks^^

glad i could help a bit

oh you very definitely did. i think this would be a very legitimate feature request. and i'd likely be down to write a prometheus exporter for it if it's implemented.

which reminds me that i want to look into libpkg because i want an exporter that reports outdated and insecure installed packages.

phryk: in general, point releases are EOL three month after the next point release for that major release is out as noted at the bottem of the already linked page freebsd.org/security/#model

these two things are probably the biggest two holes to be filled in my monitoring.

nimaje: but in practice the actual dates sometimes differ and are then communicated only on freebsd.org, right?

I think they only get rounded to the end of month

nimaje: so if i understand correctly, i can check if a release/<major>.<minor+1> tag exists and if it does, it's creation date + 3 months (rounded to end of month) is reliably the EOL date of the currently run point release?

phryk: here's a oneliner

tag=release/14.3.0; date -j -v+4m -v1d -v-1d -f %s "$(git show --no-patch --format='%ct' "$(git rev-list -n 1 "$tag")")" +%Y-%m-%d

Well, a two-liner techically XD

divlamir: thanks, but i'd rather do it through a proper api :P

I ran into an odd issue with Fuse and Mate desktop. I reported the bug here: mate-desktop/caja #1850. However, I just realized something in the`df` output on the CLI. It says "df: File system /media/Backups does not have a block size, assuming 512."

That makes me think the problem might be with FreeBSD or the fuse driver

or maybe even fuse itself?

Do i need any extra packages to mount a virtio 9p filesystem on freebsd 14.3? I'm trying to run `mount -t 9p -o trans=virtio -o version=9p2000.L /hostshare /mnt/share` but it says `mount: /hostshare: Invalid fstype: Invalid argument`

i beleive you need: sysrc kld_list+=virtio_p9fs

then a quick change of: mount -t p9fs should do the trick c:

add virtio_p9fs_load="YES" to /boot/loader.conf if you need

what if virtio_9pfs.ko doesn't exist in /boot/kernel

try a kldload virtio_p9fs just as it is, as it should be there

note that it's _p9_fs not _9p_fs c:

if you still don't have it - then it's src is at /usr/src/sys/modules/virtio/p9fs - so you should be able to make; make install it

byakuren: 1. "kldload: can't load virtio_p9fs: No such file or directory" 2. /usr/src is empty

and you're 14.3 right? as per the previous message?

yeah

have you done a freebsd-update fetch; freebsd-update install recently? i only ask, as this should have been checked in since mid 2024: cgit.freebsd.org/src/commit/?id=e97…33a89a78f55280b0485b3249ee9b907a718

i'll try that now

(2. /usr/src not existing - that's fine, you just don't have the freebsd src repo checked out is all, no biggie c:)

I don't think i selected the source tree when installing, is there a way to do so post-install?

yeah easily

the basic premise is just git cloning git.FreeBSD.org/src.git

into /usr/src

you prolly want to do that as a rood user, since it's system wide

there's 3 main freebsd repos, src, ports, and doc

so personally - i have them each in a zfs filesystem, mounted to /usr/(src;ports;doc)

zfs list | grep usr/

zroot/usr/doc 522M 218G 522M /usr/doc

zroot/usr/ports 2.48G 218G 2.48G /usr/ports

zroot/usr/src 2.76G 218G 2.76G /usr/src

git clone -b releng/14.3 git.freebsd.org/src.git /usr/src

git clone git.freebsd.org/src.git /usr/src

I just used freebsd-update, virtio_p9fs.so still doesn't exist

ko*

have you rebooted since doing that?

will see what happens when i do so

c:

see ya in a sec then c:

nope, still doesn't exist

huh

gimme a sec to poke about

it's using 14.3-RELEASE-p2 now

nice - up to date c:

fyi I also installed the OS using FreeBSD-14.3-RELEASE-amd64-disc1.iso

so looks like, when i built it manually it installed it into /boot/modules - so sounds like a good way to go

pwd

/boot/modules

ls -l *p9*

-r--r--r-- 1 root wheel 89560 Sep 6 22:42 p9fs.ko

-r--r--r-- 1 root wheel 22424 Sep 6 22:42 virtio_p9fs.ko

so should be a case of, checking out src - heading to /usr/src/sys/modules/p9fs

and running make; make install

still cloning, cloning a 2GB repo o_O

compiled and installed, rebooting again

c:

another ideas as well (which is prolly gonna be just helpful) is installing the plan9port : pkg install plan9port

that gives you a bunch of plan9 related tools

and i THINK (just gonna check) there's stuff in there for mounting p9 file systems

KLD virtio_p9fs.ko: depends on kernel - not available or version mismatch

kldload: can't load virtio_p9fs: module already loaded or in kernel

!

so does the mounty-mount work now?

no

D:

I'll check plan9port as well

9 mount tcp!server_ip!564 /mnt/plan9fs

once you've got plan9ports installed - this is the way to mount a 9pfs

(all plan9 commands, are prefixed with 9)

what about when its virtio

are you virtualising plan9 locally?

I'm not sure how libvirt or qemu does virtio plan9

ahhh

yes so from memory, qemu/kvm don't really do the virtio like that

it's more something supported in bhyve

but i don't wanna upend your whole setup or anything

the command i mentioned the first time worked fine in my other Alpine Linux guests but not on freebsd, hmmm

s/other //

hmm

you should have: 9 9pfuse

which will mount it as a fusefs

9 9pfuse /hostshare /mnt/share

9pfuse: dial /hostshare: unknown protocol family %d

how have you got hostshare setup?

ohh

right - so you're like, exporting the underlying cwfs or hjfs into /hostshare

9 mount vm_host_address /mnt/plan9

try that

because plan9 should export the filesystem on the network, which is how it's meant to be accessed (port :564 should be automatically selected when you do this)

"don't know how to mount (no fuse)"

pkg install fusefs-libs3

kldload fuse

you need mr fuse

oh, i thought fuse was the right package, no wonder it tried to install gtk3 libraries when doing so

(user space filesystem driver)

ehehe

yeah - 'fuse' is a zx spectrum emulator

for some reason...

:p

9pfuse: dail 192.168.122.187: Connection refused

and with 192.168.122.1 as well

ok so it has it's own ip address on the network

and that's a file server provinding instance of plan9

and the servers up and running, and you can connect to it with drawterm?

i'm not sure if qemu and virtio-p9 actually does listen on a tcp address, I'll probably see if sshfs to another (linux) vm might work

because all my vms in my libvirt setup use the 192.168.122.0 subnet that might be possible

oh...

that might o it

s/o/do

yep, it can ssh to other vms

huh

swee came here too

:)

i currently try to adjust to pkgbase

yep, making an sshfs proxy with a small vm works great

ok - so done some research, and i was a bit wrong, sorry - that virtio-9p work (you found in src) - while it is present, it's slated for release only in freebsd 15 - so current, from a qemu host, you can't use virtio-9p it seems

alright, I'll keep watch when FreeBSD 15 becomes the latest production version

i do recall a script i setup in drawterm, that allowed me to access the plan9filesystem from my host once connected

let me see if i can find it

and that was a freebsd machine a few years ago, connecting to plan9 on metal

(was a great setup! used it at work for yearss)

I'm using a libvirt + qemu/kvm setup on my homeserver to separate services in vms, like a more advanced proxmox :3

pmikkelsen.com/plan9/mounting-9p-over-drawterm - mr pmikkelsen saves the day for me again

swee: ooh, that's a lovely setup - on my big server (out of action at the moment) i had a bunch of different jails setup for everything i needed

shame i can't really do the same on smol lappytop

ketas: how are you finding pkgbase? i'm.... aprehensive(?) for it when 15 comes out proper - but i think it's great

APPREHENSIVE Definition & Meaning 1. : viewing the future with anxiety or alarm : feeling or showing fear or apprehension about the future.

hmm

i build 16-current nearly minimal package set in my 13.5

:)

built

idea is good

config files would be fun

but config was even funnier before

with etcupdate

recall mergemaster?

ketas: Of course!

i came from 4.6 after all

:p

(apprehensive is sorta right, i know what it means... just not sure if its exactly the right word :p - but ty ^^)

omg mergemaster aha

so with enough without_*'s i got cursed empty packages

which install just a dir into /var/run maybe

also it packaged up src too

in zstd

so it took 1h packaging and 45m building

src, src-sys even

that's amazin

funnily pkgbase was around before

i mean tracking base is easier now

at least

no need for delete-old

which hopefully gets everything

or delete-old-libs which could make you cry

it did a few times...

d

damn src/src-sys got it slow here for sure

also tmux fucking segfaultes again in command line

wanted to saveb and then it went down

i thought that bug was fixed already

I've got a j5 Create Gigabit Ethernet USB 3.0 dongle but I am getting 100baseTX max... (ue0). it is using the: axge0 <ASIX Elec. Corp. AX88179> on usbus0 | ue0: <USB Ethernet> on axge0.

but I can't get anything faster than 100. I tested it on the same cat6 cable on a linux box and i get full gigabit

doesn't negotiate to 1g?

even when I try: ifconfig ue0 media 1000baseT mediaopt ful-duplex the link drops and falls back to 100base

any errors?

in logs

not that i know anything

no, I'm wondering if it is the driver?

i have rtl one here

i only tested a little

sig`: From man axge AX88178 the only 1Gb.

skered: so my AX88179 doesn't do 1GB

hmm

no it's all 1g

skered: where's the 100m?

1000baseT says only AX88178 but mine is AX88179

also axe vs axge

if it doesn't do 1g in fbsd, it's yet another bug...

mine isn't the AX88178, its the ASIX AX88179 (j5create jue130). the man page note about 1000basteT AX88178 only looks outdated. This chipset does not support gigabit. but it comes up fine on linux. but under this freebsd machine with axge(4) it only ever negotiates to 100basetx

also which version we read this man

i'm reading at 13.5 now

just checking, it's not possible to install the 15.0 alpha version via freebsd-update, right?

the 13.5 axge shows 1000baseT only for AX88178

markmcb: iirc... no

but hmm

I'll just order a known working dongle

ketas, thanks. it's under /snapshots and not /releases on the download server, so that was my assumption ... i'll wait patiently for a beta :)

it doesn't show anywhere that axge should not do 1g?

markmcb: but wait

how does one upgrade 14 then

it must support freebsd-update

unsure if *alpha* tho

ketas: I agree it should negotiate 1Gb and it even explicitly supports mine

so, loga?

logs?

it never shows 1000

would be curious if it moans there

it references 1000baseT Set 1000Mbps (Gigabit Ethernet) operation (Ax88178 only)

can't be like, you tell it to go 1g and it just does 100m

it might not tell any errors tho

it would be extremely fun it that hw has some fancy issue

Appears to be long running issue with agex as well. bugs.freebsd.org/bugzilla/show_bug.cgi?id=225179

That’s exactly what I saw on FreeBSD: when I ran ifconfig ue0 media 1000baseT mediaopt full-duplex the link went DOWN, and when I returned to autoselect it came back at 100baseTX. ifconfig never once showed 1000baseT on FreeBSD.

did it report any errors?

Same dongle/cable and usb 3.0 port on linux negotiated 500Mb/s immediately

they sometimes do

usb devices

yeah, I'll just order a cheap one that is known to work with 1000

ketas, i think once it's at beta then you'll be able to "freebsd-update upgrade -r 15.0-BETA1"

it gave no errors, went up and down with no issues

log was empty?

forcing ifconfig ue0 media 1000baseT mediaopt full-duplex dropps

all.log, if you have it, or other logs, or dmesg

but returning to autoselct comes back at 100base

no errors messages printed

hmm

yeah no idea

no worries, I can get a cheap one for like $20

not worth pulling my hair out any more than what I have

:)

i got cheap rtl

you mind telling me which one and model?

1g usb3 but i only have 2 ports and didn't wire it up on actual eth side

RTL8153

thanks

it had no name :)

so no idea

I'll search for it

i searched in ali and looked for rtls

some do say chips

one axe fails here

supposed axe

i think it needs usb modeswitch

after a few seconds, device goes off and another one comes on

i didn't know usb eth also does this

:/

heh

i also have 3 usb bt's which doesn't work

iirc someone had hack for *an* usb bt

not for those iirc

they come up as usb bt

but either have wrong fw or mysteriously fail

hack was to reinit it until it works or wait

and usb wifi is complete shitshow :p

world of hw sucks