00:42:52 <warsoul> is 15.0 stable version?
01:18:29 <s2r> warsoul 15.0-RELEASE is the latest stable version, 15.0-STABLE, not.
01:28:08 <Macer> kind of stuck trying to figure out why fstab in jails won't mount rclone mounts on jail startup
01:28:15 <Macer> that seems like something that should work
01:46:17 <Macer> would anybody happen to know how on earth you get the fstab in a jail to mount rclone? i can't seem to get it to mount on jail startup even though it mounts in the jail just fine with mount /dir
02:20:27 <Macer> wow. i added a @reboot /sbin/mount /dir to do it.. that seems like such a terrible way to do it
02:20:40 <Macer> but the only way i could figure out how to get it mounted on jail start from within the jail
02:49:08 <rwp> Macer, And you say that mounting with /etc/jail.conf file fails?  Any error messages to /var/log/messaages when the mount in /etc/jail.conf fails?
04:27:03 <dogg0> am i able to dl and test the kde-plasma installer thats going to be out with the main installer ?
04:27:48 <dogg0> i just installed 15.0 didnt see anything
04:29:56 <dogg0> this is what i was looking for from osnews "FreeBSD 15.0’s installer to gain option to install a full KDE Plasma desktop environment"
05:31:08 <Macer> rwp: I am actually mounting from within the jail using rclone and its internal fstab.
05:32:14 <Macer> I can nullfs mount find from the host into the jail but I want to avoid doing that so the host can stay independent of the jails.
05:32:37 <Macer> And rclone works just fine when I manually mount. It’s the auto mounting that doesn’t work when it starts.
05:35:37 <Afterglow> The only way I was able to automount in a jail was by adding that mount to jail.conf (in the host)
05:36:55 <Afterglow> it was a tmpfs, btw, cannot comment about rclone
07:30:30 <ant-x> ek, git svn clone? I never knew such a contraption existed. Will try.
13:45:37 <cndghm> Hello guys, which books do you guys recommend to learn how to develop the freebsd kernel, userland, etc...
13:47:19 <mzar> The Design and Implementation of the FreeBSD Operating System, by Kirk Marshall Mckusick
13:58:28 <cndghm> Thank you
14:45:28 <mzar> np
15:11:07 <cavok> mzar despite good books age well, I guess it would be nice to have a new edition covering the last 11+ years of FreeBSD developments!
15:12:12 <mzar> cavok: there are old and new editions
15:22:01 <mns> I still enjoy reading the BSD 4.2 and BSD 4.3 versions of that book.
15:23:55 <Farooq> Hello. I have two network interfaces on different networks on the same VPS. I want to use one of the interfaces as primary, and regarding the other just listen on it for servers and daemons. This is me /etc/rc.conf: https://plaster.tymoon.eu/v/7JETJZTMY#5023 I can work with the 185.x.x.x interface but not the other one. Even when I configure network gateway to the gateway of that network.
15:26:30 <Farooq> I'm a (Free)BSD noob. So please let me know if any other information is needed.
15:27:24 <Farooq> mns, If you were to recommend either BSD 4.3 book or FreeBSD internals book, which one has better educational value?
15:29:36 <Farooq> For just learning how a UNIX OS works. I could also go for other BSDs.
15:33:34 <Remilia> Farooq: this is not a UNIX issue; you cannot have multiple default gateways
15:34:13 <Farooq> I didn't say multiple default gateways. One default. The other interface only for incoming TCP connections. Like a server could listen on it.
15:34:34 <Farooq> So for instance sshd should listen on both of them
15:34:39 <Remilia> Farooq: your host has to route packets from that interface
15:34:49 <Farooq> Using a firewall. right?
15:35:04 <Remilia> you can use policy routing for this
15:35:24 <Remilia> you will need a second routing table with the other interface's default gateway
15:35:30 <Farooq> oh I see
15:35:45 <Farooq> and that's for the connections on that network. right?
15:35:50 <Remilia> Farooq: the problem isn't listening, the problem is your server's responses reaching the client
15:36:13 <Farooq> yeah but if the client is coming from the other network, it is supposed to reply to the same network. not the default one
15:36:16 <Remilia> if the clients are on the same subnet, that is not an issue, but I assume you want to serve clients from outside?
15:36:30 <Farooq> yeah it's a VPS
15:36:34 <Farooq> both IPs are public
15:36:41 <Remilia> yep
15:36:52 <Remilia> [15:36:13] <Farooq> yeah but if the client is coming from the other network, it is supposed to reply to the same network. not the default one <- but there is only one default gateway.
15:37:22 <Remilia> without policy routing anything outbound will go to your only default gateway
15:37:29 <Farooq> not outbound. inbount
15:37:31 <Farooq> inbound*
15:37:31 <LXGHTNXNG> i have heard of some people using ipfw to force traffic to go down a second FIB, which I think is called policy routing
15:37:40 <LXGHTNXNG> no Farooq, inbound is also chained to outbound
15:37:45 <Farooq> oh
15:37:48 <Remilia> Farooq: do you understand that anything YOUR server sends BACK is outbound?
15:37:50 <LXGHTNXNG> the server NEEDS TO KNOW WHERE TO SEND RESPONSES.
15:38:34 <Remilia> the IP stack does not know where the packet came from — the protocol does not have fields for ‘it arrived via gateway X’
15:39:09 <Farooq> But the protocol does know this packet is coming to IP x or y. right?
15:39:42 <Remilia> yes, and the packets going BACK from your server will go via the default gateway
15:39:57 <Remilia> which does not know what to do with them
15:40:08 <Farooq> exactly. And I need to specify an exception here
15:40:18 <Farooq> which is what policy routing is. right?
15:40:19 <Remilia> Farooq: I suggest you read https://docs.freebsd.org/en/books/handbook/advanced-networking/
15:40:40 <Remilia> starting with 34.2. Gateways and Routes and not skipping 34.2.1
15:42:28 <Remilia> with FreeBSD you can have multiple routing tables and firewalls like pf and ipfw let you reassign packets between them
15:42:57 <Remilia> pf has route-to which makes it even easier I think
15:43:04 <Remilia> https://forums.freebsd.org/threads/route-to-example.94668/
15:43:24 <Remilia> but
15:44:13 <Remilia> in your case you will simply match established only, and use the src IP address as the condition
15:44:32 <Remilia> it is a bit more complex for UDP as you will definitely need keep-state
15:45:22 <Remilia> (in general, this stuff is rather complicated, because multi-homed systems are generally not well supported by TCP/IP)
15:45:32 <Farooq> hmmm
15:46:10 <Farooq> Can't routed already do so?
15:46:54 <Remilia> routed is not for that
15:47:42 <Remilia> you seem to be labouring under a misunderstanding: routed and the like are for managing route tables on a router, to optimise traffic flow
15:48:40 <Remilia> and to make stuff like routed work on a multi-homed system you must run a firewall and NAT your LAN, or have some sort BGP announcements going
15:48:54 <Remilia> (for public IPs)
15:49:19 <Farooq> I see
15:49:42 <Remilia> > The routed utility is a daemon invoked at boot time to manage the network routing tables. It uses Routing Information Protocol, RIPv1 (RFC 1058), RIPv2 (RFC 1723), and Internet Router Discovery Protocol (RFC 1256) to maintain the kernel routing table. The RIPv1 protocol is based on the reference 4.3BSD daemon.
15:49:56 <Remilia> it adds/removes routes dynamically
15:50:09 <Remilia> which is decidedly not what you need
15:50:36 <Remilia> you need pf with route-to, or ipfw with multiple fibs
15:50:55 <Farooq> the forum post you posted earlier has good examples I think
15:50:56 <Remilia> I did this on my home router to make certain hosts bypass IPsec and such
15:53:44 <Remilia> Farooq: in my case I had several FIBs and did stuff like `pass in quick on $LAN inet from <r_direct> to any rtable $rt_direct` in pf.conf
15:54:32 <Farooq> I guess r_direct is the client IP you want it to bypass IPsec?
15:54:48 <Remilia> it is a table of IPs
15:54:58 <Farooq> oh so pf supports that too
15:54:59 <Farooq> nice
15:56:04 <Remilia> yes, like `table <r_direct> persist { 10.10.0.242 }`
15:56:18 <Remilia> I think that was the PS5 haha
15:56:26 <Remilia> or maybe the Bravia…
15:57:17 <Farooq> hmm a random question. Do you know or have any gaming console with FreeBSD or another BSD?
15:57:38 <Farooq> All of them have got Linux
15:57:52 <nxjoseph> playstation is based on bsd?
15:58:11 <Remilia> PS3, 4 and 5 all run on FreeBSD hypervisor
15:58:18 <Remilia> PS Vita too I think
15:58:49 <Remilia> no Linux involved, outside the hypervisor it's custom stuff
16:03:06 <Remilia> Farooq: thinking about your case, you could probably just use route-to in pf and match src of the packets, as it will always be the same one as the dst that the clients used
16:03:23 <Remilia> multiple FIBs are for more complex scenarios where you want to manage several routing tables
16:04:04 <Remilia> checking the configuration I remembered that I actually had three: one regular (IPsec based on BGP), one bypass, and one forced IPsec
16:05:10 <Farooq> okay what about this? https://plaster.tymoon.eu/v/7JGRK0VNU#5024
16:06:44 <Remilia> 2nd rule will not run
16:06:55 <Remilia> probably
16:07:09 <Remilia> ‘quick’ means stop matching
16:08:01 <Farooq> hmm what if I drop `quick`?
16:08:10 <Remilia> wait, if you have just these 2 rules
16:08:13 <Remilia> it should be fine
16:08:45 <Remilia> sorry, I'm blind, I did not notice in/out
16:08:51 <Farooq> shouldn't I also add rules for the first interface?
16:08:56 <Remilia> no
16:09:10 <Remilia> what does not match will use the routing table
16:09:31 <Farooq> oh
16:09:32 <Farooq> thanks
16:10:23 <Remilia> Farooq: please note that if you are hosting DNS or SMTP or anything like that on your 2nd IP this set-up will not work for connections initiated by your server
16:10:38 <Farooq> hmm it is giving a syntax error for this line: "pass out quick tagged IP2 route-to ($VT1_IF $VT1_GW)"
16:10:46 <Farooq> Remilia, you mean UDP?
16:11:09 <Remilia> no
16:11:41 <Remilia> if you set up an SMTP daemon on that IP specifically, without also binding to the first one, it will not go out
16:11:58 <Remilia> since you're only doing tagging
16:12:29 <Farooq> What's special about SMTP daemon?
16:12:38 <Remilia> `pass out ip from $IP2 route-to .....` would cover that though
16:12:41 <Remilia> nothing?
16:13:02 <Remilia> literally anything bound to IP2 and not bound to IP1 will not be able to reach outside
16:13:31 <Remilia> [16:05:10] <Farooq> okay what about this? https://plaster.tymoon.eu/v/7JGRK0VNU#5024 <- also this definitely requires a stateful firewall
16:13:49 <Remilia> and you have to match on those flags
16:13:55 <Remilia> in the 2nd rule
16:14:22 <Remilia> because your two rules are like this: 'tag packets that come in on interface 2'
16:14:39 <Remilia> 'route tagged packets that come out of my system'
16:14:54 <Farooq> hmmmm
16:14:58 <Remilia> but packets that come in and packets that are leaving your system are not the same
16:15:09 <Farooq> of course I just wanted to say it
16:15:12 <Remilia> they are not linked in any way
16:15:24 <Remilia> (from the firewall's point of view)
16:15:46 <Farooq> how to go for connections rather than packets? The firewall does not know that?
16:15:48 <Remilia> like, yes, this is an established TCP connexion but the firewall does not know it without keep-state
16:15:57 <Farooq> oh
16:16:11 <Remilia> research stateful firewall using pf or ipfw
16:16:26 <Remilia> sorry, as I said, this is not a trivial topic
16:16:39 <Farooq> okie dokie
16:16:41 <Farooq> thanks so far
16:16:58 <Remilia> this is why you really shouldn't use different subnets on the same host without a real good cause :(
16:18:10 <Remilia> a side note: you *could* do with just multiple routing tables and no firewall whatsoever if you spawned each service twice, on different interfaces
16:18:19 <Remilia> because FreeBSD has `setfib`
16:19:06 <Remilia> basically if do something like `setfib 1 service apache24 start` that service will be started with routing table 1 instead of 0
16:19:10 <Remilia> if you*
16:19:37 <Remilia> but this is complicated to set up too
16:19:51 <Remilia> the rc subsystem does not do this for you
16:20:22 <Remilia> btw I may be off in some respects and I hope others correct me, I have not had to deal with policy routing for nearly 3 years now
16:20:26 <LXGHTNXNG> there's also ipfw rules with the setfib action which can be of use in a scenario like this
16:20:42 <jaredj> heh i was about to say, oo you can tell services which fib to use in rc.conf
16:20:55 <jaredj> buuuut that doesn't get you two instances of the service
16:21:41 <Remilia> LXGHTNXNG: they are the same as ipfw rtable
16:21:45 <Remilia> errr
16:21:47 <Remilia> pf rtable
16:23:22 <Remilia> maybe if I were an IT person I would be able to sketch you a pf.conf quick but I'm as far from STEM as I am from my hometown now
16:23:42 <Farooq> :)
16:23:46 <Farooq> I'm thankful so far
16:23:49 * Remilia is but a PhD-in-linguistics gal
16:23:58 <Farooq> maybe I simply go for setfib
16:24:20 <Remilia> just match outgoing packets from IP2
16:24:50 <Remilia> Farooq: OH right before I leave for groceries and forget, if you DO end up using multiple routing tables
16:25:03 <Remilia> I *think* they do not get populated automatically
16:25:17 <Farooq> Thank you
16:26:45 <Remilia> Farooq: there is definitely some better way for this but I just had /etc/rc.local with this https://pastee.dev/p/n25nIkdM
16:27:11 <Remilia> where 93.X was my public PC
16:27:15 <Remilia> IP*
16:27:27 <Farooq> hmmmmmmmmmmmmmmmmm
16:27:41 <Remilia> I think you can do this with static routes in rc.conf
16:27:52 <Farooq> yeah I think I can do so. But me mind is blowing so far. I need a break
16:28:16 <Remilia> it's complicated :D
16:28:58 <Remilia> oh
16:29:33 <isley> a couple line pf conf with route-to is going to be the easiest and since the initial ask was to "listen on it for servers and daemons" you should be all set.
16:29:40 <Remilia> yes
16:29:52 <Remilia> match on src IP2 and that's it
16:30:25 <Remilia> because for multiple FIBs you also have to add net.fibs="2" (or however many you want) to /boot/loader.conf
16:30:31 <Remilia> and reboot
16:31:42 <zip_> Silly question maybe but how do I do vlan tagging on bridges?
16:32:29 <Remilia> zip: do you mean the entire bridge or just members?
16:32:31 <zip> Right now I create a vlan interface and then attach it to a bridge and then hand epairs from that to vnet jails
16:33:20 <zip> But then I want to bridge extra vlans including the untagged one
16:33:42 <zip> So either I make three bridges locally
16:34:02 <zip> Or I make one bridge and tag the members?
16:34:25 <Remilia> I ran vlans on my home router hmm lemme see what I did there
16:34:47 <zip> I guess knowing the members can be tagged is helpful
16:35:06 <zip> It'd be nice to hand them to the jails and vms as separate interfaces but not mandatory
16:35:19 <Remilia> I think I just added vlan interfaces
16:35:41 <Remilia> like `addm igb1.2`
16:37:21 <Remilia> right, I'll never get groceries this way, bbl
16:37:38 <LXGHTNXNG> :D
16:38:53 <Farooq> xD
16:38:57 <zip> Okay, thanks!
16:39:57 <zip> It looks like I may be able to set tagging on members so maybe I'll try that and run one bridge instead of two
16:40:46 <zip> I think I was having issues mixing two bridges last time I played with it
16:44:55 <zip> Maybe I'll learn netfilter
17:08:50 <Afterglow> zip, I have a bridge per vlan. There used to be a bug (not sure if it still exists) that when you have an untagged bridge, the tagged bridges wouldn't work anymore.
17:10:08 <zip> I remember having difficulty doing that with one tastes and one untagged
17:10:22 <zip> s/tastes/tagged/
18:23:13 <dogg0> #theyearofthefreebsddesktop
18:23:20 <LXGHTNXNG> indeed
18:23:25 <LXGHTNXNG> meanwhile my GPU doesn't even work
18:24:07 <dogg0> i just installed 15.0 and literally 2 commands later had a kde-plasma desktop up wow i love it
18:26:06 <guru_meditations> LXGHTNXNG: nvidia?
18:27:23 <dogg0> intel.  going to try nvidia next though
18:29:03 <LXGHTNXNG> guru_meditations: amdgpu
18:29:24 <LXGHTNXNG> it works if i set hw.dri.debug to some value before loading the GPU driver, though
18:30:12 <guru_meditations> I never had experience running amd gpus on freebsd
18:30:28 <guru_meditations> the "nvidia?" reply was really just a shot in the dark lol
18:46:40 <mns> Farooq: in terms of educational value,  BSD 4.3 book had come out while I was in college,  helped me understand things as I was mostly working with SunOS 4 and Ultrix (from DEC) mostly.  There were a couple of other BSD-ish systems as well.  I got the BSD 4.4 book when it came out just to see the changes and the FreeBSD one just for sake of completeness in my collection.  For me the 4.3 and 4.4 books were
18:46:46 <mns> helpful and educational.
18:55:02 <guru_meditations> mns: do you know any books that covers the history of the unix war and the USL v BSDi lawsuit?
18:55:27 <guru_meditations> I'm too dumb to understand kernel development but the history is interesting
18:55:34 <mns> guru_meditations: 25 years of Unix I think covers some of that
18:56:52 <mns> more acurately:  A Quarter Century of UNIX by Peter Salus
18:58:05 <guru_meditations> oh yeah! I think I have saw that book while browsing on amazon.
18:58:56 <guru_meditations> the memoir/history written by Kernighan is more personal and revolves around the bell lab mostly
18:59:23 <guru_meditations> should really give both a read one of these days
19:03:55 <shbrngdo> unix wars on grokipedia - https://grokipedia.com/page/Unix_wars
19:07:23 <mns> not sure if I would use grokipedia, but the same exists on Wikipedia as well.
19:10:06 <shbrngdo> grok is generally more informative and reliable, im ,y bombastic opinion. Yt's generated by AI (grok)
19:10:26 <shbrngdo> argh stupid keyboard
19:12:13 <Remilia> 'reliable' at generating statistically probable chains of words?
19:12:47 <shbrngdo> well have a look, you may be right or not.  Can't hurt to compare
21:18:11 <Remilia> shbrngdo: I prefer to keep generated text as far away from my eidetic memory as humanly possible
21:18:56 <Remilia> some people like everything being turned into averages, I do not because it actively interferes with my job
21:20:40 * ant-x tries to avoid degenerative AI.
21:23:01 <Remilia> the purpose of LLMs and their ilk is giving you the most statistically probable response to a starting word sequence, which usually means something utterly average and uninspired
21:23:18 <Remilia> (and, obviously, not necessarily factual)
21:23:22 <Remilia> so yeah, hard pass
21:29:18 <ant-x> Stochasit parrot.
21:30:31 <ant-x> Not necessarily factual -- sure, the LLM does not care about coorectness of its generated out, which is why it is technically Frankfurtean bullshit: <https://www.scientificamerican.com/article/chatgpt-isnt-hallucinating-its-bullshitting/> .
21:35:02 <s2r> What would be an OK blocksize for a database ?
21:36:26 <s2r> for zfs.
22:52:24 <rtprio> s2r: which database?
23:07:31 <adiabatic> I'm going through a two-disk ZFS mirror set and deleting .sparsebundle backup-disk directories (a gazillion files in them, each 8.4 MB apiece). Every time I delete a .sparsebundle directory, `zpool list` says the fragmentation goes up. Why?
23:50:54 <rwp> s2r, See the db section in this article: https://klarasystems.com/articles/zfs-performance-tuning-optimizing-for-your-workload/
23:53:24 <rwp> s2r, I am NOT an expert on this topic but this is what I used for a mariadb installation: zfs create -o sync=disabled -o logbias=throughput -o primarycache=metadata -o recordsize=16k -o xattr=sa -o redundant_metadata=most ...