Re: lots of security advisories rehashed
On Mon, Aug 15, 2016, at 05:27, Bob Bishop wrote: > > Why is this hiding out on questions@ ? > I wanted to reach a broader audience. -- Mark Felder ports-secteam member f...@freebsd.org ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: mfi driver performance too bad on LSI MegaRAID SAS 9260-8i
On Fri, Jun 17, 2016, at 02:17, Jason Zhang wrote: > Hi, > > I am working on storage service based on FreeBSD. I look forward to a > good result because many professional storage company use FreeBSD as its > OS. But I am disappointed with the Bad performance. I tested the the > performance of LSI MegaRAID 9260-8i and had the following bad result: > > 1. Test environment: >(1) OS: FreeBSD 10.0 release 10.0-RELEASE is no longer supported. Can you test this on 10.3-RELEASE? Have you confirmed that both servers are using identical RAID controller settings? It's possible the CentOS install has enabled write caching but it's disabled on your FreeBSD server. Are you using UFS or ZFS on FreeBSD? Do you have atime enabled? I believe CentOS is going to have "relatime" or "nodiratime" by default to mitigate the write penalty on each read access. We need more data :-) -- Mark Felder ports-secteam member f...@freebsd.org ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: mfi driver performance too bad on LSI MegaRAID SAS 9260-8i
On Fri, Jun 17, 2016, at 02:17, Jason Zhang wrote: > Hi, > > I am working on storage service based on FreeBSD. I look forward to a > good result because many professional storage company use FreeBSD as its > OS. But I am disappointed with the Bad performance. I tested the the > performance of LSI MegaRAID 9260-8i and had the following bad result: > > 1. Test environment: >(1) OS: FreeBSD 10.0 release 10.0-RELEASE is no longer supported. Can you reproduce this on 10.3-RELEASE? -- Mark Felder f...@feld.me ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: when the sshd hits the fan
On Wed, Sep 23, 2015, at 10:35, Glenn English wrote: > Mildly OT from a profound BSD noob: > > Why is it necessary to have SSH working before the system has finished > booting? That 'Welcome' menu times out, so I can't think of a reason, or > find one from Goggle, for needing console access after a power failure > reboot. What am I unaware of? > My favorite example is when an NFS issue delays boot indefinitely and you can't even SSH in to whack it with a hammer. -- Mark Felder ports-secteam member f...@freebsd.org ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Will 10.2 also ship with a very stale NTP?
On Thu, Jul 16, 2015, at 07:57, Tomoaki AOKI wrote: Xin, Ian: Confirmed MFC of ntp 4.2.8p3 and related kernel fix. Thanks for your work! re@: Thanks for approving MFC at this timing, before creating releng/10.2. John: Congraturations! We have latest stable version of ntp with 10.2. :-) Thank you guys for speaking up while we had the chance. Sometimes MFC opportunities are missed for various reasons and it's great to have a community that keeps an eye out for these situations so re@ can cut fruitful releases which make your lives easier. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: can the l2arc memory leak fix be pulled into 10.1-RELEASE ?
On Mon, Jun 22, 2015, at 09:10, Daniel Genis wrote: Hello Everyone, we're currently running 10.1-RELEASE, but are encountering the l2arc memory leak which got resolved in 10.1-STABLE r274172, maybe we need r275609 also (as discussed here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197164). We are kind of new to FreeBSD, so we're wondering what are the plans to merge these fixes into the 10.1-RELEASE branch ? We'd love to get these fixes without having to rebuild the kernel. Is there any chance for the merge to happen in the near future, or should we compile the kernel to get the fixes? Thanks for you help! With kind regards, Daniel Wasn't this fixed in the following EN? https://www.freebsd.org/security/advisories/FreeBSD-EN-15:07.zfs.asc If so, it should be solved if you're running 10.1-RELEASE-p11 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: protecting some processes from out-of-swap killer
On Sat, Apr 25, 2015, at 05:43, Baptiste Daroussin wrote: On Sat, Apr 25, 2015 at 01:31:14PM +0300, Dmitry Morozovsky wrote: Hi there colleagues, I have stable/10 on a rather big machine (2*8*2 e5 Xeon, 64G RAM, SAS+SSD ZFS raid10+ZIL+L2ARC) acting as a PostgreSQL server. To use such a big resource pool that is mostly idle, I'd deployed poudriere there (using tmpfs) too. Most times this combination works like a charm: LA could be 60+ and no visual latency increase on SQL queries. However, sometimes postgres processes got killed by 'out of swap space'. I suppose the source of problem could be that VSZ size of postgres processes (8-9 G) is bigger than swap congigured (4G). Is there any way to prevent this, besides reallocating space for swap? Quick googling does not help, at least I could not find answers relevant enough. Thanks! protect(1) ? Thanks for asking, Dmitry, as I've now learned of a new useful command. It appears it has only been around a short time: Added Thu Sep 19 18:53:42 2013 UTC (19 months, 1 week ago) by jhb Very cool. :-) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS devd messages
On Fri, Oct 11, 2013, at 19:51, Daniel O'Connor wrote: Hi, It seems that the ZFS messages no longer match entries in devd.conf, eg.. notify 10 { match system ZFS; match typevdev; action logger -p kern.err 'ZFS: vdev failure, zpool=$pool type=$type'; }; Doesn't match anything because messages now look like.. Processing event '!system=ZFS subsystem=ZFS type=resource.fs.zfs.removed version=0 class=resource.fs.zfs.removed pool_guid=469710819 vdev_guid=215223839' Does anyone have an updated set of rules handy? This seems like something we should make sure is fixed before the 10.0 release. Thanks for reporting it. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Who hacked the FreeBSD website?
On Tue, Oct 8, 2013, at 10:00, Chris H wrote: Greetings, I was performing a ports search, and noticed that all the links providing more information about each port goes to the FreeBSD 404 page. For example, autotrace-0.31.1_23; The link to it is: http://www.freebsd.org/home/indexbuild/tindex/ports/graphics/autotrace the Long description link is: http://www.freebsd.org/home/indexbuild/tindex/ports/graphics/autotrace/pkg-descr?revision=HEAD Both of which return: Page not found. Oh no. :( Any chance FreeBSD has a backup of the web site? Not sure what's going on with that, but you can use freshports.org as a backup ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Suggest changing dirhash defaults for FreeBSD 9.2.
I've also toyed with dirhash on a few servers and received favorable results. I've no idea where the defaults currently come from, but I'm guessing probably around 1999 ;-) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Sendmail-8.14.7 doesn't work with MS DNS in IPv4 network
On Thu, Aug 8, 2013, at 4:35, Pavel Timofeev wrote: I tried to revert mentioned patch, i.e. applied this --- sendmail/conf.c.orig2013-08-08 12:28:40.0 +0400 +++ sendmail/conf.c 2013-08-08 12:31:17.0 +0400 @@ -4294,12 +4294,7 @@ #else /* (SOLARIS 1 SOLARIS 20400) || (defined(SOLARIS) SOLARIS 204) || (defined(sony_news) defined(__svr4)) */ int nmaps; # if NETINET6 -# ifndef SM_IPNODEBYNAME_FLAGS -/* For IPv4-mapped addresses, use: AI_DEFAULT|AI_ALL */ -# define SM_IPNODEBYNAME_FLAGS AI_ADDRCONFIG -# endif /* SM_IPNODEBYNAME_FLAGS */ - - int flags = SM_IPNODEBYNAME_FLAGS; + int flags = AI_DEFAULT|AI_ALL; int err; # endif /* NETINET6 */ char *maptype[MAXMAPSTACK]; Sendmail started to work Is this patch going to be applied to revert this behavior before 9.2-RELEASE? It seems to me that 8.14.7 violates our POLA... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, Aug 8, 2013, at 6:53, George Kontostanos wrote: Anybody? Can you provide your jail configuration? I think 9.2 introduces the new /etc/jail.conf functionality and perhaps it somehow it broke the way you were doing it previously? If so, the old method is supposed to be work as well... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS in jails 9.2-RC1 permission denied
On Thu, Aug 8, 2013, at 6:59, Trond Endrestøl wrote: I'm just guessing, but I doubt a jail would be able to create new ZFS filesystems outside its own structure, if at all able. A jail would however be allowed to (un)mount already existing filesystems within its own structure, i.e. Pool/test1. When I first reviewed his post I clearly confused mounting with creating a new zfs filesystem. Is that even supposed to be permitted in a jail? I almost feel a sysctl disabling that by default would be nice... DoS by zfs filesystem creation/deletion, anyone? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Please remove Perl from ports
I can't comment on the perl changes directly, but I can assure you that if you use port-mgmt/pkg (pkgng) and build your ports into packages via ports-mgmt/poudriere you will have zero upgrade problems -- a simple pkg upgrade will handle the scenario properly. I really haven't tried following UPDATING with portmaster/portupgrade to see what happens. I'd suspect that portmaster is doing something wrong, but further investigation is really necessary to have a solid conclusion of what happened on your server(s). For the first time in ages the ports environment on FreeBSD is rapidly evolving. There are many, many new features that benefit the whole of the userbase and will ease support and deployment across the board. We're trying to limit turbulence, but sometimes things are unforeseeable. This is the nature of the incredible flexibility of FreeBSD's ports; there's more than one way to do something. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Please remove Perl from ports
On Thu, Aug 1, 2013, at 11:07, Chris H wrote: While that all sounds dreamy. I don't think setting something like that up on a *half* up(graded|dated) server, should even be considered. Much less even possible. :( Oh, it's more than possible. 1) Install poudriere, minimal configuration if you have ZFS, bit more if you use UFS 2) # poudriere ports -c # creates ports tree for build env 3) # poudirere jail -c -j your_buildjail_name -a arch -v X.X-RELEASE # creates your build jail for your release+architecture 4) put your /etc/make.conf in /usr/local/etc/poudriere.d/your_buildjail_name-make.conf 5) copy your /var/db/ports (port options) to /usr/local/etc/poudirere.d/your_buildjail_name-options/ 6) poudriere bulk -j your_buildjail_name -f list_of_ports.txt wait a bit as it builds all your packages in a cleanroom environment 7) configure /usr/local/etc/pkg.conf to point to these packages (file://usr/local/poudriere/data/packages/your_buildjail_name-default/) 8) pkg update 9) pkg upgrade that will probably fix you up, but there might be a small dragon or two ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
On Wed, Jul 31, 2013, at 6:15, Daniel Kalchev wrote: On 31.07.13 09:38, Shane Ambler wrote: For something that needs to be constantly updated in between system updates then ports is the place to install it from. You don't have to update BIND constantly, especially if you are not using it. If you are using it, you will want it updated, no matter what. Let's take a moment and consider the state of the internet and DNS attacks. The RRL and RPZ2 patchsets[1] are newer developments that successfully add additional security and features to BIND. It was also recently announced that due to the success of this work the RRL[2] patch will be accepted by ISC into BIND mainline. How many users of BIND on FreeBSD are going to realize they need to run a copy of BIND from ports to get this extremely important protection? It certainly isn't going to get backported to 8-STABLE or 9-STABLE; I don't even know if it will show up in 10.0-RELEASE as a quick grep shows it's not there. To put some perspective on it, FreeBSD 8.x users are literally 6 years behind CURRENT... Now Redhat has a bugzilla[3] report backporting it to RHEL6, but FreeBSD's policy is generally bugfixes and security fixes only, don't introduce new features or behavior, and I don't expect that to change especially for a piece of software in contrib. If a user was running BIND from ports and they would more readily have that feature at their disposal. The port maintainer could even put a sane default in the example config. Unfortunately the number of FreeBSD BIND users who realize they are afforded this protection are going to be slim, and the number actually using it nearly as small. It's quite disappointing. [1] http://ss.vix.su/~vjs/rrlrpz.html [2] http://www.isc.org/blogs/isc-adds-ddos-defense-module-to-bind-software/ [3] https://bugzilla.redhat.com/show_bug.cgi?id=873624 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
On Wed, Jul 31, 2013, at 7:37, Erwin Lansing wrote: 3rd party, and especially those that are still being distributed as experimental, will not be part of the base BIND code. It will only contain a direct import from the vendor sources. I agree, experimental patches have no place in base. If this hits BIND 9.9 though I'd never even consider running BIND from base as an authoritative server as it's missing this patch which can at least partially mitigate a DoS. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
People don't seem upset about not having a webserver, IMAP/POP daemon, or LDAP server in base, so I don't understand what the big deal is about removing BIND. If the concern is over the rare case when you absolutely need a DNS recursor and there are none you can reach I suppose we should just import Unbound. However, if you can't reach any DNS servers I assume you can't reach the roots either, so I don't understand what a local recursor will gain you. I support removing BIND from base, but there's a larger conversation to be had (again). ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
On Tue, Jul 30, 2013, at 7:45, Garrett Wollman wrote: There are plenty of situations in which a remote recursive resolver is untrustworthy. (Some would say any situation.) It doesn't have to be BIND, but people do legitimately want the normal DNS diagnostic utilities, which sadly have been tied together with BIND for some years now. (I don't know why anyone would ever use nslookup(1), but host(1) and dig(1) are pretty much essential.) If you're that paranoid about a remote resolver you'd have to be paranoid about someone doing a MITM on your DNS lookups altogether, since even having your own local recursor can't protect you from that as 99% of the web doesn't use DNSSEC. This will quickly turn into a security yak-shaving contest, but I completely understand your viewpoint. I'd vote for keeping the bind utilities in base; I use them every day. The ones provided with unbound work well, but finger memory... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
On Tue, Jul 30, 2013, at 7:47, Daniel Kalchev wrote: We could in theory remove the BIND's authoritative name server executable... if that is attracting the SAs. It's the same executable, that's the problem :-) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
On Tue, Jul 30, 2013, at 8:44, Ronald Klop wrote: Interesting. What are your statistics of 'most' based on? Yes, this shouldn't be left to conjecture. A large community poll should be the first step IMHO. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
On Tue, Jul 30, 2013, at 8:32, Daniel Kalchev wrote: This is very much an situation like replacing gcc with clang/llvm. However, in the case of BIND we have no licensing problems, stability problems, performance problems etc --- just concerns that BIND generates many SAs -- which might be actually good indicator, as it demonstrates that BIND is worked on. There's a man with a name whose initials match DJB that would strongly disagree. Now he's not always the best person to reference, but he's made a succinct point with his own software, whether or not you like using it. Unbound/NSD are suitable replacements if we really need something in base, and they have been picked up by OpenBSD for a good reason -- clean, secure, readable, maintainable codebases and their use across the internet and on the ROOT servers is growing. I personally see no reason to remove BIND from base. If someone does not want BIND in their system, they could always use the WITHOUT_BIND build switch. I'd be inclined to agree if it wasn't such a wholly insecure chunk of code. You don't see people whining about Sendmail in base when they prefer Postfix or Exim, but Sendmail doesn't have a new exploit every week. You do tend to need an MTA for getting messages off the system more than you need a local recursor/cache, but at least it's not causing you maintenance headaches. If you consider the possibility that a large enough percentage of users really desire a local recursor/cache it should be our duty to give them the best option available. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
On Tue, Jul 30, 2013, at 8:42, sth...@nethelp.no wrote: and every contrib part which is removed, detracts from this. And every contrib part that is added to base is another piece of software that rots for the life of a major release and ends up getting replaced by frustrated endusers with the latest in ports... The tight integration of the base system that everyone appreciates and respects is far below high-level software like BIND. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Bind in FreeBSD, security advisories
On Tue, Jul 30, 2013, at 9:10, Ronald Klop wrote: DragonflyBSD also removed BIND from base some time ago. http://www.shiningsilence.com/dbsdlog/2010/05/06/5853.html I was not aware of this; that's worth referencing. I'm not sure where NetBSD stands but a quick search implies that they still have BIND in base. To all: please note that my emails on this subject are personal opinions of mine and mine only; I have no idea what other @FreeBSD.org people think. It's merely my own conclusion of where I think FreeBSD should be headed after several years of FreeBSD administration. There are people much wiser and informed than I who will be making the decision if this ever comes to pass before 10.0-RELEASE... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ipv6_addrs_IF aliases in rc.conf(5)
On Wed, Jul 17, 2013, at 6:09, Thomas Steen Rasmussen wrote: Hello, Does this work on stable/9 or only on current ? If not, are there any plans to MFC ? I ask because I don't see the ifconfig_IF_aliases syntax in /etc/defaults/rc.conf on a newly built stable/9 box. It's there in /etc/defaults/rc.conf, but maybe not very obvious: #ifconfig_lo0_alias0=inet 127.0.0.254 netmask 0x # Sample alias entry. It is also in the Handbook: http://www.freebsd.org/doc/en/books/handbook/configtuning-virtual-hosts.html ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ipv6_addrs_IF aliases in rc.conf(5)
On Wed, Jul 17, 2013, at 4:36, Hiroki Sato wrote: The recommended way is ifconfig_IF_aliasN or ifconfig_IF_aliases. ipv4_addr_IF will not be removed in the near future, but please use ifconfig_IF_alias{N,es} for newly-configured systems. Backward compatibility for not breaking the existing configurations will be maintained as much as possible (even on the upcoming 10.0R and later). Almost everyone is familiar with ifconfig_IF_aliasN, but can you provide example syntax for ifconfig_IF_aliases ? I've never seen that before and can't find it documented. This is because we have a lot of variables which have (almost) the same functionality in rc.conf and I want to simplify them by merging them with each other, not because these are better than the others. Variables with overlapped functionality have made difficult to maintain/improve the rc.d scripts. I would actually prefer to see the ifconfig_IF_aliasN syntax go away entirely as it simply cannot scale without becoming tedious. I know we can't cover every edge case, but after discussing with people on this list about the desire for ipv6_addrs_IF, now committed, it seems I'm not the only example of this use case. The best scenario I can describe is a situation where you have a shared webhosting environment on FreeBSD. I may very well have 200 IPs on one server. Being able to use ranges and CIDR syntax is invaluable. The idea of ifconfig_IF_aliasN is not so bad as long as you never have to make any changes. However, it's not uncommon to receive a work order from sales where a customer needs to be moved from the shared webhosting environment to their own private VM. We need to move the IP they were using as we probably do not control DNS and it might be difficult for the customer to get that changed. Removing an IP from the middle of 200 ifconfig_IF_aliasN entries requires you to renumber them all. This is simply cruel and error-prone. Being able to adjust the ranges of ipv4_addrs_IF is much cleaner and reliable. This thread isn't exactly the proper forum to debate the future of network configuration on FreeBSD, but please take this into consideration. And thank you for your work on the rc.d scripts -- they're the #1 reason many of us prefer working with FreeBSD. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ipv6_addrs_IF aliases in rc.conf(5)
Thanks for that info, Hiroki. I'm running CURRENT on my main server and do see this now. Could you also make a note to add it to /etc/default/rc.conf as well? Thanks! ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ipv6_addrs_IF aliases in rc.conf(5)
On Tue, Jul 16, 2013, at 6:12, Łukasz Wąsikowski wrote: What is the current, non deprecated way, to configure IP addresses in rc.conf? Let's say for a dual stack, multi IP box I need to set: 10.0.0.66/28 and 10.0.0.67-78 as aliases and fdda:5cc1:23:4::1/48 and fdda:5cc1:23:4::2-f as aliases What is the best way to accomplish it? ipv4_addrs_em0=10.0.0.66-78/28 ipv6 syntax depends on if you're using 8.x or 9.1-RELEASE, but you're going to have to do all the aliases manually. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ipv6_addrs_IF aliases in rc.conf(5)
On Tue, Jul 16, 2013, at 7:21, Łukasz Wąsikowski wrote: I'm using ipv4_addrs_em0 now (and ipv6_addrs_em0 with Kimmo Paasiala's patch), but Hiroki Sato wrote: hr# IPv4 address range spec. Now deprecated. hripv4_addr_em0=10.2.1.1-10 So I'm a little confused now :) As am I... when did ipv4_addr get deprecated? ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ipv6_addrs_IF aliases in rc.conf(5)
On Tue, 16 Jul 2013 12:19:31 -0500, Kevin Oberman [1]rkober...@gmail.com wrote: It didn't. 10.2.1.1-10 syntax did. I'm not totally clear on this yet -- the entire concept of being able to do *ranges* is deprecated? Or is it deprecated because it's missing the CIDR? Thanks References 1. mailto:rkober...@gmail.com ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: LDAP authentication confusion
On Mon, Jul 15, 2013, at 14:09, Daniel Eischen wrote: Ok, thanks. But shouldn't the documentation be changed to reflect that? Whoa, I need to test this now, as we are used to being able to turn this on/off by editing /etc/pam.d/system and sshd ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: LDAP authentication confusion
On Mon, Jul 15, 2013, at 14:19, Jan Bramkamp wrote: More than that. In my opinion it should be updated by replacing nss_ldap and pam_ldap with nss-pam-ldapd which splits the job of both into a shared daemon talking to the LDAP server and small stubs linked into the NSS / PAM using process talking to the local daemon. This allows useable timeout handling and client certificates with save permissions. And if the daemon ever crashes, we can't login to our customer servers (assuming they nuked our local account because they have root access). That's the one issue I have with that daemon and why we haven't migrated to it. We should re-evaluate it, though. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: LDAP authentication confusion
On Mon, Jul 15, 2013, at 14:51, Daniel Eischen wrote: Wouldn't it be easier just to edit /etc/nsswitch.conf anyway? Yes, but bad things happen if you're upgrading a server and there are library changes but you've left it in the pam.d/* files. I guess I wasn't very specific. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ipv6_addrs_IF aliases in rc.conf(5)
On Wed, 10 Jul 2013 06:44:12 -0500, Michael Grimm trash...@odo.in-berlin.de wrote: Will that patch make it into 9.2? If I am not mistaken, that patch isn't in stable yet. I would also like to see this patch hit 9.x sooner than later. It's so painful when someone forgets to fix the alias numbering on servers with many, many IPv4 and IPv6 addresses... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: perl upgrade woes -- how to best reconcile?
On Tue, 09 Jul 2013 04:18:37 -0500, Chris H bsd-li...@1command.com wrote: How do I best sort this all out. I _really_ miss the perl_after_upgrade script, that used to accompany this process. I've had zero problems with upgrades to Perl, etc after I stopped compiling my packages in the host OS and started building the packages via poudriere and using pkgng (sysutils/pkg). pkg can detect when a perl upgrade is happening and is intelligent enough to reinstall all programs that require perl; poudriere is smart enough to rebuild and repackage them all. It's a match made in heaven and dead simple to use. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: perl upgrade woes -- how to best reconcile?
Is there a reason you're avoiding poudriere/pkg ? It's simple to setup and extremely reliable. Your headaches go away because all of your package upgrades get built in a jail and you don't have a half-broken system while waiting for portmaster to run. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Problem with live cd :°(
On Thu, 20 Jun 2013 07:14:08 -0500, emmanuel cozic emmanuel.co...@sfr.fr wrote: Hi What is the login end the password for live cd FreeBSD 9.1, please ? There is no password. You should be able to use user root with a blank password. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Problem with ftp-proxy
On Tue, 18 Jun 2013 06:11:43 -0500, Rainer Duffner rai...@ultra-secure.de wrote: Hi, I use ftp-proxy, together with the patch that starts multiple instances: I recommend avoiding ftp-proxy and setting up static rules that you know will work. On our systems in pure-ftpd.conf we set PassivePortRange 3000 3200 and then on the system's firewall and every firewall in front we pass through ports 3000-3200. It's a simple solution that's guaranteed to work, and you don't have to debug what the proxy is doing. Also, most ftp-proxy software tends to do a very bad job once you start throwing in FTPES. We see this with customer firewalls all the time. These firewall services under the guise of proxys, fixups, or Application Layer Gateways are just inconsistent and unreliable no matter which vendor supplies it. Note, you may have to make the range larger if you expect more than 200 concurrent sessions. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: request for your comments on release documentation
On Wed, 12 Jun 2013 12:49:21 -0500, Hiroki Sato h...@freebsd.org wrote: So, my questions are: 1. What do you think about current granularity of the relnotes items? Too detailed, good, or too rough? Currently, judgment of what is included or not is based on user-visible, new functionality, or performance improvement. Applicable changes are included as relnotes items even if the changes are small, As a sysadmin I live and die by the granularity of release notes. If they weren't granular I'd end up having to read the commit logs and try to parse out changes myself. Sometimes changes aren't going to be obvious if you weren't aware of discussions on the -hackers, -current, or -stable lists. 2. Do you want technical details? For example, just disk access performance was improved by 50% or Feature A has been added. This changes the old behavior because ..., and as a result, it improves disk access performance by 50%. I'm sure if you're too terse like in your first example people will jump to conclusions and be angry when disk performance isn't improved 50% in every possible situation, as well as the project receiving bad press for being too deceiving. If you want to be terse perhaps Disk access improvements is sufficient, and use the second example if you want to be more explicit. 3. Is there missing information which should be in the relnotes? Probably there are some missing items for each release, but this question is one at some abstraction level. Link to commit log and diff, detailed description of major incompatible changes, and so on. I try to keep up with the development and changes in releases as best I can and I haven't noticed any glaring omissions over the last several releases. I think you're doing a fine job. Also, is there a reason this isn't a living document that can be updated as things get MFC'd to STABLE? It would help take load off your end and maybe speed up release once the freeze has happened and we begin the final grind through release candidates. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: SunFire X2200 ilo's bge1 DOWN/UP
Is this your bug? http://www.freebsd.org/cgi/query-pr.cgi?pr=171121 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: fusefs-kmod does not work on 8-STABLE?
On Wed, 10 Apr 2013 13:51:18 -0500, Torfinn Ingolfsen torfinn.ingolf...@getmail.no wrote: Ate there any bugreports or known problems? Kernel panics. Lots of them. :) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: fusefs-kmod does not work on 8-STABLE?
FUSE is pretty bad outside of FreeBSD 10 where it's rewritten and part of the kernel. If your environment would be OK with making the leap to FreeBSD 10 I'd recommend it. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Strange problem with... ZFS? Disk? Controller?
On Thu, 17 Jan 2013 07:22:26 -0600, Alex Povolotsky tark...@webmail.sub.ru wrote: On 12/22/12 13:25, Mark Felder wrote: Try running diskinfo -t /dev/... If it says your device is really slow it's probably dying. I'd suspect it's having trouble seeking. It was a break-in. Some dumb php script running with user privileges managed FreeBSD to hang on disk io up to stopping responding to anything besides reset. Alex Yikes! Make sure to run freebsd-update IDS to check the base OS's checksums and if you're using pkgng you can use pkg check-s to look for any tampered with files owned by packages. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: how to destroy zfs parent filesystem without destroying children - corrupted file causing kernel panick
On Sat, 29 Dec 2012 23:30:48 -0800 Greg Bonett greg.bon...@gmail.com wrote: That's a good idea - but the zpool is made of geli devices. Illumos can't attached FreeBSD geli devices can it? Export the raw geli devices over iSCSI and assemble the zpool on Illumos that way :) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Strange problem with... ZFS? Disk? Controller?
Try running diskinfo -t /dev/... If it says your device is really slow it's probably dying. I'd suspect it's having trouble seeking. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: [patch] Re: SU+J on 9.1-RC2 ISO
On Fri, 2 Nov 2012 20:00:27 +0100 Bas Smeelen b.smee...@ose.nl wrote: Though the last 10 years I have not had the inconvenience of having to deal with long fsck' s or bgfsck' s on servers or workstation installs, so I think this should not be default on new installs. This is one man's opinion. On the other hand, SUJ by default is a godsend for me because of the number of crashes/fscks I've been dealing with. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: SU+J on 9.1-RC2 ISO
On Fri, 2 Nov 2012 23:13:43 +0100 Bas Smeelen b.smee...@ose.nl wrote: I have submitted a PR with patch, see how it goes Cheers Why aren't we patching the dump utility to error/exit saying it's not compatible with SUJ at this time? Update the descriptions in the installer, but leave SUJ as default and patch dump. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: SU+J on 9.1-RC2 ISO
On Sat, 3 Nov 2012 10:18:55 -0400 Maxim Khitrov m...@mxcrypt.com wrote: If I understood Mateusz correctly, r230725 already took care of the panic, so there is no need to modify dump. That, however, still doesn't solve all problems: http://lists.freebsd.org/pipermail/freebsd-questions/2012-November/246069.html Interesting... well, a big warning in the installer should be sufficient I'd hope ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Multipathing issue under FreeBSD
On Mon, 17 Sep 2012 04:14:14 -0500, Pasupathy, Subramani subramani.pasupa...@lsi.com wrote: Kindly let us know if there any issues similar to this has been reported to the community. Or does it look like a fresh and does it really seem to be potential defect? I did extensive testing of the new(er) multipath code earlier (January-March) this year before putting our ZFS SANs into production. I was never able to produce corruption by breaking the multipath during my tests. There would be errors, but it always seemed to recover. I also would have expected ZFS to notice write errors or something during scrubbing. Hopefully this info is useful to someone out there... ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
ipv6 connection hang
Hi all, mwi1# uname -a FreeBSD mwi1.coffeenet.org 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #5 r239731: Mon Aug 27 09:53:18 CDT 2012 r...@mwi1.coffeenet.org:/usr/obj/usr/src/sys/GENERIC amd64 My ipv6 connections hang for several seconds when this scrub rule is enabled: scrub all reassemble tcp no-df random-id This really agitates my browser and email client making them nearly useless at times. Disabling that rule makes ipv6 connections respond instantly as expected. Is this a known regression? My network interface is using the re(4) driver. Thanks! ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: IPv4 vs. IPv6 Ethernet Performance
I'd guess it has to do with incomplete offload code for ipv6, but I'm sure you'll see bz chiming in with details. :-) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD 9.1-RC1 Available...
On Fri, 24 Aug 2012 00:18:09 -0500, Konstantin Belousov kostik...@gmail.com wrote: This is a statement that is false at least two times, if not three. This was a question about Kernel Binary Inteface, not Application Binary Interface. I actually did mean to say KBI instead of ABI :-/ First, we have zero guarantees about ability to load or have a system survive loading of the module compiled against the later kernel. Second, we do not have real KBI definition, and KBI stability is managed only ad-hock. E.g. VFS quite often breaks, while network or disk controllers drivers are usually fine. I'll have to search my email but I had a conversation with someone whom I trusted (I believe within the FBSD project) that either mislead me or I misread what they were saying. Either way, thank you for the clarification. YMMV. Snobby false statements hurt the project. There was nothing snobby about it; I was merely using Linux as a point of reference since most *nix users should have experience with Linux rejecting kernel modules that weren't compiled against that exact kernel. I could very well have said Plan9 instead but it would be meaningless because nobody actually runs Plan9. :-) Thanks again Konstantin :-) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD 9.1-RC1 Available...
On Thu, 23 Aug 2012 12:37:04 -0500, Walter Hurry walterhu...@gmail.com wrote: One thing (welcome, but puzzling) which surprised me was that my vboxguest.ko did *not* need to be recompiled. How did the upgrade manage that? FreeBSD has a stable ABI unlike Linux. A kernel module compiled for any 9.x release should work on any other 9.x release without needing to be recompiled. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Recommendation for Hyervisor to host FreeBSD
On Thu, 05 Jul 2012 06:43:06 -0500, Pete French petefre...@ingresso.co.uk wrote: So, my work surprise for a Thursday morning is an urgent requirement to see if we can run a set of FreeBSD machines under virtualised servers. I have not done this before personally, but I notice from post here that it doesnt seem uncommon, and I see Xen related commits flowing past, so I am guessing it is doable. So, for running 8 or 9 STABLE can anyone recommend which hypervisor works best, and is 8 or 9 better as the OS to run ? Am doing a bit of research myself, but nothing beats persoanl experience in these matters! I can't recommend ESX at all. We are struggling to keep our FreeBSD servers from crashing. I can make them crash on demand just by stressing I/O and network at the same time. I have a PR regarding the issue, but no known fix yet. http://www.freebsd.org/cgi/query-pr.cgi?pr=168416cat= ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Recommendation for Hyervisor to host FreeBSD
On Thu, 05 Jul 2012 09:52:31 -0500, Adam Strohl adams-free...@ateamsystems.com wrote: but as far as I know it isn't missing anything I've had vmware engineers tell me it doesn't log to the hypervisor correctly so you need to use official tools when they are asking for debugging info ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Cannot get flashplugin to work
On Mon, 18 Jun 2012 10:25:10 -0500, Michael Gass mg...@csbsju.edu wrote: Cannot get the linux flashplugin to work on either firefox or chrome. 9-STABLE here without issues. Can you post: /etc/rc.conf /etc/fstab output of `kldstat` output of `mount` output of `uname -a` Thanks! ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Why Are You Using FreeBSD?
On Sun, 03 Jun 2012 20:45:59 -0500, Stephen Montgomery-Smith step...@missouri.edu wrote: More recently I have had to start using Linux because FreeBSD doesn't have very good laptop support. (All I ask for is a way to configure the mouse pad so that I can switch off tap to click.) See, this isn't very obvious to most people. It took me forever to figure it out. On every other OS you use the Xorg synaptics driver, but on FreeBSD there is synaptics support built-in with the rest of the mouse driver. man 4 psm: Tap and drag gestures can be disabled by setting hw.psm.tap_enabled to 0 at boot-time. Currently, this is only supported on Synaptics touchpads with Extended support disabled. The behaviour may be changed after boot by setting the sysctl with the same name and by restarting moused(8) using /etc/rc.d/moused. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Why Are You Using FreeBSD?
On Thu, 31 May 2012 09:30:31 -0500, Adam Strohl adams-free...@ateamsystems.com wrote: This brings up another point: Repair is always possible with FreeBSD. Quick tip for you guys -- create your own mtree file for /usr/local, /usr/home, and /var via cron nightly. With that data and the ones provided for the base system you can fix a machine that someone accidentally chown -R / within minutes. The fact that Linux has nothing equivalent is frightening. Mtree has saved me a lot of time when customers have broken their servers. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Why Are You Using FreeBSD?
On Wed, 30 May 2012 13:59:01 -0500, Chris Nehren apeiron+freebsd-sta...@isuckatdomains.net wrote: 4. Everything feels right and makes sense on a very deep level for me, in a way that never happened with the other Unix and Unix alike OSs I've used. Bingo. For me: 1) Integration. The OS is integrated very well all around. How many utilities on Linux are required to replace the full functionality of the BSD ifconfig ? 2) Ports. We have customers with very different requirements; we don't have to run different Linux distros to meet their needs in a way that is supported by the package management system. This makes the job as a sysadmin and our infrastructure very consistent. 3) Features. PF is indispensable, and ZFS is a great bonus. System utilities, too: sockstat, systat, gstat, BSD's top, etc. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD 9.0 - BCE_JUMBO_HDRSPLIT kernel option for bce device still needed?
On Wed, 25 Apr 2012 14:41:40 -0500, Andrey Zonov and...@zonov.org wrote: Hi, There is no such option in the kernel anymore, instead there is hw.bce.hdr_split tunable which is turn on by default. I've tried the kernel option and playing with this tunable on a pair of HP DL380s and had to give up. I was building ZFS SAN heads and was going to have 2x bce and 2x igb ethernets each LACP and Jumbo Frames. The bce devices simply would not work with jumbo frames. The packets disappeared into the great ether or something. Our switches never saw any being sent, and receiving jumbo frames showed absolutely no traffic via tcpdump. After dropping in a quad Intel NIC (4x igb) everything worked as expected. The bce hardware or driver is sketchy and I'd avoid it. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD 9.0 - BCE_JUMBO_HDRSPLIT kernel option for bce device still needed?
Hi Andrey, Those servers are considered production now but I have access to a few more that I may be able to test your patch on. I do not have an ETA but I'm keeping this on my list of things to do and will gladly reply back after I produce results. Thanks!!! ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Floppy disks don't work with FreeBSD 9.0
On Tue, 27 Mar 2012 16:48:26 -0500, Thomas Laus lau...@acm.org wrote: It looks like we both have confirmed that the floppy disk operation works up to FreeBSD 8.3 RC1. I will need to file a PR for FreeBSD 9.0 in the bug system. Thanks for the help. Could this be related to CAM system issues that shipped with FreeBSD 9.0 and were fixed in -STABLE? Like the CDROM issues? I'd probably test in -STABLE first. Unfortunately I don't have any floppy drives to test this with or I'd lend a hand. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: FreeBSD9 and the sheer number of problem reports
On Thu, 23 Feb 2012 12:25:01 -0600, Damien Fleuriot m...@my.gd wrote: Now, I find the number of problem reports regarding 9.0-RELEASE alarming and I'm growing more and more fearful towards it. Then stick with the 8.x train until it's no longer supported. Also, don't you know the rule about running .0 releases in production? :) 9.0 had LOTS of changes. They were very important. It's going to take a while for the community to fully absorb them and bugs to be worked out. We don't have enough testers of -CURRENT to prevent this. Everything seemed stable (ie, no release blockers) for the people running -CURRENT and -PRERELEASE, BETAs, and RCs, so it was released. But as always, TEST TEST TEST and please have a proper staging/test environment before you throw your production into 9.x. Only YOU can prevent forest fires^W^W unplanned outages. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: accepting rtadv broken on 9-STABLE, re driver?
On Sat, 07 Jan 2012 14:23:46 -0600, Hiroki Sato h...@freebsd.org wrote: It is an unexpected behavior and the flag should be set on all interfaces. Can you send me your /etc/rc.conf, /etc/sysctl.conf, and the result of ifconfig -a? Back at work so I have access to the machine again: rc.conf: hostname=tech304.office.xxx.net ifconfig_re0=inet 192.168.93.23/24 defaultrouter=192.168.93.1 ipv6_activate_all_interfaces=YES ipv6_ifconfig_re0=inet6 accept_rtadv sshd_enable=YES linux_enable=YES ntpd_enable=YES ntpdate_enable=YES vboxnet_enable=YES tcp_drop_synfin=YES icmp_log_redirect=YES update_motd=NO dbus_enable=YES hald_enable=YES moused_enable=NO moused_nondefault_enable=NO oss_enable=NO #nginx nginx_enable=YES fcgiwrap_enable=YES fcgiwrap_user=www samba_enable=YES #samba_config=/usr/local/etc/samba34/smb.conf lpd_enable=YES #slim_enable=YES exim_enable=YES sendmail_enable=NONE nfs_client_enable=YES smartd_enable=YES zfs_enable=YES sysctl.conf: # Uncomment this to prevent users from seeing information about processes that # are being run under another UID. #security.bsd.see_other_uids=0 net.inet.tcp.drop_synfin=1 net.inet.icmp.log_redirect=1 vfs.usermount=1 net.inet6.ip6.accept_rtadv=1 # ifconfig -a 11:43:29 tech304:~ ifconfig -a re0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC ether d0:67:e5:17:e1:32 inet6 fe80::d267:e5ff:fe17:e132%re0 prefixlen 64 scopeid 0x2 inet 192.168.93.23 netmask 0xff00 broadcast 192.168.93.255 inet6 2607:f4e0:100:104:d267:e5ff:fe17:e132 prefixlen 64 autoconf nd6 options=23PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST metric 0 mtu 16384 options=3RXCSUM,TXCSUM inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL vboxnet0: flags=8802BROADCAST,SIMPLEX,MULTICAST metric 0 mtu 1500 ether 0a:00:27:00:00:00 nd6 options=23PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: accepting rtadv broken on 9-STABLE, re driver?
On Mon, 09 Jan 2012 13:02:24 -0600, Hiroki Sato h...@freebsd.org wrote: re0 seems to have ACCEPT_RTADV. What is the problem? That's because I haven't rebooted Let's start fresh. The normal ipv6 configuration anyone would use: -ipv6_activate_all_interfaces=YES in rc.conf -NO mention of net.inet6.ip6.accept_rtadv in sysctl.conf I boot up, re0 *does not* have ACCEPT_RTADV. I try forcing via the sysctl: net.inet6.ip6.accept_rtadv=1 Still doesn't work! I finally have to result to: ifconfig re0 inet6 accept_rtadv Why? What makes this machine different? All the other machines I run do not require this to get ACCEPT_RTADV. Is it the re driver? My other machines have em and ath interfaces. Thanks, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: accepting rtadv broken on 9-STABLE, re driver?
On Mon, 09 Jan 2012 19:56:47 -0600, Hiroki Sato h...@freebsd.org wrote: This is an expected behavior. ACCEPT_RTADV is disabled by default on 9.X. Thanks for clarifying. I'll make sure I update our documentation at work regarding how exactly to get ACCEPT_RTADV working so this is clarified. Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: accepting rtadv broken on 9-STABLE, re driver?
Hiroki Sato h...@freebsd.org wrote: Is it correct that ACCEPT_RTADV option was enabled on the vboxnet0 and not on re0, even after setting net.inet6.ip6.accept_rtadv to 1 at boot time and ipv6_activate_all_interfaces=YES? -- Hiroki Yes, that is the behavior I witnessed. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
accepting rtadv broken on 9-STABLE, re driver?
Hi guys, I upgraded my desktop at work just around christmas to 9-PRERELEASE builds and ipv6 has been broken since then. I've been too busy at work to fix it but today I finally had the chance to figure it out. Currently I'm running: 12:11:15 tech304:~ uname -a FreeBSD tech304.office.supranet.net 9.0-STABLE FreeBSD 9.0-STABLE #2 r229703M: Fri Jan 6 11:01:58 CST 2012 r...@tech304.office.supranet.net:/usr/obj/tank/svn/sys/GENERIC amd64 and my ipv6 is not working. In rc.conf I have ipv6_enable_all_interfaces=YES which sets the link local and I had net.inet6.ip6.accept_rtadv=1 in sysctl.conf. I can confirm that it was indeed activated in sysctl, but ifconfig didn't think so: re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=209bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC ether d0:67:e5:17:e1:32 inet6 fe80::d267:e5ff:fe17:e132%re0 prefixlen 64 scopeid 0x2 inet 192.168.93.23 netmask 0xff00 broadcast 192.168.93.255 nd6 options=23PERFORMNUD,AUTO_LINKLOCAL## Where's the ACCEPT_RTADV??? media: Ethernet autoselect (100baseTX full-duplex) status: active I have to manually do # ifconfig re0 inet6 accept_rtadv to get it to work. Am I missing something? Grepping /etc/rc.d/ for rtadv finds no clues. Is this broken for everyone, for the re driver, or am I just crazy? Here's pciconf for the device -- let me know if any further info would be useful: re0@pci0:4:0:0: class=0x02 card=0x04f51028 chip=0x816810ec rev=0x06 hdr=0x00 vendor = 'Realtek Semiconductor Co., Ltd.' device = 'RTL8111/8168B PCI Express Gigabit Ethernet controller' class = network subclass = ethernet Thanks, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: accepting rtadv broken on 9-STABLE, re driver?
On Fri, 06 Jan 2012 12:49:45 -0600, Sergey Kandaurov pluk...@gmail.com wrote: You mean ipv6_activate_all_interfaces=YES ? Yes... Unfortunately that's what I get for typing it manually and being distracted at the time. :-) What is in your rc.conf? Do you have inet6 accept_rtadv keyword in it? IIRC it should be enough to specify ifconfig_re0_ipv6=inet6 accept_rtadv without additional tweaks. Consult with rc.conf(5). I figured I would end up putting that in rc.conf as a temporary fix, but maybe that's just the long term solution. It seems so odd to me that the sysctl change doesn't automatically cause the ACCEPT_RTADV option to show up for re0, but it does for vboxnet0. Perhaps there should be a cleaner way to do this in rc.conf like how we do ifconfig_re0=DHCP ? Thanks, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: ZFS V28 on 8.2-RELEASE write behavior
On Thu, 01 Sep 2011 10:50:26 -0500, Dave Cundiff syshack...@gmail.com wrote: Any help tracking this down would be greatly appreciated. There have been numerous changes to v28 in -STABLE since June. Can you reproduce the behavior with a recent build of -STABLE instead of -RELEASE? Perhaps even on -CURRENT? Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: df -t is broken?
Here's what happens when I try to truss a df -t http://paste.feld.me/3jb4c@raw Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
df -t is broken?
Ok, not sure if this really belongs on the STABLE mailing list but we'll see if you can help: - I was originally running FreeBSD 8.2-RELEASE - I patched my 8.2 source with the patches here: http://blog.vx.sk/archives/24-Backported-patches-for-FreeBSD-82-RELEASE.html - I built my system with make buildworld make buildkernel and then installed both; rebooted. I know this isn't the norm, but I'm still running 8.2-RELEASE except these specific bugfixes so there really is no need for mergemaster - Now df -t doesn't work I noticed weird processes hanging and a few other things not running normally (monitoring). Turns out that anything that uses df -t just hangs (xymon, periodic, crons, find seems to hang when excluding filesystems)... doesn't matter what parameters you give it, it just hangs. Any thoughts on this? Regular df -h, etc work fine Thanks, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: zfs, nfs and zil
Hello, I'd be curious to know how much memory you have. Also, you mention both iSCSI and NFS in the post and also say that you are using ESX with NFS. Can you reconfirm that you're definitely using NFS and not iSCSI? This is a type of setup I've been investigating myself and I hope you succeed. Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Dell 850 Panic on boot
Well I'm not sure what to say. I just remembered I promised an update and so I went to try to boot the server off an 8.2 disc and see it panic again and nothing. No panic. I have no explanation for this except maybe a failing power supply that was being naughty on Friday but is OK today. I will have to reinstall this server soon so we'll see what happens. If I can reproduce it again I'll revive this thread. Thanks, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Dell 850 Panic on boot
Hi guys, Not sure if this is the right place to report this but we have a couple Dell 850s at work and the extra one we're trying to put FreeBSD on panics on boot. The servers are running 3.0ghz Pentium D processors (dual core) and they've got the EMT64 extension. So far it panics with the install cd for these versions: 8.1 i386 and amd64 8.2 i386 and amd64 7.4 amd64 I haven't tried any others. We needed to get this up to test something BSD specific so right now it's running OpenBSD. Here is a picture of the console from when it panics: http://feld.me/stuff/freebsd/dell_850_panic.png Some people in the ##freebsd channel on Freenode said it looked like it panics whenever it initializes the second CPU. There's no option in the BIOS (which is up to date) that offers you the ability to disable a core or hyperthreading or whatever this CPU does. Any insight would be greatly appreciated. Thanks, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Dell 850 Panic on boot
On Sat, 12 Mar 2011 12:30:14 -0600, Andriy Gapon a...@freebsd.org wrote: do you get exactly the same panic message with 8.2 or a slightly more informative one? If the latter, then could please provide a screenshot of that? Yeah, the 8.x seemed to have more details. That happens to be a screenshot from the 7.4 disc. I don't have access to the machine until Monday but I'll post an update then. Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: happy hacker lite 2 keyboard
On Thu, 10 Mar 2011 10:15:27 -0600, Zoran Kolic zko...@sbb.rs wrote: Quite late return to the subject. I finally ordered one for myself and have a question regarding it's usage with 64 bit system. All newer HH keuboards are usb ones. Manufacturer doesn't confirm connection to ps/2 port with usb to ps/2 adapter. Is there any reason not to do that on amd64? Hrm, strange that a nice keyboard like that comes as USB only. My Adesso comes natively as PS/2 but has a PS/2 to USB converter that works flawlessly. The idea is that PS/2 is better for keyboards because it allows you to simultaneously press more keys at once than USB can handle. Anyway, I've had really bad luck with off the shelf adapters. You are probably OK with just running it as USB. Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Panic from linux emulation (flashplugin)
Well it started happening again. Basically what I did was rebuild all of ports which downgraded my nvidia driver. I was getting consistent crashes in youtube after this happened. I upgraded my nvidia driver to 260.19.44 by modifying the port and now I can't get it to crash anymore. *HOWEVER* This may or may not be unrelated -- I'm running opera and have a youtube video hidden in another tab. I have upgraded my nvidia driver but didn't reboot, just removed the kernel module and started X again. For some reason the Youtube video in the hidden tab is able to be seen when I put my terminal over the area where it would be if it was in the active tab. http://feld.me/stuff/flash_bug.png is an example of it. I haven't yet rebooted to see what happens on a clean boot, but this is certainly interesting... perhaps bad flash/linuxulator behavior that doesn't trip a panic in the newer nvidia drivers? Weird stuff either way... Now that I have seemingly figured out the combination to a crash I'll see if I can catch one on the console and have something worthwhile to report. Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: 3TB disc and block alignment
On Mon, 21 Feb 2011 10:16:37 -0600, Kurt Jaeger li...@c0mplx.org wrote: Hi! Hmm, wasn't the issues with 3T drives, that they internally use 4K blocks and emulate 512 and that therefore 8 block alignments are an performance issue ? Hi guys, I'd just like to jump on this train real quick since I have a related question with alignment. I've been building new Virtual Machine templates lately because I recently learned that our SAN which we access over iSCSI uses 64K blocks and the default FreeBSD install starts a filesystem on sector 63 (512K sectors). This would be misaligned for most I/O transactions. As a result, I updated our internal documentation for FreeBSD standards to be 64K aligned by manually installing FreeBSD with GPT and making the FreeBSD-boot partition 64K in size: Fixit# gpart create -s gpt da0 Fixit# gpart add -t freebsd-boot -s 64K da0 Fixit# gpart add -t freebsd-swap -s 2G -b 2048 da0 Fixit# gpart add -t freebsd-ufs da0 Fixit# gpart bootcode -b /dist/boot/pmbr -p /dist/boot/gptboot -i 1 da0 At the time, the examples I found used -s 64K for the freebsd-boot partition which starts the next partition/filesystem on the next 64K block which would be aligned for our purposes. However, I have been seeing -s 1024K or larger which is also 64K aligned, but just larger. Am I shooting myself in the foot by not going ahead and aligning with -s 1024K or -s 2048K right now? Thanks for your opinions, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Panic from linux emulation (flashplugin)
I'm sending this to both stable and emulation lists, but I'm not subscribed to the emulation list so please cc: me there. Hi guys, I'm told this is known but I can't find any information. I'm running the checkout for RELENG_8_2 from Thursday and the issue I'm having on my amd64 Desktop is that every time I play a flash video (my only real use of linux emulation) it causes a kernel panic. This happens in Opera, Firefox, and Chromium. Another user in Freenode's ##freebsd said he is experiencing this too. I've seen nothing mentioned on the freebsd-emulation mailing list. Any thoughts? Thanks, Mark Relevant info: 10:56:08 skeletor:~ uname -a FreeBSD skeletor.feld.me 8.2-RELEASE FreeBSD 8.2-RELEASE #1: Thu Feb 17 13:03:46 CST 2011 r...@mwi1.coffeenet.org:/usr/obj/usr/src/sys/GENERIC amd64 10:57:11 skeletor:~ sudo kldstat Password: Id Refs AddressSize Name 1 53 0x8010 c9fe20 kernel 21 0x80da 24d98snd_hda.ko 34 0x80dc5000 75668sound.ko 41 0x80e3b000 13b98snd_uaudio.ko 51 0x80e4f000 f080 aio.ko 61 0x80e5f000 ffb0 ahci.ko 71 0x80e6f000 52d8 atapicam.ko 81 0x80e75000 d08de0 nvidia.ko 93 0x81b7e000 42558linux.ko 103 0x81bc1000 45ed0vboxdrv.ko 111 0x81e22000 3ee0 linprocfs.ko 122 0x81e26000 28ae vboxnetflt.ko 132 0x81e29000 8d44 netgraph.ko 141 0x81e32000 1532 ng_ether.ko 151 0x81e34000 d0c vboxnetadp.ko 161 0x81e35000 a1c pflog.ko 171 0x81e36000 2bd81pf.ko 181 0x81e62000 a8ea fuse.ko I was running linux-f10-flashplugin10 10.2r152 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Panic from linux emulation (flashplugin)
On Mon, 21 Feb 2011 13:24:25 -0600, Juergen Lock n...@jelal.kn-bremen.de wrote: I see you use the nvidia blob (I use radeon with xorg drivers), did you rebuild the nvidia driver port after upgrading to 8.2? Or maybe this has something to do with the vdpau support that was added to flash with the last update and that others reported as possibly not working properly on FreeBSD... Aha! This is probably it! I just upgraded my workstation at work to 8.2 (also nvidia) and I am not having the crash but I also don't have that newer flash version that includes vdpau support. I will downgrade the flash version at home and report back. It would possibly also be wise to contact the maintainer and have him mark the port as BROKEN or conflicting or something if you're running nvidia so people don't run into this issue. Thanks, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Panic from linux emulation (flashplugin)
On Mon, 21 Feb 2011 16:42:59 -0600, Mark Felder f...@feld.me wrote: I was talking about the maintainer of the flashplugin in ports. That would be Nox. I have sent him an email. Oh dear I take that back. He was the last person to submit an update, not the maintainer. Whoops! Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Panic from linux emulation (flashplugin)
On Mon, 21 Feb 2011 16:39:49 -0600, Juergen Lock n...@jelal.kn-bremen.de wrote: So on the box that got the panic the nvidia driver port was rebuilt after the src/kernel upgrade? Correct. The maintainer is emulation@... But yes if its confirmed and can't be fixed we should probably patch the flash binary to stop it from trying to load libvdpau (like by patching the filename to something nonexisting?) I was talking about the maintainer of the flashplugin in ports. That would be Nox. I have sent him an email. Regards, Mark ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org