Re: pkg with an ssh repo crashes CURRENT
On Mon, Aug 24, 2015 at 03:20:26PM -0500, Mark Felder wrote: On Thu, Aug 20, 2015, at 17:18, Konstantin Belousov wrote: I guess the process 666 was current when the panic occured ? Basically, what I want is to see the p_reaper value for the process with the pid 667. Even just p_reaper-p_pid is enough. Do you need me to recreate the issue and provide you a matching vmcore and kernel.debug as well as full scrollback before the panic message and ddb output (bt, ps, etc) ? I explained what I need, above. There must be a child of the reaper, and I want to see the reaper of the child. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: ipfw rules for connect port 993
Hello ,
thank you for your answer.
ad1.
i send my current firewall rules and record from tcpdump on re0 .
My LAN is 172.16.0.0/22 (10... it was easy. I think it does not matter)
My second LAN is 192.168.1.0/24(on this network connection to the IMAP
port 993 works)
My public IP is 86.49.91.98
ad2.
Tcpdump on rl0 shows nothing
ad3.
Yes . I have gateway_enable=YES in /etc/rc.conf
ad4.
I think yes...
PS : Firewall is not my work . I inherited it.
Thank you very much
Petr Chocholac
Dne 24.8.2015 v 15:39 Allan Jude napsal(a):
On 2015-08-24 09:05, Petr Chocholáč wrote:
Hello,
I would like to ask you for advice. I can not connect to imap.gmail.com
on port 993 from my local network. My LAN is behind freeBSD server with
IPFW. Server has two network cards rl0=Internet and
re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without
answers. What rules should i create?
I tried someting like this, without success:
#ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0
Thank you very much for any advice and your patience
Petr Chocholáč
Brno, Czech Republic
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
We would need to see all of your current firewall rules (ipfw show)
You'll want to tcpdump on rl0, to see if the packet is being forwarded.
Do you have the machine configured as a gateway? (gateway_enable=YES
in /etc/rc.conf)
Are you doing NAT (Network Address Translation) to remap the internal
(10.0.0.0/16) addresses to your internet routable IP?
00100 9036394 8499055198 allow ip from any to any via lo0
00200 00 deny ip from any to 127.0.0.0/8
00300 00 deny ip from 127.0.0.0/8 to any
00400 134 9313 allow udp from any to 86.49.91.110 dst-port 53
keep-state
00500 00 allow udp from 86.49.91.110 53 to any keep-state
00600 00 allow tcp from 86.49.91.107 to any dst-port 25
setup
00700 00 allow tcp from 86.49.91.98 25 to any dst-port 25
setup
00800 00 allow udp from 86.49.91.110 53 to any keep-state
00900956234 80342962 allow icmp from 86.49.91.98 to any keep-state
01000 17235 1324207 allow icmp from any to 86.49.91.98 keep-state
01100 14068 1530257 allow udp from 86.49.91.98 53 to any keep-state
01200 7759 554809 allow ip from 172.16.0.0/24 to 86.49.91.96/28
01300 94672736 allow ip from 86.49.91.96/28 to 172.16.0.0/24
01400 00 allow ip from 172.16.0.0/16 to 195.113.191.160/28
dst-port 8080,26,5,10943,22,26,3128,61085,514,25,53
01500 00 allow ip from 172.16.0.0/16 to 86.49.91.96/28
dst-port 8080,26,5,10943,22,26,3128,61085,514,25,53,993
01600 72238642 deny log ip from 218.0.0.0/8 to any via rl0
01700 00 deny log ip from 221.6.178.0/24{0-63} to any via
rl0
01800 00 deny log ip from 210.68.8.128/25 to any via rl0
0190012 845 deny log ip from 121.8.0.0/13 to any via rl0
02000 00 deny log ip from 58.208.0.0/20 to any via rl0
02100 00 deny log ip from 62.193.235.47 to any via rl0
02200 00 deny log ip from 74.208.164.166 to any via rl0
02300 00 deny log ip from any to 74.208.164.166
02400 00 deny log ip from 61.78.0.0/16 to any via rl0
02500 00 deny log ip from 91.200.108.0/24 to any dst-port
25 via rl0
02600 00 allow ip from 172.16.2.0/24 to any dst-port 53
keep-state
02700 67565 11649052 allow ip from 172.16.2.0/23 to any dst-port 53
keep-state
02800 24017484 allow log logamount 2 udp from 172.16.0.99 to any
dst-port 53 out via rl0 keep-state
02900 00 allow log logamount 2 udp from any 53 to
172.16.0.99 in via rl0 keep-state
03000 00 allow log logamount 2 udp from any 53 to
192.168.1.1 in via rl0 keep-state
0310023 1493 allow log logamount 100 udp from 192.168.1.1 53 to
any keep-state
03200 00 fwd 172.16.0.99,8080 tcp from 172.16.2.0/24 to any
dst-port 80 out via rl0
03300 2543961222167859 fwd 172.16.0.99,8080 tcp from 172.16.2.0/23 to any
dst-port 80 out via rl0
03400 00 allow tcp from 172.16.2.0/23 to 172.16.0.2 setup
03500 00 allow tcp from 172.16.2.0/24 to 172.16.0.2 setup
03600 00 allow ip from 172.16.2.0/23 to 172.16.0.2 setup
03700 00 allow ip from 172.16.2.0/24 to 172.16.0.2 setup
03800 00 allow tcp from 172.16.2.0/24 to 192.168.1.1 setup
03900 00 allow tcp from 172.16.2.0/24 to 192.168.1.1 setup
04000 29654 1806084 allow tcp
Re: Kernel panic with fresh current, probably nfs related
On Mon, Aug 24, 2015 at 11:18:00AM -0700, Sean Bruno wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/23/15 18:36, Yonghyeon PYUN wrote: Index: sys/dev/e1000/if_em.c === - --- sys/dev/e1000/if_em.c (revision 287087) +++ sys/dev/e1000/if_em.c (working copy) @@ -3044,7 +3044,7 @@ em_setup_interface(device_t dev, struct adapter *a if_setioctlfn(ifp, em_ioctl); if_setgetcounterfn(ifp, em_get_counter); /* TSO parameters */ - ifp-if_hw_tsomax = EM_TSO_SIZE; + ifp-if_hw_tsomax = IP_MAXPACKET; ifp-if_hw_tsomaxsegcount = EM_MAX_SCATTER; ifp-if_hw_tsomaxsegsize = EM_TSO_SEG_SIZE; Seems to work. However, I cannot reproduce the user panic in the first place. What's the scenario that seems to work here? NFS seems happy with/without the patch so I'm not confident in anything we are doing her e. I see several patches here. Which one should I be using? -- Joel ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Jenkins build is back to normal : Build-UFS-image #2191
See https://jenkins.FreeBSD.org/job/Build-UFS-image/2191/ ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: ipfw rules for connect port 993
On 8/25/15 4:02 PM, Petr Chocholáč wrote:
Hello ,
ignore my previous email, you have answered my questions here.
the firewall set you show is pretty horrible. It really needs a rewrite.
do you want to block the two LANs from each other or block any
machines on the LANs from reaching the firewall?
if not then you should start by adding two rules.
ipfw add 350 allow ip from any to any in recv {LAN interface}
ipfw add 351 allow ip from any to any out xmit {LAN interface}
as you do not want to block that traffic..
you should only be looking at traffic on the internet interface..
In your current rule set all the rules are being tested at all
interfaces which is a waste of CPU and also makes it very hard to work
out what is going on.
if you DO want to filter on other interfaces then send traffic for
each interface to a different set of rules, incoming and outgoing.
for example
add 350 skipto 1000 ip from any to any in recv rl0
add 360 skipto 1100 ip from any to any out xmit rl0
add 370 skipto 1200 ip from any to any in recv re0
add 380 skipto 1300 ip from any to any out xmit re0
etc...
then at each rule set (1000, 2000, 3000... you only have rules you
need for that exact flow..
also
you should use a table to hold all the subnets and addresses that are
there
for example:
you have:
08800 00 allow tcp from 85.70.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
08900 00 allow tcp from 85.71.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
09000 00 allow tcp from 84.42.232.0/21 to 86.49.91.98
dst-port 443 setup via rl0
09100 00 allow tcp from 84.42.240.0/20 to 86.49.91.98
dst-port 443 setup via rl0
09200 00 allow tcp from 80.188.157.0/24 to 86.49.91.98
dst-port 443 setup via rl0
09300 00 allow tcp from 89.102.9.0/24 to 86.49.91.98
dst-port 443 setup via rl0
09400 00 allow tcp from 89.102.0.0/16 to 86.49.91.98
dst-port 443 setup via rl0
this should all be:
allow tcp from table(1) to 86.49.91.98 dst-port 443 setup
and it would appear only in the rules to do with incoming packets to rl0
(i.e. in the rules starting with 1000)
you would populate the table with:
ipfw table 1 add 85.70.0.0/16
ipfw table 1 add 85.71.0.0/16
ipfw table 1 add 84.42.232.0/21
...
etc.
I can't actually read your ruleset enough without getting a headache
to tell you what is failing.
Also you talked about 10.x.x.x
in your email, and about 2 interfaces, but later you talked about
different addresses and 3 interfaces.
can you say what is the actual setup. (you do not have to give your
actual internet IP address.. though you already did.. I would replace
it with ${OUTSIDE} in the script that makes it..
thank you for your answer.
ad1.
i send my current firewall rules and record from tcpdump on re0 .
My LAN is 172.16.0.0/22 (10... it was easy. I think it does not matter)
My second LAN is 192.168.1.0/24(on this network connection to the
IMAP port 993 works)
My public IP is 86.49.91.98
ad2.
Tcpdump on rl0 shows nothing
ad3.
Yes . I have gateway_enable=YES in /etc/rc.conf
ad4.
I think yes...
PS : Firewall is not my work . I inherited it.
Thank you very much
Petr Chocholac
Dne 24.8.2015 v 15:39 Allan Jude napsal(a):
On 2015-08-24 09:05, Petr Chocholáč wrote:
Hello,
I would like to ask you for advice. I can not connect to
imap.gmail.com
on port 993 from my local network. My LAN is behind freeBSD server
with
IPFW. Server has two network cards rl0=Internet and
re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without
answers. What rules should i create?
I tried someting like this, without success:
#ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0
Thank you very much for any advice and your patience
Petr Chocholáč
Brno, Czech Republic
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to
freebsd-current-unsubscr...@freebsd.org
We would need to see all of your current firewall rules (ipfw show)
You'll want to tcpdump on rl0, to see if the packet is being
forwarded.
Do you have the machine configured as a gateway? (gateway_enable=YES
in /etc/rc.conf)
Are you doing NAT (Network Address Translation) to remap the internal
(10.0.0.0/16) addresses to your internet routable IP?
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: ipfw rules for connect port 993
On 8/24/15 9:05 PM, Petr Chocholáč wrote: Hello, I would like to ask you for advice. I can not connect to imap.gmail.com on port 993 from my local network. My LAN is behind freeBSD server with IPFW. Server has two network cards rl0=Internet and re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without answers. What rules should i create? I tried someting like this, without success: #ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0 are you doing nat? the syn packets are going which way? on which interface did you do the tcpdump? what does the rest of the firewall look like? is it a standard one? what are the settings? Thank you very much for any advice and your patience Petr Chocholáč Brno, Czech Republic ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Read-only /usr/obj/ no longer kosher?
On Tue, Aug 25, 2015 at 11:04:37PM +0200, Pawel Jakub Dawidek wrote:
On Sun, Aug 23, 2015 at 03:29:01PM -0700, Xin Li wrote:
On 8/23/15 14:55, Pawel Jakub Dawidek wrote:
I used to build world and kernel on one machine and export both /usr/src/
and
/usr/obj read-only to other machines. It doesn't work anymore (this is
from
'make installworld'):
=== bin/freebsd-version (install)
eval $(egrep '^(TYPE|REVISION|BRANCH)='
/usr/src/bin/freebsd-version/../../sys/conf/newvers.sh) ; if ! sed -e
s/@@TYPE@@/${TYPE}/g; s/@@REVISION@@/${REVISION}/g;
s/@@BRANCH@@/${BRANCH}/g;
/usr/src/bin/freebsd-version/freebsd-version.sh.in freebsd-version.sh ;
then rm -f freebsd-version.sh ; exit 1 ; fi
cannot create freebsd-version.sh: Permission denied
rm: freebsd-version.sh: Read-only file system
*** Error code 1
What's the modification times of
/usr/obj/usr/bin/freebsd-version/freebsd-version.sh,
/usr/src/bin/freebsd-version/freebsd-version.sh and
/usr/src/sys/conf/newvers.sh?
I saw it twice, but cannot reproduce it anymore. This is 10.2-RELEASE,
I've send it to current@ by mistake. All in all my expectation is that
we shouldn't modify obj/ during installworld.
Now that I think of it, it might have been that I did
buildworld/buildkernel before -p1. Then freebsd-update updated
newvers.sh and then I was trying to do installworld.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Read-only /usr/obj/ no longer kosher?
On Tue, Aug 25, 2015 at 11:53:47PM +0200, Pawel Jakub Dawidek wrote:
On Tue, Aug 25, 2015 at 11:04:37PM +0200, Pawel Jakub Dawidek wrote:
On Sun, Aug 23, 2015 at 03:29:01PM -0700, Xin Li wrote:
On 8/23/15 14:55, Pawel Jakub Dawidek wrote:
I used to build world and kernel on one machine and export both
/usr/src/ and
/usr/obj read-only to other machines. It doesn't work anymore (this is
from
'make installworld'):
=== bin/freebsd-version (install)
eval $(egrep '^(TYPE|REVISION|BRANCH)='
/usr/src/bin/freebsd-version/../../sys/conf/newvers.sh) ; if ! sed -e
s/@@TYPE@@/${TYPE}/g; s/@@REVISION@@/${REVISION}/g;
s/@@BRANCH@@/${BRANCH}/g;
/usr/src/bin/freebsd-version/freebsd-version.sh.in freebsd-version.sh
; then rm -f freebsd-version.sh ; exit 1 ; fi
cannot create freebsd-version.sh: Permission denied
rm: freebsd-version.sh: Read-only file system
*** Error code 1
What's the modification times of
/usr/obj/usr/bin/freebsd-version/freebsd-version.sh,
/usr/src/bin/freebsd-version/freebsd-version.sh and
/usr/src/sys/conf/newvers.sh?
I saw it twice, but cannot reproduce it anymore. This is 10.2-RELEASE,
I've send it to current@ by mistake. All in all my expectation is that
we shouldn't modify obj/ during installworld.
Now that I think of it, it might have been that I did
buildworld/buildkernel before -p1. Then freebsd-update updated
newvers.sh and then I was trying to do installworld.
Yes, I can now reproduce it with source updated to -p2.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Read-only /usr/obj/ no longer kosher?
On 08/25/15 14:55, Pawel Jakub Dawidek wrote: Now that I think of it, it might have been that I did buildworld/buildkernel before -p1. Then freebsd-update updated newvers.sh and then I was trying to do installworld. Yes, I can now reproduce it with source updated to -p2. Yes, that's because freebsd-version.sh is generated from the files (but it's not clear to me whether if it's a bug or a feature that 'make install' checks if it's up-to-date and decides to regenerate it...). Cheers, -- Xin LI delp...@delphij.nethttps://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die signature.asc Description: OpenPGP digital signature
Re: Read-only /usr/obj/ no longer kosher?
On Tue, Aug 25, 2015 at 3:21 PM, Xin Li delp...@delphij.net wrote: On 08/25/15 14:55, Pawel Jakub Dawidek wrote: Now that I think of it, it might have been that I did buildworld/buildkernel before -p1. Then freebsd-update updated newvers.sh and then I was trying to do installworld. Yes, I can now reproduce it with source updated to -p2. Yes, that's because freebsd-version.sh is generated from the files (but it's not clear to me whether if it's a bug or a feature that 'make install' checks if it's up-to-date and decides to regenerate it...). It's a quirk for sure. If you change the behavior, people will definitely complain as they will now need to go back and rebuild everything. By and large though, recompiling things is really bad. That's I've seen others do `CC=false CXX=false` when calling installworld. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Kernel panic with fresh current, probably nfs related
On 08/25/15 12:10, Joel Dahl wrote: Seems to work. However, I cannot reproduce the user panic in the first place. What's the scenario that seems to work here? NFS seems happy with/without the patch so I'm not confident in anything we are doing her e. I see several patches here. Which one should I be using? This: Index: sys/dev/e1000/if_em.c === --- sys/dev/e1000/if_em.c (revision 287087) +++ sys/dev/e1000/if_em.c (working copy) @@ -3044,7 +3044,7 @@ em_setup_interface(device_t dev, struct adapter *a if_setioctlfn(ifp, em_ioctl); if_setgetcounterfn(ifp, em_get_counter); /* TSO parameters */ - ifp-if_hw_tsomax = EM_TSO_SIZE; + ifp-if_hw_tsomax = IP_MAXPACKET; ifp-if_hw_tsomaxsegcount = EM_MAX_SCATTER; ifp-if_hw_tsomaxsegsize = EM_TSO_SEG_SIZE; ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Panic on boot during scan with pmspcv
For some reason, it only crops up on UEFI boot. Legacy boot just works. It looks like we're locking a mutex in a struct at NULL. (trap) __mtx_assert+0xdb agtiapi_cam_action+0x45 xpt_action_default+0xbe3(?) scsi_scan_bus+0x1cd xpt_scanner_thread+0x15c ... Fault is at 0x18. http://i.imgur.com/615PC6b.jpg (kgdb) l *(agtiapi_cam_action+0x45) 0x806d4ef5 is in agtiapi_cam_action (/usr/src/sys/dev/pms/freebsd/driver/ini/src/agtiapi.c:1818). Possibly here? 1814 mtx_assert( (pmcsc-pCardInfo-pmIOLock), MA_OWNED ); Best, Conrad ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Read-only /usr/obj/ no longer kosher?
On Sun, Aug 23, 2015 at 03:29:01PM -0700, Xin Li wrote:
On 8/23/15 14:55, Pawel Jakub Dawidek wrote:
I used to build world and kernel on one machine and export both /usr/src/
and
/usr/obj read-only to other machines. It doesn't work anymore (this is from
'make installworld'):
=== bin/freebsd-version (install)
eval $(egrep '^(TYPE|REVISION|BRANCH)='
/usr/src/bin/freebsd-version/../../sys/conf/newvers.sh) ; if ! sed -e
s/@@TYPE@@/${TYPE}/g; s/@@REVISION@@/${REVISION}/g;
s/@@BRANCH@@/${BRANCH}/g;
/usr/src/bin/freebsd-version/freebsd-version.sh.in freebsd-version.sh ;
then rm -f freebsd-version.sh ; exit 1 ; fi
cannot create freebsd-version.sh: Permission denied
rm: freebsd-version.sh: Read-only file system
*** Error code 1
What's the modification times of
/usr/obj/usr/bin/freebsd-version/freebsd-version.sh,
/usr/src/bin/freebsd-version/freebsd-version.sh and
/usr/src/sys/conf/newvers.sh?
I saw it twice, but cannot reproduce it anymore. This is 10.2-RELEASE,
I've send it to current@ by mistake. All in all my expectation is that
we shouldn't modify obj/ during installworld.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://mobter.com
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
