Re: pkg with an ssh repo crashes CURRENT
On Mon, Aug 24, 2015 at 03:20:26PM -0500, Mark Felder wrote: On Thu, Aug 20, 2015, at 17:18, Konstantin Belousov wrote: I guess the process 666 was current when the panic occured ? Basically, what I want is to see the p_reaper value for the process with the pid 667. Even just p_reaper-p_pid is enough. Do you need me to recreate the issue and provide you a matching vmcore and kernel.debug as well as full scrollback before the panic message and ddb output (bt, ps, etc) ? I explained what I need, above. There must be a child of the reaper, and I want to see the reaper of the child. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: ipfw rules for connect port 993
Hello , thank you for your answer. ad1. i send my current firewall rules and record from tcpdump on re0 . My LAN is 172.16.0.0/22 (10... it was easy. I think it does not matter) My second LAN is 192.168.1.0/24(on this network connection to the IMAP port 993 works) My public IP is 86.49.91.98 ad2. Tcpdump on rl0 shows nothing ad3. Yes . I have gateway_enable=YES in /etc/rc.conf ad4. I think yes... PS : Firewall is not my work . I inherited it. Thank you very much Petr Chocholac Dne 24.8.2015 v 15:39 Allan Jude napsal(a): On 2015-08-24 09:05, Petr Chocholáč wrote: Hello, I would like to ask you for advice. I can not connect to imap.gmail.com on port 993 from my local network. My LAN is behind freeBSD server with IPFW. Server has two network cards rl0=Internet and re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without answers. What rules should i create? I tried someting like this, without success: #ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0 Thank you very much for any advice and your patience Petr Chocholáč Brno, Czech Republic ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org We would need to see all of your current firewall rules (ipfw show) You'll want to tcpdump on rl0, to see if the packet is being forwarded. Do you have the machine configured as a gateway? (gateway_enable=YES in /etc/rc.conf) Are you doing NAT (Network Address Translation) to remap the internal (10.0.0.0/16) addresses to your internet routable IP? 00100 9036394 8499055198 allow ip from any to any via lo0 00200 00 deny ip from any to 127.0.0.0/8 00300 00 deny ip from 127.0.0.0/8 to any 00400 134 9313 allow udp from any to 86.49.91.110 dst-port 53 keep-state 00500 00 allow udp from 86.49.91.110 53 to any keep-state 00600 00 allow tcp from 86.49.91.107 to any dst-port 25 setup 00700 00 allow tcp from 86.49.91.98 25 to any dst-port 25 setup 00800 00 allow udp from 86.49.91.110 53 to any keep-state 00900956234 80342962 allow icmp from 86.49.91.98 to any keep-state 01000 17235 1324207 allow icmp from any to 86.49.91.98 keep-state 01100 14068 1530257 allow udp from 86.49.91.98 53 to any keep-state 01200 7759 554809 allow ip from 172.16.0.0/24 to 86.49.91.96/28 01300 94672736 allow ip from 86.49.91.96/28 to 172.16.0.0/24 01400 00 allow ip from 172.16.0.0/16 to 195.113.191.160/28 dst-port 8080,26,5,10943,22,26,3128,61085,514,25,53 01500 00 allow ip from 172.16.0.0/16 to 86.49.91.96/28 dst-port 8080,26,5,10943,22,26,3128,61085,514,25,53,993 01600 72238642 deny log ip from 218.0.0.0/8 to any via rl0 01700 00 deny log ip from 221.6.178.0/24{0-63} to any via rl0 01800 00 deny log ip from 210.68.8.128/25 to any via rl0 0190012 845 deny log ip from 121.8.0.0/13 to any via rl0 02000 00 deny log ip from 58.208.0.0/20 to any via rl0 02100 00 deny log ip from 62.193.235.47 to any via rl0 02200 00 deny log ip from 74.208.164.166 to any via rl0 02300 00 deny log ip from any to 74.208.164.166 02400 00 deny log ip from 61.78.0.0/16 to any via rl0 02500 00 deny log ip from 91.200.108.0/24 to any dst-port 25 via rl0 02600 00 allow ip from 172.16.2.0/24 to any dst-port 53 keep-state 02700 67565 11649052 allow ip from 172.16.2.0/23 to any dst-port 53 keep-state 02800 24017484 allow log logamount 2 udp from 172.16.0.99 to any dst-port 53 out via rl0 keep-state 02900 00 allow log logamount 2 udp from any 53 to 172.16.0.99 in via rl0 keep-state 03000 00 allow log logamount 2 udp from any 53 to 192.168.1.1 in via rl0 keep-state 0310023 1493 allow log logamount 100 udp from 192.168.1.1 53 to any keep-state 03200 00 fwd 172.16.0.99,8080 tcp from 172.16.2.0/24 to any dst-port 80 out via rl0 03300 2543961222167859 fwd 172.16.0.99,8080 tcp from 172.16.2.0/23 to any dst-port 80 out via rl0 03400 00 allow tcp from 172.16.2.0/23 to 172.16.0.2 setup 03500 00 allow tcp from 172.16.2.0/24 to 172.16.0.2 setup 03600 00 allow ip from 172.16.2.0/23 to 172.16.0.2 setup 03700 00 allow ip from 172.16.2.0/24 to 172.16.0.2 setup 03800 00 allow tcp from 172.16.2.0/24 to 192.168.1.1 setup 03900 00 allow tcp from 172.16.2.0/24 to 192.168.1.1 setup 04000 29654 1806084 allow tcp
Re: Kernel panic with fresh current, probably nfs related
On Mon, Aug 24, 2015 at 11:18:00AM -0700, Sean Bruno wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/23/15 18:36, Yonghyeon PYUN wrote: Index: sys/dev/e1000/if_em.c === - --- sys/dev/e1000/if_em.c (revision 287087) +++ sys/dev/e1000/if_em.c (working copy) @@ -3044,7 +3044,7 @@ em_setup_interface(device_t dev, struct adapter *a if_setioctlfn(ifp, em_ioctl); if_setgetcounterfn(ifp, em_get_counter); /* TSO parameters */ - ifp-if_hw_tsomax = EM_TSO_SIZE; + ifp-if_hw_tsomax = IP_MAXPACKET; ifp-if_hw_tsomaxsegcount = EM_MAX_SCATTER; ifp-if_hw_tsomaxsegsize = EM_TSO_SEG_SIZE; Seems to work. However, I cannot reproduce the user panic in the first place. What's the scenario that seems to work here? NFS seems happy with/without the patch so I'm not confident in anything we are doing her e. I see several patches here. Which one should I be using? -- Joel ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Jenkins build is back to normal : Build-UFS-image #2191
See https://jenkins.FreeBSD.org/job/Build-UFS-image/2191/ ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: ipfw rules for connect port 993
On 8/25/15 4:02 PM, Petr Chocholáč wrote: Hello , ignore my previous email, you have answered my questions here. the firewall set you show is pretty horrible. It really needs a rewrite. do you want to block the two LANs from each other or block any machines on the LANs from reaching the firewall? if not then you should start by adding two rules. ipfw add 350 allow ip from any to any in recv {LAN interface} ipfw add 351 allow ip from any to any out xmit {LAN interface} as you do not want to block that traffic.. you should only be looking at traffic on the internet interface.. In your current rule set all the rules are being tested at all interfaces which is a waste of CPU and also makes it very hard to work out what is going on. if you DO want to filter on other interfaces then send traffic for each interface to a different set of rules, incoming and outgoing. for example add 350 skipto 1000 ip from any to any in recv rl0 add 360 skipto 1100 ip from any to any out xmit rl0 add 370 skipto 1200 ip from any to any in recv re0 add 380 skipto 1300 ip from any to any out xmit re0 etc... then at each rule set (1000, 2000, 3000... you only have rules you need for that exact flow.. also you should use a table to hold all the subnets and addresses that are there for example: you have: 08800 00 allow tcp from 85.70.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0 08900 00 allow tcp from 85.71.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0 09000 00 allow tcp from 84.42.232.0/21 to 86.49.91.98 dst-port 443 setup via rl0 09100 00 allow tcp from 84.42.240.0/20 to 86.49.91.98 dst-port 443 setup via rl0 09200 00 allow tcp from 80.188.157.0/24 to 86.49.91.98 dst-port 443 setup via rl0 09300 00 allow tcp from 89.102.9.0/24 to 86.49.91.98 dst-port 443 setup via rl0 09400 00 allow tcp from 89.102.0.0/16 to 86.49.91.98 dst-port 443 setup via rl0 this should all be: allow tcp from table(1) to 86.49.91.98 dst-port 443 setup and it would appear only in the rules to do with incoming packets to rl0 (i.e. in the rules starting with 1000) you would populate the table with: ipfw table 1 add 85.70.0.0/16 ipfw table 1 add 85.71.0.0/16 ipfw table 1 add 84.42.232.0/21 ... etc. I can't actually read your ruleset enough without getting a headache to tell you what is failing. Also you talked about 10.x.x.x in your email, and about 2 interfaces, but later you talked about different addresses and 3 interfaces. can you say what is the actual setup. (you do not have to give your actual internet IP address.. though you already did.. I would replace it with ${OUTSIDE} in the script that makes it.. thank you for your answer. ad1. i send my current firewall rules and record from tcpdump on re0 . My LAN is 172.16.0.0/22 (10... it was easy. I think it does not matter) My second LAN is 192.168.1.0/24(on this network connection to the IMAP port 993 works) My public IP is 86.49.91.98 ad2. Tcpdump on rl0 shows nothing ad3. Yes . I have gateway_enable=YES in /etc/rc.conf ad4. I think yes... PS : Firewall is not my work . I inherited it. Thank you very much Petr Chocholac Dne 24.8.2015 v 15:39 Allan Jude napsal(a): On 2015-08-24 09:05, Petr Chocholáč wrote: Hello, I would like to ask you for advice. I can not connect to imap.gmail.com on port 993 from my local network. My LAN is behind freeBSD server with IPFW. Server has two network cards rl0=Internet and re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without answers. What rules should i create? I tried someting like this, without success: #ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0 Thank you very much for any advice and your patience Petr Chocholáč Brno, Czech Republic ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org We would need to see all of your current firewall rules (ipfw show) You'll want to tcpdump on rl0, to see if the packet is being forwarded. Do you have the machine configured as a gateway? (gateway_enable=YES in /etc/rc.conf) Are you doing NAT (Network Address Translation) to remap the internal (10.0.0.0/16) addresses to your internet routable IP? ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: ipfw rules for connect port 993
On 8/24/15 9:05 PM, Petr Chocholáč wrote: Hello, I would like to ask you for advice. I can not connect to imap.gmail.com on port 993 from my local network. My LAN is behind freeBSD server with IPFW. Server has two network cards rl0=Internet and re0=LAN(10.0.0.0/16). Tcpdump on re0 shows three SYN packets without answers. What rules should i create? I tried someting like this, without success: #ipfw add 01500 allow ip from 10.0.0.0/16 to any in via re0 are you doing nat? the syn packets are going which way? on which interface did you do the tcpdump? what does the rest of the firewall look like? is it a standard one? what are the settings? Thank you very much for any advice and your patience Petr Chocholáč Brno, Czech Republic ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Read-only /usr/obj/ no longer kosher?
On Tue, Aug 25, 2015 at 11:04:37PM +0200, Pawel Jakub Dawidek wrote: On Sun, Aug 23, 2015 at 03:29:01PM -0700, Xin Li wrote: On 8/23/15 14:55, Pawel Jakub Dawidek wrote: I used to build world and kernel on one machine and export both /usr/src/ and /usr/obj read-only to other machines. It doesn't work anymore (this is from 'make installworld'): === bin/freebsd-version (install) eval $(egrep '^(TYPE|REVISION|BRANCH)=' /usr/src/bin/freebsd-version/../../sys/conf/newvers.sh) ; if ! sed -e s/@@TYPE@@/${TYPE}/g; s/@@REVISION@@/${REVISION}/g; s/@@BRANCH@@/${BRANCH}/g; /usr/src/bin/freebsd-version/freebsd-version.sh.in freebsd-version.sh ; then rm -f freebsd-version.sh ; exit 1 ; fi cannot create freebsd-version.sh: Permission denied rm: freebsd-version.sh: Read-only file system *** Error code 1 What's the modification times of /usr/obj/usr/bin/freebsd-version/freebsd-version.sh, /usr/src/bin/freebsd-version/freebsd-version.sh and /usr/src/sys/conf/newvers.sh? I saw it twice, but cannot reproduce it anymore. This is 10.2-RELEASE, I've send it to current@ by mistake. All in all my expectation is that we shouldn't modify obj/ during installworld. Now that I think of it, it might have been that I did buildworld/buildkernel before -p1. Then freebsd-update updated newvers.sh and then I was trying to do installworld. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Read-only /usr/obj/ no longer kosher?
On Tue, Aug 25, 2015 at 11:53:47PM +0200, Pawel Jakub Dawidek wrote: On Tue, Aug 25, 2015 at 11:04:37PM +0200, Pawel Jakub Dawidek wrote: On Sun, Aug 23, 2015 at 03:29:01PM -0700, Xin Li wrote: On 8/23/15 14:55, Pawel Jakub Dawidek wrote: I used to build world and kernel on one machine and export both /usr/src/ and /usr/obj read-only to other machines. It doesn't work anymore (this is from 'make installworld'): === bin/freebsd-version (install) eval $(egrep '^(TYPE|REVISION|BRANCH)=' /usr/src/bin/freebsd-version/../../sys/conf/newvers.sh) ; if ! sed -e s/@@TYPE@@/${TYPE}/g; s/@@REVISION@@/${REVISION}/g; s/@@BRANCH@@/${BRANCH}/g; /usr/src/bin/freebsd-version/freebsd-version.sh.in freebsd-version.sh ; then rm -f freebsd-version.sh ; exit 1 ; fi cannot create freebsd-version.sh: Permission denied rm: freebsd-version.sh: Read-only file system *** Error code 1 What's the modification times of /usr/obj/usr/bin/freebsd-version/freebsd-version.sh, /usr/src/bin/freebsd-version/freebsd-version.sh and /usr/src/sys/conf/newvers.sh? I saw it twice, but cannot reproduce it anymore. This is 10.2-RELEASE, I've send it to current@ by mistake. All in all my expectation is that we shouldn't modify obj/ during installworld. Now that I think of it, it might have been that I did buildworld/buildkernel before -p1. Then freebsd-update updated newvers.sh and then I was trying to do installworld. Yes, I can now reproduce it with source updated to -p2. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Read-only /usr/obj/ no longer kosher?
On 08/25/15 14:55, Pawel Jakub Dawidek wrote: Now that I think of it, it might have been that I did buildworld/buildkernel before -p1. Then freebsd-update updated newvers.sh and then I was trying to do installworld. Yes, I can now reproduce it with source updated to -p2. Yes, that's because freebsd-version.sh is generated from the files (but it's not clear to me whether if it's a bug or a feature that 'make install' checks if it's up-to-date and decides to regenerate it...). Cheers, -- Xin LI delp...@delphij.nethttps://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die signature.asc Description: OpenPGP digital signature
Re: Read-only /usr/obj/ no longer kosher?
On Tue, Aug 25, 2015 at 3:21 PM, Xin Li delp...@delphij.net wrote: On 08/25/15 14:55, Pawel Jakub Dawidek wrote: Now that I think of it, it might have been that I did buildworld/buildkernel before -p1. Then freebsd-update updated newvers.sh and then I was trying to do installworld. Yes, I can now reproduce it with source updated to -p2. Yes, that's because freebsd-version.sh is generated from the files (but it's not clear to me whether if it's a bug or a feature that 'make install' checks if it's up-to-date and decides to regenerate it...). It's a quirk for sure. If you change the behavior, people will definitely complain as they will now need to go back and rebuild everything. By and large though, recompiling things is really bad. That's I've seen others do `CC=false CXX=false` when calling installworld. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Kernel panic with fresh current, probably nfs related
On 08/25/15 12:10, Joel Dahl wrote: Seems to work. However, I cannot reproduce the user panic in the first place. What's the scenario that seems to work here? NFS seems happy with/without the patch so I'm not confident in anything we are doing her e. I see several patches here. Which one should I be using? This: Index: sys/dev/e1000/if_em.c === --- sys/dev/e1000/if_em.c (revision 287087) +++ sys/dev/e1000/if_em.c (working copy) @@ -3044,7 +3044,7 @@ em_setup_interface(device_t dev, struct adapter *a if_setioctlfn(ifp, em_ioctl); if_setgetcounterfn(ifp, em_get_counter); /* TSO parameters */ - ifp-if_hw_tsomax = EM_TSO_SIZE; + ifp-if_hw_tsomax = IP_MAXPACKET; ifp-if_hw_tsomaxsegcount = EM_MAX_SCATTER; ifp-if_hw_tsomaxsegsize = EM_TSO_SEG_SIZE; ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Panic on boot during scan with pmspcv
For some reason, it only crops up on UEFI boot. Legacy boot just works. It looks like we're locking a mutex in a struct at NULL. (trap) __mtx_assert+0xdb agtiapi_cam_action+0x45 xpt_action_default+0xbe3(?) scsi_scan_bus+0x1cd xpt_scanner_thread+0x15c ... Fault is at 0x18. http://i.imgur.com/615PC6b.jpg (kgdb) l *(agtiapi_cam_action+0x45) 0x806d4ef5 is in agtiapi_cam_action (/usr/src/sys/dev/pms/freebsd/driver/ini/src/agtiapi.c:1818). Possibly here? 1814 mtx_assert( (pmcsc-pCardInfo-pmIOLock), MA_OWNED ); Best, Conrad ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Read-only /usr/obj/ no longer kosher?
On Sun, Aug 23, 2015 at 03:29:01PM -0700, Xin Li wrote: On 8/23/15 14:55, Pawel Jakub Dawidek wrote: I used to build world and kernel on one machine and export both /usr/src/ and /usr/obj read-only to other machines. It doesn't work anymore (this is from 'make installworld'): === bin/freebsd-version (install) eval $(egrep '^(TYPE|REVISION|BRANCH)=' /usr/src/bin/freebsd-version/../../sys/conf/newvers.sh) ; if ! sed -e s/@@TYPE@@/${TYPE}/g; s/@@REVISION@@/${REVISION}/g; s/@@BRANCH@@/${BRANCH}/g; /usr/src/bin/freebsd-version/freebsd-version.sh.in freebsd-version.sh ; then rm -f freebsd-version.sh ; exit 1 ; fi cannot create freebsd-version.sh: Permission denied rm: freebsd-version.sh: Read-only file system *** Error code 1 What's the modification times of /usr/obj/usr/bin/freebsd-version/freebsd-version.sh, /usr/src/bin/freebsd-version/freebsd-version.sh and /usr/src/sys/conf/newvers.sh? I saw it twice, but cannot reproduce it anymore. This is 10.2-RELEASE, I've send it to current@ by mistake. All in all my expectation is that we shouldn't modify obj/ during installworld. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://mobter.com ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org