From owner-freebsd-questions@freebsd.org Sun Aug 29 18:25:35 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 30525662CE5 for ; Sun, 29 Aug 2021 18:25:35 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "dreamchaser.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GyMML1LsZz4kpN for ; Sun, 29 Aug 2021 18:25:34 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id 17TIPPqI059953 for ; Sun, 29 Aug 2021 12:25:25 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) To: FreeBSD Mailing List Reply-To: freebsd@dreamchaser.org From: Gary Aitken Subject: py38-pyside2-tools? Message-ID: Date: Sun, 29 Aug 2021 12:25:25 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (nightmare.dreamchaser.org [192.168.151.101]); Sun, 29 Aug 2021 12:25:25 -0600 (MDT) X-Rspamd-Queue-Id: 4GyMML1LsZz4kpN X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@dreamchaser.org designates 66.109.141.57 as permitted sender) smtp.mailfrom=freebsd@dreamchaser.org X-Spamd-Result: default: False [-2.30 / 15.00]; HAS_REPLYTO(0.00)[freebsd@dreamchaser.org]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_NA(0.00)[dreamchaser.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:21947, ipnet:66.109.128.0/19, country:US]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Aug 2021 18:25:35 -0000 I'm trying to build a development version of FreeCAD, so have a modified Makefile... With USES= "...python:3.6+..." it builds ok and uses py37-pyside2-5.15.2. It's supposed to be built using python 3.8, so I changed USES to python:3.8+. However, that results in: ===> FreeCAD-m depends on package: py38-pyside2-tools>5.14.0 - not found ===> py38-pyside2-tools-5.15.2 Unknown flavor 'py38', possible flavors: py37. The Makefile specifies: BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyside2-tools>5.14.0:devel/pyside2-tools@${PY_FLAVOR} ... and LIB_DEPENDS= ... libpyside2.cpython-${PYTHON_SUFFIX}${PYTHON_ABIVER}.so:devel/pyside2@${PY_FLAVOR} I tried looking in devel and see: pyside2 pyside2-tools pkg info | grep py37 shows a boatload (79) files, including: py37-pyside2-5.15.2 Python Qt bindings for Qt 5.12+ py37-pyside2-tools-5.15.2 Pyside2 development tools pkg info | grep py38 shows only $ pkg info | grep py38 py38-cython-0.29.21 Compiler for Writing C Extensions for the Python Language py38-numpy-1.16.6,1 The New Numeric Extension to Python py38-setuptools-44.0.0 Python packages installer py38-sqlite3-3.8.7_7 Standard Python binding to the SQLite3 library (Python 3.8) py38-tkinter-3.8.7_6 Python bindings to the Tk widget set (Python 3.8) I don't know squat about how python works... Hints? I'm on amd64 11.4 RELEASE Gary From owner-freebsd-questions@freebsd.org Sun Aug 29 19:00:22 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1E478664ABB for ; Sun, 29 Aug 2021 19:00:22 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GyN7T1HZSz4tn5 for ; Sun, 29 Aug 2021 19:00:20 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-wr1-x42b.google.com with SMTP id n5so19089919wro.12 for ; Sun, 29 Aug 2021 12:00:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ha0AFQ09kHHlbLCE39qI73wiq19cSQFZVweXTxL8amU=; b=atCvF3vOWwn0+1S1nTekQ5gGwSalH4UJYBspzreZZNOJ5oP1Wuai6HsnBEq5IaeMw3 2Pua0h+3ahCBtRqZ6AbXWqldexMjW6nDRqDsLlsxaSZMnRN9imuQvy0uLUUeLxgYa67+ lGXrub8VvNIY6yZMP1wV/DmRI2HkARK3egPozWnnjK01F8c2TYq2vhHU/ZwULsESKECA H2tToWA+GdTlP8cTzPTgPNdvWmJnDQArog7lDFIjIFN9qnQPB6aGxH8N9jOgmZ1/rt0q 9Uw2Gf4Ypg/nOobGocPBpkHIOiLFh6clsG+ZjLp0fpDPdHCLo7MrN/sJZNmidohLjHSH fa3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ha0AFQ09kHHlbLCE39qI73wiq19cSQFZVweXTxL8amU=; b=Yo0jg0MLlf1s/e/WlTDmC3EX/cA6Nr9fTsHJ1B/Hoy3usf/Frdy+DdUGS0jnykOZ3B +lvmTKq+xGZigEMMyJ7CZy1kd4S8UlitsmlkL87b5AQQEYxr1ny+lhqul7RsToMbarm/ hip88voGUsVFoTsfc0WPwUouuXNi490fPo9Tb3K06ERz+T5WLlvlk4e/FIpnylb7BdEg lMMX2J7psLQbuHO2UWeRjItCXfNNOCM/n3+zaW7sDIF1m2WXJNjFVAcSjtKdKegbIUtU HvGCNKfQSJ3SE7T78zx2idt66SWeQdU7AbEONsqwRN2DMoYMTR4vlA/kYFiTCxVjinKt psQA== X-Gm-Message-State: AOAM530u+NW4XgBEpjCOLHkJOR4a9hrWsmblUthKnM9/M3i8ZHFBBInJ o+CaotuZ3BTeoh7APK7GeRV0fOd8/MlGo2R/5DDrhZIvRJzERQ== X-Google-Smtp-Source: ABdhPJz8jo69/pZ+Z/sRH1DgNqEYOx/V2rhACgEZGK9MpcsFFlTw0Nx8zfmpgq3LYAoXZXMUc0xThrD1rlXPEEZYRfk= X-Received: by 2002:a05:6000:1569:: with SMTP id 9mr22324245wrz.242.1630263612610; Sun, 29 Aug 2021 12:00:12 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Tomasz CEDRO Date: Sun, 29 Aug 2021 20:59:40 +0200 Message-ID: Subject: Re: py38-pyside2-tools? To: Gary Aitken Cc: FreeBSD Mailing List Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4GyN7T1HZSz4tn5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=atCvF3vO; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2a00:1450:4864:20::42b) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-2.30 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cedro.info]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::42b:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Aug 2021 19:00:22 -0000 On Sun, Aug 29, 2021 at 8:25 PM Gary Aitken wrote: > > I'm trying to build a development version of FreeCAD, so have a modified > Makefile... > > With USES= "...python:3.6+..." it builds ok and uses py37-pyside2-5.15.2. > > It's supposed to be built using python 3.8, so I changed USES to python:3.8+. > However, that results in: > ===> FreeCAD-m depends on package: py38-pyside2-tools>5.14.0 - not found > ===> py38-pyside2-tools-5.15.2 Unknown flavor 'py38', possible flavors: py37. > > The Makefile specifies: > BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyside2-tools>5.14.0:devel/pyside2-tools@${PY_FLAVOR} ... > and > LIB_DEPENDS= ... > libpyside2.cpython-${PYTHON_SUFFIX}${PYTHON_ABIVER}.so:devel/pyside2@${PY_FLAVOR} > > I tried looking in devel and see: > pyside2 > pyside2-tools > > pkg info | grep py37 shows a boatload (79) files, including: > py37-pyside2-5.15.2 Python Qt bindings for Qt 5.12+ > py37-pyside2-tools-5.15.2 Pyside2 development tools > > pkg info | grep py38 shows only > $ pkg info | grep py38 > py38-cython-0.29.21 Compiler for Writing C Extensions for the Python Language > py38-numpy-1.16.6,1 The New Numeric Extension to Python > py38-setuptools-44.0.0 Python packages installer > py38-sqlite3-3.8.7_7 Standard Python binding to the SQLite3 library (Python 3.8) > py38-tkinter-3.8.7_6 Python bindings to the Tk widget set (Python 3.8) > > I don't know squat about how python works... > Hints? > > I'm on amd64 11.4 RELEASE > Gary Hey Gary :-) You seem to have py37 pyside2 installed so it wants to use this package. Have you tried upgrading to py38-pyside2 ? It should use that package then. It would be best to upgrade all python related packages to use py38 and the problem should be gone :-) If you use pkg then 'pkg update; pkg upgrade' should do the job :-) If you use ports then probably you will have to update python to 3.8 in the first place and use it as default. There is a Handbook manual page on Flavors including Python setup for a Port: https://docs.freebsd.org/en/books/porters-handbook/flavors/ Good luck :-) -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-questions@freebsd.org Sun Aug 29 20:15:33 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CEC8666779A for ; Sun, 29 Aug 2021 20:15:33 +0000 (UTC) (envelope-from doug@safeport.com) Received: from freeport.safeport.com (freeport.safeport.com [147.160.157.114]) by mx1.freebsd.org (Postfix) with ESMTP id 4GyPpF22pxz3ms5 for ; Sun, 29 Aug 2021 20:15:33 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [198.74.231.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by freeport.safeport.com (Postfix) with ESMTPS id 86A07EB828; Sun, 29 Aug 2021 16:08:36 -0400 (EDT) Date: Sun, 29 Aug 2021 16:08:44 -0400 (EDT) From: Doug Denault To: freebsd-questions@FreeBSD.ORG cc: Christopher Denault Subject: wp allocates a file grouped to wheel Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Rspamd-Queue-Id: 4GyPpF22pxz3ms5 X-Spamd-Bar: ++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of doug@safeport.com does not designate 147.160.157.114 as permitted sender) smtp.mailfrom=doug@safeport.com X-Spamd-Result: default: False [6.46 / 15.00]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all:c]; GREYLIST(0.00)[pass,body]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[safeport.com]; NEURAL_SPAM_MEDIUM(0.96)[0.965]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; VIOLATED_DIRECT_SPF(3.50)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(1.00)[1.000]; NEURAL_HAM_SHORT(-0.00)[-0.001]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6405, ipnet:147.160.157.0/24, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Aug 2021 20:15:33 -0000 I am running FreeBSD 11.4, php7.4 and apache2.4. Images uploaded using core wordpress functions are grouped to wheel. This only happens with images, other files are as they should (IMO) be. Apache is running grouped to www, the php-fpm master runs grouped to wheel, the fpm user processes run with the uid:gid of the user. I take this to mean that wordpress/php/fpm spawns a process running at least gid-ed as wheel as the process must be a member of the wheel group to create files grouped to wheel. Is this correct? _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 From owner-freebsd-questions@freebsd.org Sun Aug 29 21:01:35 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 39FF5668056 for ; Sun, 29 Aug 2021 21:01:35 +0000 (UTC) (envelope-from doug@safeport.com) Received: from freeport.safeport.com (freeport.safeport.com [147.160.157.114]) by mx1.freebsd.org (Postfix) with ESMTP id 4GyQqL2BnFz4X8W for ; Sun, 29 Aug 2021 21:01:34 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [198.74.231.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by freeport.safeport.com (Postfix) with ESMTPS id D23ECEBA99 for ; Sun, 29 Aug 2021 17:01:33 -0400 (EDT) Date: Sun, 29 Aug 2021 17:01:42 -0400 (EDT) From: Doug Denault To: freebsd-questions@FreeBSD.ORG Subject: Re: wp allocates a file grouped to wheel In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Rspamd-Queue-Id: 4GyQqL2BnFz4X8W X-Spamd-Bar: +++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of doug@safeport.com does not designate 147.160.157.114 as permitted sender) smtp.mailfrom=doug@safeport.com X-Spamd-Result: default: False [7.50 / 15.00]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all:c]; GREYLIST(0.00)[pass,meta]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROMTLD(0.00)[]; VIOLATED_DIRECT_SPF(3.50)[]; NEURAL_SPAM_LONG(1.00)[1.000]; DMARC_NA(0.00)[safeport.com]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6405, ipnet:147.160.157.0/24, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Aug 2021 21:01:35 -0000 On Sun, 29 Aug 2021, Doug Denault wrote: > I am running FreeBSD 11.4, php7.4 and apache2.4. Images uploaded using core > wordpress functions are grouped to wheel. This only happens with images, > other files are as they should (IMO) be. Apache is running grouped to www, > the php-fpm master runs grouped to wheel, the fpm user processes run with the > uid:gid of the user. I take this to mean that wordpress/php/fpm spawns a > process running at least gid-ed as wheel as the process must be a member of > the wheel group to create files grouped to wheel. Is this correct? Boo on me. creating a file in /tmp/ is owned as uid:wheel. _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 From owner-freebsd-questions@freebsd.org Mon Aug 30 02:27:00 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 22E0E66E61B for ; Mon, 30 Aug 2021 02:27:00 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "xray.he.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GyZ2q0LCcz3Pg5 for ; Mon, 30 Aug 2021 02:26:58 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1630290407; bh=8gmDmYhgOy2m1olQ1Vv8n45WhTIFxRN5Tc6s2yuTHRQ=; h=Received:To:From:Subject:Message-ID:Date:User-Agent:MIME-Version: Content-Type:Content-Language:Content-Transfer-Encoding; b=IPaDLaKDO8WSA4FtgPRJKdQ1Ie97PQXLjHC4Nrc3Bv/VIS5D8m4PoEqGzShm8MWER MqDhMXCX/OOI/NWoNOuhuN7lGu9FQHHrJrsKH5KCpUCjl8UpcIBZk3Op7udaSWu8C8 nEJB9JwAuj/y9qi5eqWCymboyvfFcf7xHluKFN+9kogL7dAyd8Eu7eckFJWsTtBiNP JXP9ksqhwS/XQUg4TbpqQPM+Ug7JHWxv6dh131Bd7tDBhTDhmr7R+TQp8yVuV50VDj lIEpTlJnGo5kHaDt7/PEdkeTkkcmAOM/rwCpkPglrftWHiI65tWrhdRVO9amKPRudM HJDigh0nqHy+zplIXzdpQPmNXRaTyLpRaglbqbC6DVhTy8kXamPaorTfPwdr69S6tL 0O3lGwBRSPhorzT4srOD47pYWl4u0lvCyZoZzN4200eYbDSiu4ReFrVi/QGl9M8mFD mjiV0r9guoWtfa6+nBDTFVZa1fSWFhL81aNtnHZswnVzwO5gD7A5OdeNjmT+bBD0qp npw1g5imw5F9s3LZraElQOMfIDOOMRHjJNB/ZvcLVpojHxRzGYGWhsOXb4IQuCMLfw a5g2ySc6Fi7ZfcOaqP0g2/o+FFHCQKH8S9HKHZ7te7CssO0HET4jtpDVhpiU871zb2 DdU05Ak/oH4m5VSrRX8BwagM= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Sun, 29 Aug 2021 19:26:47 -0700 To: freebsd-questions@freebsd.org From: David Christensen Subject: FreeBSD 12.2-RELEASE-p9 trim: open failed: /dev/ada0: Operation not permitted Message-ID: Date: Sun, 29 Aug 2021 19:26:45 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4GyZ2q0LCcz3Pg5 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b=IPaDLaKD; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 184.105.128.27 as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-3.95 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[holgerdanske.com:+]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; NEURAL_HAM_SHORT(-0.95)[-0.953]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 02:27:00 -0000 freebsd-questions: I have a computer with FreeBSD: 2021-08-29 19:14:07 toor@f1 ~ # freebsd-version ; uname -a 12.2-RELEASE-p9 FreeBSD f1.tracy.holgerdanske.com 12.2-RELEASE-p7 FreeBSD 12.2-RELEASE-p7 GENERIC amd64 The system disk is an SSD: 2021-08-29 19:18:53 toor@f1 ~ # camcontrol devlist | grep ada0 at scbus0 target 0 lun 0 (ada0,pass0) I would like to trim the SSD, but trim(8) is not happy: 2021-08-29 19:22:36 toor@f1 ~ # trim -f /dev/ada0 trim /dev/ada0 offset 0 length 60022480896 trim: open failed: /dev/ada0: Operation not permitted Suggestions? David From owner-freebsd-questions@freebsd.org Mon Aug 30 03:55:06 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8033B66F959 for ; Mon, 30 Aug 2021 03:55:06 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gyc0T0yQCz4ZRf for ; Mon, 30 Aug 2021 03:55:05 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1630295695; bh=6LImd7YET4+6bOo8ctSk+yfNK3WDxhQ5xCDxgRK179Y=; h=Received:Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding; b=yXerKk7fjAaTFzSv3saZCLNs9NXdFGbOhv8O1+hbVM6K/+dN7M2tukeIZ6jZM1FPV RqqnXrOgh84Vi3i/3nC8OmXIv6OiHVSM+LXkCJPONMliI9R9SHItfDUjqHrXlHKOu/ T1WyzCeCU/8TtWgxElzfyChEQKmt9xtP5GLIdY8ATqEqd+xsvc+AkJae8rv7RwcEi0 vIRHTt8o/BkgmenFEEvLIp4naMOEOwzj0HVRb3NGDIf7Ne/RLSYTO9atnt56NF2Cvr OltVL65fiSaJpxP7Nl0av2aeJK2UNkWNt78RMhk/wMn5jBVmbuFfin37VzpbjHxTif NWarzuhg/rx7uXUhwWAQ5xB8qJhxKjgmookSnHdjxx0udYxMgXnL3GcEBXplbJskwS DkSq3kBs/ASz9jfs1ZW10PA+Y4Ooqg/Spdg46bkl+LPjnbwN1xAEJLBPnED0CK8TLZ pS+ka6OHyjcNejPS7Ga3Na6TrFthyTRH2QWCk9BudiuXLSmd9h3tGcA4Bz6MzCEgV7 iZRc7Cwi8P6T9HdB4ZWwVUqAFPM7Y4VaS1gXQTWMrTrrtf90S+pwv8ZK2odMFtNnZK cKPkJHsy5iBHpHMhiR8sQ89ta30mdmqpSNAcl8p/l1ScaYHhXr/mccU0re0BlH1+Eq LWcvC5Gi89/3lSQFHPWQg78M= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Sun, 29 Aug 2021 20:54:55 -0700 Subject: Re: FreeBSD 12.2-RELEASE-p9 trim: open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: From: David Christensen Message-ID: Date: Sun, 29 Aug 2021 20:54:50 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4Gyc0T0yQCz4ZRf X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b=yXerKk7f; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 2001:470:0:19b::b869:801b as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-2.12 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a:november.he.net]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_SPAM_SHORT(0.88)[0.885]; DKIM_TRACE(0.00)[holgerdanske.com:+]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 03:55:06 -0000 On 8/29/21 7:26 PM, David Christensen wrote: > freebsd-questions: > > I have a computer with FreeBSD: > > 2021-08-29 19:14:07 toor@f1 ~ > # freebsd-version ; uname -a > 12.2-RELEASE-p9 > FreeBSD f1.tracy.holgerdanske.com 12.2-RELEASE-p7 FreeBSD > 12.2-RELEASE-p7 GENERIC  amd64 > > > The system disk is an SSD: > > 2021-08-29 19:18:53 toor@f1 ~ > # camcontrol devlist | grep ada0 >          at scbus0 target 0 lun 0 (ada0,pass0) > > > I would like to trim the SSD, but trim(8) is not happy: > > 2021-08-29 19:22:36 toor@f1 ~ > # trim -f /dev/ada0 > trim /dev/ada0 offset 0 length 60022480896 > trim: open failed: /dev/ada0: Operation not permitted > > > Suggestions? > > > David STFW I found: https://forums.freebsd.org/threads/freebsd-10-trim-for-zfs.44803/ Checking my system: 2021-08-29 20:51:20 toor@f3 ~ # camcontrol identify ada0 | grep -i trim Data Set Management (DSM/TRIM) yes So, SSD trim is enabled (?). David From owner-freebsd-questions@freebsd.org Mon Aug 30 05:08:40 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C4F8D670507 for ; Mon, 30 Aug 2021 05:08:40 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GyddN0Lhjz4syy for ; Mon, 30 Aug 2021 05:08:40 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wr1-x435.google.com with SMTP id b6so20560342wrh.10 for ; Sun, 29 Aug 2021 22:08:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=vQGEj/ZgvZGY56m2fIxTOzbWCoPB5P27o+tIIYO47MY=; b=p7UW3df4sm8qDMwo0p14quFajHUdE9ceHpWYZOlz4zRCezmAsL7UHFsykbRu1MH1G+ jwYFBtFMgdsEQEgJ1ToiyjL/mXLFIBI80OyEDpYMLdhiAChuFwhxRJd3LTz++uDzLU9B uge242rkWTq4TXjYI92Pr3Unp4NH3R0PYExxnfhoES4Nxydtzp/p9WE1amMRjsgGXq1T tNXUJb5RwxprgHYy1LPPkIv8jqZJJmK1IxKOWLRi/54vm6ysR862zWUjnwDL3jboytNV SLilrmDL/yiqBnSp/mo+OW4wCBHgU0R19Bx2LdFwSCuvAT7i4Z8IyXQFVgxvQOWQ8X8V u9mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=vQGEj/ZgvZGY56m2fIxTOzbWCoPB5P27o+tIIYO47MY=; b=t1izEOfUu2NQ0IE0dbyuPyaqrBXZWEnWvqA3NkDkqslup7VsUiVaKVv6aRH1qFBu+Z FsSITo3LjT6s3k+LEeQAP0e2f9VVzLgeFf6mnpBQt5o8amfPfFMs4kx7YoPcQtaIT0te Z4xnrILWa4QhkrfRM0oWE5jjfX7IuiO4BmrYWBBP5fs1ln6jb/d6O0/lOTu1i1YP6aDN VZYPFZCirZWymq877Cga+Ik3MSuAMlYea804nC3KNHGpRzdV6LuH1N37y02yAmMHK/aQ /xMGDds/m+tNtxVm5vxeKb2mu5B0sOD3/ir99+H9/YoTOD5a/zoDZD1VPFkmliALT4TP 2D0A== X-Gm-Message-State: AOAM5308JeVRx9ddqWEds4mGcBgkIAZn17bIxLKHI5WSFHTJs532IyDH hziJOkuaQ2xC+Rbtpal8b1H++Qprjse35A== X-Google-Smtp-Source: ABdhPJxOjD2WjaKuTpEnQGVhcFREABXYF2GmskfC09j79W5zH/QnIcFWWUYfly13ph0rxiroZk0PwA== X-Received: by 2002:adf:dcc7:: with SMTP id x7mr23443849wrm.173.1630300118497; Sun, 29 Aug 2021 22:08:38 -0700 (PDT) Received: from ?IPv6:2001:470:1f1c:a0::2? (tunnel642390-pt.tunnel.tserv1.lon2.ipv6.he.net. [2001:470:1f1c:a0::2]) by smtp.gmail.com with ESMTPSA id o2sm8912022wrh.13.2021.08.29.22.08.37 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 29 Aug 2021 22:08:38 -0700 (PDT) Subject: Re: FreeBSD 12.2-RELEASE-p9 trim: open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: From: Graham Perrin Message-ID: Date: Mon, 30 Aug 2021 06:08:37 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB X-Rspamd-Queue-Id: 4GyddN0Lhjz4syy X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=p7UW3df4; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::435 as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::435:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 05:08:40 -0000 On 30/08/2021 04:54, David Christensen wrote: > On 8/29/21 7:26 PM, David Christensen wrote: >> freebsd-questions: >> >> I have a computer with FreeBSD: >> >> 2021-08-29 19:14:07 toor@f1 ~ >> # freebsd-version ; uname -a >> 12.2-RELEASE-p9 >> FreeBSD f1.tracy.holgerdanske.com 12.2-RELEASE-p7 FreeBSD >> 12.2-RELEASE-p7 GENERIC  amd64 >> >> >> The system disk is an SSD: >> >> 2021-08-29 19:18:53 toor@f1 ~ >> # camcontrol devlist | grep ada0 >>          at scbus0 target 0 lun 0 (ada0,pass0) >> >> >> I would like to trim the SSD, but trim(8) is not happy: >> >> 2021-08-29 19:22:36 toor@f1 ~ >> # trim -f /dev/ada0 >> trim /dev/ada0 offset 0 length 60022480896 >> trim: open failed: /dev/ada0: Operation not permitted >> >> >> Suggestions? >> >> >> David > > > STFW I found: > > https://forums.freebsd.org/threads/freebsd-10-trim-for-zfs.44803/ > > > Checking my system: > > 2021-08-29 20:51:20 toor@f3 ~ > # camcontrol identify ada0 | grep -i trim > Data Set Management (DSM/TRIM) yes > > > So, SSD trim is enabled (?). Given your link to the ZFS-related post, I assume that you use ZFS on the device. If so: with or without OpenZFS kernel module? I see that with FreeBSD 14.0-CURRENT, this occurs: trim: open failed: /dev/da7: Operation not permitted – when, for example, a partition within the device is a cache vdev for a pool. From owner-freebsd-questions@freebsd.org Mon Aug 30 06:37:58 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E9475671492 for ; Mon, 30 Aug 2021 06:37:58 +0000 (UTC) (envelope-from freebsd-questions@freebsd.org) Received: from nodset0.westsarproperty.com (nodset0.westsarproperty.com [91.194.55.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GygcQ41tqz3qK4 for ; Mon, 30 Aug 2021 06:37:58 +0000 (UTC) (envelope-from freebsd-questions@freebsd.org) From: Notice To: freebsd-questions@freebsd.org Subject: [Important] Confirm freebsd-questions@freebsd.org | 8/30/2021 6:37:56 a.m. Date: 30 Aug 2021 06:37:56 +0000 Message-ID: <20210830063756.D97982DD4A7056D4@freebsd.org> X-Rspamd-Queue-Id: 4GygcQ41tqz3qK4 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[freebsd.org]; ASN(0.00)[asn:209737, ipnet:91.194.55.0/24, country:TR] MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 06:37:59 -0000 From owner-freebsd-questions@freebsd.org Mon Aug 30 07:37:27 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 552C267230E for ; Mon, 30 Aug 2021 07:37:27 +0000 (UTC) (envelope-from noreply-activity@freebsd.org) Received: from freebsd.org (pppoe-static.82.209.221.201.telecom.mogilev.by [82.209.221.201]) by mx1.freebsd.org (Postfix) with ESMTP id 4Gyhx23tmRz4gBc for ; Mon, 30 Aug 2021 07:37:26 +0000 (UTC) (envelope-from noreply-activity@freebsd.org) From: freebsd.org Mail Accounts To: freebsd-questions@freebsd.org Subject: New login to freebsd-questions@freebsd.org from Safari on Mac OS Date: 30 Aug 2021 10:37:17 +0300 Message-ID: <20210830103717.B5A97D0813DD024B@freebsd.org> X-Rspamd-Queue-Id: 4Gyhx23tmRz4gBc X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[freebsd.org]; ASN(0.00)[asn:6697, ipnet:82.209.192.0/18, country:BY] MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 07:37:27 -0000 From owner-freebsd-questions@freebsd.org Mon Aug 30 07:45:46 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A74E67239F for ; Mon, 30 Aug 2021 07:45:46 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gyj6d3ck5z4j7d for ; Mon, 30 Aug 2021 07:45:45 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1630309542; bh=wXiq7wb0z5cZGdEUrdkjYgUT/Nsqsu/8ExLNQcWGT00=; h=Received:Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding; b=DMFZFcG1owK91AIEQ55Skpc90vQCkgio4GVH9duewPC413TppjgwAWHQ201D8bBQY j7H7j/GPymh7M0Hf+81pe5NMhlS1ojBhZ6z3D7eVk5sH/ZNY2ONYLQwpRp6+kok1Gy cr8ClFbn5wByw2IIpty4qCTzc+HKmYBrtW2ZyMdpBSqU7B7OMdb8FHLxN+mvDtbSiR lQ75Tf4CkivwRG8LgcJHsgJmR6yjU2lbAwQpuSg8Oi5v3yEoGugWhBG4ELpCqIGmZD KbWF4eaqPLkfMOGgJGiLNXickyo/R2aWFcmOJvF+c3lTmtgdzsmc/rR9GjWmT6Z8ga GGbm9C4iSpWFvZ3TTF8XLz0yikul9qAI+5boduyWHcbUIj9I6/Vd5SRZjC9KnhC4vt 7HuZhz2BN0H656RuSWL9z4BxuXte4YYGwYhjnNDSC5jZF8j1XBpPIHv1zk4vPa1JZP y8UkgdyynkcgWJPs5GUpx/zEo7fvOyVz99y6yi46PVqhsRr6MnLzf29dEPvtKndazc j1xhrqx2wkQHZ0SU2nwrq294YYcNp4LREsk3IaXupfsTcbKTOh7EkqzTTcseD4oW0I YgB84tWgTb2vs0bdkE6CAOtPSO4RKpxEhbbTgoZ3hxutEdZWjjXpqodoyaj0eAojBV A1b4DMMlWgMpGkKrQWQZ5sqY= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Mon, 30 Aug 2021 00:45:42 -0700 Subject: Re: FreeBSD 12.2-RELEASE-p9 trim: open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: From: David Christensen Message-ID: Date: Mon, 30 Aug 2021 00:45:41 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4Gyj6d3ck5z4j7d X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b=DMFZFcG1; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 2001:470:0:19b::b869:801b as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-3.14 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a:november.he.net]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[holgerdanske.com:+]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; NEURAL_HAM_SHORT(-0.14)[-0.144]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 07:45:46 -0000 On 8/29/21 10:08 PM, Graham Perrin wrote: > On 30/08/2021 04:54, David Christensen wrote: >> On 8/29/21 7:26 PM, David Christensen wrote: >>> freebsd-questions: >>> >>> I have a computer with FreeBSD: >>> >>> 2021-08-29 19:14:07 toor@f1 ~ >>> # freebsd-version ; uname -a >>> 12.2-RELEASE-p9 >>> FreeBSD f1.tracy.holgerdanske.com 12.2-RELEASE-p7 FreeBSD >>> 12.2-RELEASE-p7 GENERIC  amd64 >>> >>> >>> The system disk is an SSD: >>> >>> 2021-08-29 19:18:53 toor@f1 ~ >>> # camcontrol devlist | grep ada0 >>>          at scbus0 target 0 lun 0 (ada0,pass0) >>> >>> >>> I would like to trim the SSD, but trim(8) is not happy: >>> >>> 2021-08-29 19:22:36 toor@f1 ~ >>> # trim -f /dev/ada0 >>> trim /dev/ada0 offset 0 length 60022480896 >>> trim: open failed: /dev/ada0: Operation not permitted >>> >>> >>> Suggestions? >>> >>> >>> David >> >> >> STFW I found: >> >> https://forums.freebsd.org/threads/freebsd-10-trim-for-zfs.44803/ >> >> >> Checking my system: >> >> 2021-08-29 20:51:20 toor@f3 ~ >> # camcontrol identify ada0 | grep -i trim >> Data Set Management (DSM/TRIM) yes >> >> >> So, SSD trim is enabled (?). > > Given your link to the ZFS-related post, I assume that you use ZFS on > the device. Thank you for the reply. :-) Yes. The system was created with FreeBSD-12.1-RELEASE-amd64-memstick on a USB flash drive with ZFS boot, encrypted swap, and encrypted ZFS root. > If so: with or without OpenZFS kernel module? ZFS kernel module is loaded: 2021-08-30 00:30:42 toor@f3 ~ # kldstat Id Refs Address Size Name 1 23 0xffffffff80200000 227ae98 kernel 2 1 0xffffffff8247c000 1e7b0 geom_eli.ko 3 2 0xffffffff8249b000 a448 opensolaris.ko 4 1 0xffffffff824a8000 ee98 aesni.ko 5 1 0xffffffff824b7000 3bad38 zfs.ko 6 1 0xffffffff82872000 27c00 geom_mirror.ko 7 1 0xffffffff8289a000 27ce8 fuse.ko 8 1 0xffffffff82b21000 acf mac_ntpd.ko > I see that with > FreeBSD 14.0-CURRENT, this occurs: > > trim: open failed: /dev/da7: Operation not permitted > > – when, for example, a partition within the device is a cache vdev for a > pool. Okay. David From owner-freebsd-questions@freebsd.org Mon Aug 30 09:16:27 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 84E206734F6 for ; Mon, 30 Aug 2021 09:16:27 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gyl7G5bStz3Qsy for ; Mon, 30 Aug 2021 09:16:26 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wm1-x32c.google.com with SMTP id o39-20020a05600c512700b002e74638b567so8936662wms.2 for ; Mon, 30 Aug 2021 02:16:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=FjpjdGc2OSWAHjtOg9prRJwoc146B1ppLY5ycsa8joI=; b=FlIvVPyce/H0CmLzfwSQsOptERGDD3lyspTZU+Qv8n7awqi5fPo9CQY6z0jxhpGrgl cEzh8tkgFLclxiB7TYfxYSgQuChdyel98oozJblej0WT/XZo9YPQTmbqK/M+8gRzay5z Wef9aIB6kKp45aIW0D8lovkAr0Sn/wHDqWTj1vn/qwsBMM2CFCqsGqtptACHEXL5oEX5 6deTQJhZUlGSrI0j9pSm1y/S6ZI6BdmViWS8RydoF0QaAW4Q8ElZoHhWSyIjM4lTAFWr ZOaHbzYQlTCQwy5JX4DcWLfKiDUl0g55UPDnXvGAF4TDO8boTyu610h32enLNW4jx81u KKdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=FjpjdGc2OSWAHjtOg9prRJwoc146B1ppLY5ycsa8joI=; b=lKxn8zcFeFEXADJrq3z+LhABGE5/h+AsVG59Z76JgLnBJifDq75tUkpHY2OFz9H3QP iCt263fvBv15dMsz5R4nC/t0lc5k3/J0iFjWDBR7X+KYT9paNDnGUzMps6lSWDHnaq7V DGii6A+dt0QC/3xSyYrG18ml5GcU1sWneKj+8D9Pg6qV2x1kpJvFK5QVleMmGhwBkgNH i88x/7aW7J1kNnZa6j5tZaaVMw66/49pf6E8BG2TMnhx2wkUV2gkE2cVAuHnnJNpYrKQ pR4n3yxfmC8q1qpvsT+6U77dzzaCRCtgz6b5CJeD8jq10CW6t84cCiQfsfmLwSk+magz 85Og== X-Gm-Message-State: AOAM533jhWxXiJJThMKtgZFj6WgvGB+HcHV7qJ04lVmGQiaw5tD1WpW3 6Jf3KbV5Ba9Y1QjtFkBAjoUYZL99Hkiijw== X-Google-Smtp-Source: ABdhPJyh5Jm9n5CZX6u9SnIi8ESnBYtwfHJXKOQYpjk668HuK/5dnFfCf9KlHs6TMv7qSs4fH2BYKA== X-Received: by 2002:a1c:98d5:: with SMTP id a204mr31578490wme.52.1630314978642; Mon, 30 Aug 2021 02:16:18 -0700 (PDT) Received: from ?IPv6:2001:470:1f1c:a0::2? (tunnel642390-pt.tunnel.tserv1.lon2.ipv6.he.net. [2001:470:1f1c:a0::2]) by smtp.gmail.com with ESMTPSA id s12sm15117337wru.41.2021.08.30.02.16.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Aug 2021 02:16:18 -0700 (PDT) Subject: FreeBSD 12.2-RELEASE-p9 trim (ZFS, not OpenZFS): open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: From: Graham Perrin Message-ID: <5a1ae42f-d0f7-beb9-fb21-a83e7e8fe06d@gmail.com> Date: Mon, 30 Aug 2021 10:16:17 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-GB X-Rspamd-Queue-Id: 4Gyl7G5bStz3Qsy X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=FlIvVPyc; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::32c as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::32c:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 09:16:27 -0000 On 30/08/2021 08:45, David Christensen wrote: > … created with FreeBSD-12.1-RELEASE-amd64-memstick on a USB flash > drive with ZFS boot, encrypted swap, and encrypted ZFS root. > > >> If so: with or without OpenZFS kernel module? > > > ZFS kernel module is loaded: > > 2021-08-30 00:30:42 toor@f3 ~ > # kldstat > Id Refs Address                Size Name >  1   23 0xffffffff80200000  227ae98 kernel >  2    1 0xffffffff8247c000    1e7b0 geom_eli.ko >  3    2 0xffffffff8249b000     a448 opensolaris.ko >  4    1 0xffffffff824a8000     ee98 aesni.ko >  5    1 0xffffffff824b7000   3bad38 zfs.ko >  6    1 0xffffffff82872000    27c00 geom_mirror.ko >  7    1 0xffffffff8289a000    27ce8 fuse.ko >  8    1 0xffffffff82b21000      acf mac_ntpd.ko > > … Thanks. Simply installing sysutils/openzfs will get you a relevant manual page: man 8 zpool-trim – and `zpool trim` (alone) will run (tested in VirtualBox), however: _without_ an OpenZFS-enabled boot, I'd be wary of specifying a pool to be trimmed. Here be dragons? From owner-freebsd-questions@freebsd.org Mon Aug 30 16:22:14 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 243BD659756 for ; Mon, 30 Aug 2021 16:22:14 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from wnew2-smtp.messagingengine.com (wnew2-smtp.messagingengine.com [64.147.123.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GywZY0b8Rz3JTY for ; Mon, 30 Aug 2021 16:22:13 +0000 (UTC) (envelope-from tech-lists@zyxst.net) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailnew.west.internal (Postfix) with ESMTP id DCB9D2B00949 for ; Mon, 30 Aug 2021 12:22:00 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Mon, 30 Aug 2021 12:22:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zyxst.net; h= date:from:to:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm3; bh=0jcgEGhHfNZ1SPgIY4VAdoHQlgs rLQ0Mgh5mDIj19ic=; b=f4imEpPLBAfm0EzAPiB+b6lZYEBVvewjuJAfPof2VhF g3V2u3v2tgb8iEg2jNaYLcGyg69wFDKD/mDJDA5otRX0benejuuYvLtSuMGrdoYd jT0SBJ2bsPHZve5M7GCefeahU1FwX7M7cm1zVVnYgLSNyqCStvamhb9YCPv6hInl 2jXid6Hd7py8fsEsnICm/vu+zHotHTXf3gmsZ+qydUxO+fPUt941R6I4qTy2tYeC 2GwJhYWeSDuQ0TgQmbt1MLDzswetkMEtUqPhVdSTWY4wkAbAs7wd8jwbtX6qdOsb AZ0fvwUXC47tPh8U4xxqXgh6DI2bKPKJNCshpUiYv9g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=0jcgEG hHfNZ1SPgIY4VAdoHQlgsrLQ0Mgh5mDIj19ic=; b=qlvqZCU81vcwHqd1cPQxbA hXCVQDp/AZB5JdDM4fw+4pdcigIowJE+I2EmQSZl1PXKFUoypSQsQoC1KOKGEsXo uBDw+h1Y+eKROsgWExkwl6reg+bCI2Bb/uzP7vbAr55e0WUrYZSHGt1Z9MyrfrAG WLWRgGBUgrBKsrhor9FouCB7Jgw+tlVfD5UVef77uNl+WL3JE/kV6tMz8wK40gPh iQsmh1ez5MBXh0NeSmSlrUVQdz7pNG9Lttv0iQYPJCWmez3kvyC8CGjBiRNlewgs GMCM7J55M76m7DTWp3NdqcTD/S673FoBe9Nj4RwuZoFzLccZuYA/ETuFqLvIhSKg == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrudduledguddttdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd erredttddvnecuhfhrohhmpehtvggthhdqlhhishhtshcuoehtvggthhdqlhhishhtshes iiihgihsthdrnhgvtheqnecuggftrfgrthhtvghrnheptedttdduuefggeeghfekkeetke ejleefffelheejfffgffdtfeeftdejgeeuieffnecuffhomhgrihhnpehfrhgvvggsshgu rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epthgvtghhqdhlihhsthhsseiihiigshhtrdhnvght X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Mon, 30 Aug 2021 12:21:55 -0400 (EDT) Date: Mon, 30 Aug 2021 17:21:53 +0100 From: tech-lists To: freebsd-questions@freebsd.org Subject: Re: [matt@openssl.org: OpenSSL Security Advisory] Message-ID: Mail-Followup-To: freebsd-questions@freebsd.org References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HAjgfFRIYHtWR/ZE" Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4GywZY0b8Rz3JTY X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=zyxst.net header.s=fm3 header.b=f4imEpPL; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=qlvqZCU8; dmarc=none; spf=none (mx1.freebsd.org: domain of tech-lists@zyxst.net has no SPF policy when checking 64.147.123.27) smtp.mailfrom=tech-lists@zyxst.net X-Spamd-Result: default: False [-6.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[zyxst.net:s=fm3,messagingengine.com:s=fm3]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; RCVD_COUNT_THREE(0.00)[4]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[zyxst.net:+,messagingengine.com:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_NA(0.00)[zyxst.net]; SIGNED_PGP(-2.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:64.147.123.0/24, country:US]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.27:from] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 16:22:14 -0000 --HAjgfFRIYHtWR/ZE Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 24, 2021 at 05:04:57PM -0400, Dan Langille wrote: > >The Doctor via freebsd-questions wrote on 8/24/21 10:25 AM: >> Is the kernel going to be updated? >> >> Also openssh updates did take place. > >This just in: > >https://lists.freebsd.org/pipermail/freebsd-security-notifications/2021-Au= gust >/000418.html The first mail mentions this: > OpenSSL versions 1.1.1k and below are affected by this issue. Users of th= ese=20 > versions should upgrade to OpenSSL 1.1.1l. However: % uname -a FreeBSD desktop 13.0-STABLE FreeBSD 13.0-STABLE #1=20 stable/13-n247002-bd0ad8209d5: Mon Aug 30 14:29:25 BST 2021 % openssl version OpenSSL 1.1.1k-freebsd 24 Aug 2021 and from a recently updated 13.0-p4 machine kept up-to-date with freebsd-up= date: FreeBSD 13.0-RELEASE-p4 #0: Tue Aug 24 07:33:27 UTC 2021 =20 root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC= amd64 % openssl version OpenSSL 1.1.1k-freebsd 24 Aug 2021 Why is freebsd at 1.1.1k and not 1.1.1l ? --=20 J. --HAjgfFRIYHtWR/ZE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE8n3tWhxW11Ccvv9/s8o7QhFzNAUFAmEtBZcACgkQs8o7QhFz NAVsww/9E2bTuaKWgyPlKNsjcuWyhPtMWNY7wuFqMWnQyN6Pe+02WwZ1alVf2trP Jfc/N3uZr0/Uw50INVC0Ysyv6vUGgnXaml6CAYH1616DmAYhoR/5dcPhPX9mBNS5 /phm/6S8sDEHinEA9uweGezMCegc/g7FPecozjK3wNCMia0rvLqtvC65o4v1idpn KU8MHCjkMRQ6QSO2+Bikx1A5ZUrPYtj0pvugKtNzLd+ZgupGd+tEr048j0Oj/dIV mIl++447NHX7zSR9mZRUmHBEntwfwSlCAfwPKiDCBH9ULPtymxetcFmgYpAG2W7W fR1rQeZtfZufLIqpvKKN5PyIn/6OGCHC0lI0ZhC3GjPlhjRv4gIU0oetokN0IpW/ vqH7oLlhC7/DSqXKSWDmA6h4kpMKUzvNfBOYWDkjb7NW/WwZHsbUCq/ldij+bcrK s4uIwkc1veFm7oIEto2uMFp1VsLnonfArFMZ7g/UucOaY8ywUtc8Pp6dwg1alssU bB98OGAxcfEYkTN0mE/uqvUwWnN3Cm7V3WbJmQ/UMF2s98J6UOZ+TpgtY+osvJg9 UhbfE2lBhTlo3uHSIOotEyiGeAxOzpLDonj7OMWp6AAFhX7aWv/4NG7wQA7ASlOb cPcEuj+fxzBiN8vZLB+jhw5OlMQcZmZnuUatyVC87NMaekNv9C8= =J5zH -----END PGP SIGNATURE----- --HAjgfFRIYHtWR/ZE-- From owner-freebsd-questions@freebsd.org Mon Aug 30 19:34:12 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1EBFE65C9E1 for ; Mon, 30 Aug 2021 19:34:12 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from keymaster.local (ns1.xn--wesstrm-f1a.se [81.4.102.176]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "keymaster.pp.dyndns.biz", Issuer "keymaster.pp.dyndns.biz" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gz0r31Kf3z3DSG for ; Mon, 30 Aug 2021 19:34:10 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from [192.168.69.69] ([192.168.69.69]) by keymaster.local (8.16.1/8.16.1) with ESMTP id 17UJWbMB011642 for ; Mon, 30 Aug 2021 21:32:46 +0200 (CEST) (envelope-from freebsd-database@pp.dyndns.biz) Subject: Re: [matt@openssl.org: OpenSSL Security Advisory] To: freebsd-questions@freebsd.org References: From: =?UTF-8?Q?Morgan_Wesstr=c3=b6m?= Message-ID: Date: Mon, 30 Aug 2021 21:32:22 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4Gz0r31Kf3z3DSG X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-database@pp.dyndns.biz has no SPF policy when checking 81.4.102.176) smtp.mailfrom=freebsd-database@pp.dyndns.biz X-Spamd-Result: default: False [-0.24 / 15.00]; RCVD_TLS_LAST(0.00)[]; R_MIXED_CHARSET(0.56)[subject]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; HFILTER_HELO_IP_A(1.00)[keymaster.local]; NEURAL_HAM_SHORT(-1.00)[-0.997]; HFILTER_HELO_NORES_A_OR_MX(0.30)[keymaster.local]; ARC_NA(0.00)[]; R_SPF_NA(0.00)[no SPF record]; DMARC_NA(0.00)[pp.dyndns.biz]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:198203, ipnet:81.4.100.0/22, country:NL]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 19:34:12 -0000 > % uname -a > FreeBSD desktop 13.0-STABLE FreeBSD 13.0-STABLE #1 > stable/13-n247002-bd0ad8209d5: Mon Aug 30 14:29:25 BST 2021 > > % openssl version > OpenSSL 1.1.1k-freebsd  24 Aug 2021 > > and from a recently updated 13.0-p4 machine kept up-to-date with freebsd-update: > > FreeBSD 13.0-RELEASE-p4 #0: Tue Aug 24 07:33:27 UTC 2021 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64 > > % openssl version > OpenSSL 1.1.1k-freebsd  24 Aug 2021 > > Why is freebsd at 1.1.1k and not 1.1.1l ? It seems FreeBSD chose to patch version 1.1.1k rather than to import the whole 1.1.1l. The patch was made in the following commit: https://cgit.freebsd.org/src/commit/crypto/openssl?h=releng/13.0&id=2261c814b7fa4730f308b476eff1afb0dcdf35ec You can see in the last patch on that page that the version was changed from "OpenSSL 1.1.1k-freebsd 25 Mar 2021" to "OpenSSL 1.1.1k-freebsd 24 Aug 2021" for the patched version which matches your second output. Why your first output example has the same date without being -p4 is beyond me though. Regards Morgan From owner-freebsd-questions@freebsd.org Mon Aug 30 19:36:02 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BEBF565CCBE for ; Mon, 30 Aug 2021 19:36:02 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from keymaster.local (ns1.xn--wesstrm-f1a.se [IPv6:2a00:d880:5:1b9::8526]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "keymaster.pp.dyndns.biz", Issuer "keymaster.pp.dyndns.biz" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gz0t96hxTz3Dr1 for ; Mon, 30 Aug 2021 19:36:01 +0000 (UTC) (envelope-from freebsd-database@pp.dyndns.biz) Received: from [192.168.69.69] ([192.168.69.69]) by keymaster.local (8.16.1/8.16.1) with ESMTP id 17UJa0Gk011674 for ; Mon, 30 Aug 2021 21:36:01 +0200 (CEST) (envelope-from freebsd-database@pp.dyndns.biz) Subject: Re: [matt@openssl.org: OpenSSL Security Advisory] To: freebsd-questions@freebsd.org References: From: =?UTF-8?Q?Morgan_Wesstr=c3=b6m?= Message-ID: <7a65d5fc-c8ea-d20b-44a8-04e4f39223a4@pp.dyndns.biz> Date: Mon, 30 Aug 2021 21:36:00 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4Gz0t96hxTz3Dr1 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-database@pp.dyndns.biz has no SPF policy when checking 2a00:d880:5:1b9::8526) smtp.mailfrom=freebsd-database@pp.dyndns.biz X-Spamd-Result: default: False [-0.24 / 15.00]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[pp.dyndns.biz]; NEURAL_HAM_SHORT(-0.99)[-0.994]; HFILTER_HELO_IP_A(1.00)[keymaster.local]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; HFILTER_HELO_NORES_A_OR_MX(0.30)[keymaster.local]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; R_MIXED_CHARSET(0.56)[subject]; ASN(0.00)[asn:198203, ipnet:2a00:d880::/32, country:NL]; MIME_TRACE(0.00)[0:+]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2021 19:36:02 -0000 > % uname -a > FreeBSD desktop 13.0-STABLE FreeBSD 13.0-STABLE #1 > stable/13-n247002-bd0ad8209d5: Mon Aug 30 14:29:25 BST 2021 Oh wait, I saw it when I pressed send on the last message. :) That one is STABLE branch. It's the developing head on that branch so it always have the latest patches. As long as the date is 24 Aug 2021 or later you're fine. :) Regards Morgan From owner-freebsd-questions@freebsd.org Tue Aug 31 01:06:28 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CE74966194A for ; Tue, 31 Aug 2021 01:06:28 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "xray.he.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gz8CR4PGVz4TgM for ; Tue, 31 Aug 2021 01:06:27 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1630371985; bh=bbdLJD9ull6gMDDkLhcMj4OvsYgPTH/BOTe15UzAGlM=; h=Received:Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding; b=Z2ucu/IyzYBpPwSES5CveBZlznopO/GZBcmSqadyxjyag5kXvpGnkGbumqoOTUOTA YCOdwFWbsZ7jVQfTPkshk0pInF28ffrlviWfaLV8O63kZHpQUnk8ku0obzQYqNSPW1 T2wnDbk3Jlnx7oDM4HxucdXkGBQAAHZRZdOC1fLvhdPK8EnDAvapjnygbxctlg2d44 RX1jDLSnFpVRL0r8saCfnoS3Ztqbtu7OdfG7IzRd6DQX/RShwLQeGgvMx6xM9M2YNQ Jrmwb7/XVKOL1sPKE/oqUeqKR2qkaew4h/FMMLVJVHIFuvArdb39KZxWwEnJ7lvPr2 IBLQaaLZ16BAaOCzVHOw2qbJFW6f7FCzJ4yvoXfUGfxssNufCryVWaSHsnS+ynJamA 5bFQ3TNRPlQw6OKHLMVByTvBh9kPmvokCibsaHnWsSN8Vgdkob1W+/DGISVxcQeVkB OcuMDGyuA5TlO8zFEDY94+QsZN/5/CZVFhqJ7PytxbEQKiE00ip/duD51SWMxrp7Da dxypUBieZJjLurRQJPfUyZT7RgshmMalAUhKFWlEbSD5RaTtjjryIrgtHdwZdKTWJp emBgzQePi0NXg3NeDEpEBxoONIeqxbBHrwqiFKe54QPS2qQ67vqS9q1PAR4DkQu7gH td7E20AtT9BfJu76ZezKYqnE= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Mon, 30 Aug 2021 18:06:25 -0700 Subject: Re: FreeBSD 12.2-RELEASE-p9 trim (ZFS, not OpenZFS): open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: <5a1ae42f-d0f7-beb9-fb21-a83e7e8fe06d@gmail.com> From: David Christensen Message-ID: Date: Mon, 30 Aug 2021 18:06:24 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <5a1ae42f-d0f7-beb9-fb21-a83e7e8fe06d@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4Gz8CR4PGVz4TgM X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b="Z2ucu/Iy"; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 2001:470:0:19b::b869:801b as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a:november.he.net]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[holgerdanske.com:+]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; NEURAL_HAM_SHORT(-1.00)[-0.998]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2021 01:06:28 -0000 On 8/30/21 2:16 AM, Graham Perrin wrote: > On 30/08/2021 08:45, David Christensen wrote: > >> … created with FreeBSD-12.1-RELEASE-amd64-memstick on a USB flash >> drive with ZFS boot, encrypted swap, and encrypted ZFS root. >> >> >>> If so: with or without OpenZFS kernel module? >> >> >> ZFS kernel module is loaded: >> >> 2021-08-30 00:30:42 toor@f3 ~ >> # kldstat >> Id Refs Address                Size Name >>  1   23 0xffffffff80200000  227ae98 kernel >>  2    1 0xffffffff8247c000    1e7b0 geom_eli.ko >>  3    2 0xffffffff8249b000     a448 opensolaris.ko >>  4    1 0xffffffff824a8000     ee98 aesni.ko >>  5    1 0xffffffff824b7000   3bad38 zfs.ko >>  6    1 0xffffffff82872000    27c00 geom_mirror.ko >>  7    1 0xffffffff8289a000    27ce8 fuse.ko >>  8    1 0xffffffff82b21000      acf mac_ntpd.ko >> >> … > > > Thanks. Simply installing sysutils/openzfs will get you a relevant > manual page: > > man 8 zpool-trim > > – and `zpool trim` (alone) will run (tested in VirtualBox), however: > _without_ an OpenZFS-enabled boot, I'd be wary of specifying a pool to > be trimmed. Here be dragons? Thank you for the response. :-) I installed the package "openzfs": 2021-08-30 17:54:40 toor@f2 ~ # pkg install -y openzfs Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 2 package(s) will be affected (of 0 checked): New packages to be INSTALLED: openzfs: 2021062100 openzfs-kmod: 2021062100 Number of packages to be installed: 2 The process will require 22 MiB more space. 4 MiB to be downloaded. [1/2] Fetching openzfs-2021062100.txz: 100% 3 MiB 365.1kB/s 00:08 [2/2] Fetching openzfs-kmod-2021062100.txz: 100% 1 MiB 1.2MB/s 00:01 Checking integrity... done (0 conflicting) [1/2] Installing openzfs-kmod-2021062100... [1/2] Extracting openzfs-kmod-2021062100: 100% [2/2] Installing openzfs-2021062100... [2/2] Extracting openzfs-2021062100: 100% The man page is there: 2021-08-30 18:00:33 toor@f2 ~ # man zpool-trim | head -n 7 ZPOOL-TRIM(8) FreeBSD System Manager's Manual ZPOOL-TRIM(8) NAME zpool-trim - initiate TRIM of free space in ZFS storage pool SYNOPSIS zpool trim [-dw] [-r rate] [-c|-s] pool [device] When I try to trim a pool that is on an SSD: 2021-08-30 18:01:18 toor@f2 ~ # zpool trim bootpool 2>&1 | head -n 1 unrecognized command 'trim' When I try to load the kernel module: 2021-08-30 18:01:22 toor@f2 ~ # kldload openzfs kldload: an error occurred while loading module openzfs. Please check dmesg(8) for more details. 2021-08-30 18:02:10 toor@f2 ~ # dmesg | tail -n 2 interface zfsctrl.1 already present in the KLD 'zfs.ko'! linker_load_file: /boot/modules/openzfs.ko - unsupported file type zpool-trim(8) mentions an "autotrim" property, but my pool does not seem to have it: 2021-08-30 18:03:14 toor@f2 ~ # zpool get all bootpool | grep -i trim Suggestions? David From owner-freebsd-questions@freebsd.org Tue Aug 31 02:47:04 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5231966310F for ; Tue, 31 Aug 2021 02:47:04 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GzBRW3QKtz3HFV for ; Tue, 31 Aug 2021 02:47:03 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wm1-x32c.google.com with SMTP id c8-20020a7bc008000000b002e6e462e95fso814318wmb.2 for ; Mon, 30 Aug 2021 19:47:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=MnYmRjlRCKWGr+v82QR2MAikFoeSOj7bYAWodzyode4=; b=paFgR6YTP3yVD8whsWwvPyvQbz9dLT7GPC70bSXzgaRbVhIMRc+fgX263QbLiqUOMk Bq03YxihhVLawEO+piGJouVkWH3Z4pdleyqXg3b6wGg6tG/H7UtKpMfJIUP2t0G4eiy6 dYM97HRvGdSHKwD5LLo3cnjCjmEVV3FAgYc5GCV3aJUhU7RGgEuP51JubyOECN4Hrobd QmK1kfvQxgeQF14XCrdoswiDKOCtRZ6KMaqnD1Dw4vpc5KcorZ8La0iPU4FlhZCLpSzN pKVTFj4azfP933wI5E2G1CSWVMUT1Beg3a9x8hSIErIjBmpwIeF7mOzYq/VC6RRSzC6Q xsOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=MnYmRjlRCKWGr+v82QR2MAikFoeSOj7bYAWodzyode4=; b=o6L6m4Zj0RMjujnHBTc1EhqULZsOcMXZHxtq8KsiHjb1iC0oNYszaubrhBpl9U6w+5 zZ/hXFfWIgKk9lXJav3TofW/qiwAkUXYCPhICvec6MUdRWlkr0UwrPPLldCpAxnofbcN FgAYItZ9pTAYUSCyYtjcXhZ3D2geSLIwHUKZqyjRbjpB2pXh3knpuL0sd84Ya4mS2ZY1 uf3FQ1bxYBlJ1/xD9DR2WMiONrQQgo1nNfcestHR9zZP6B84F3fD2T5Ze4FVZXj+fg6l oeaJvFoMxmcxL1EIQ+QtG5DMSI5XgYU8SOJ2sbdNX93oovGcwRcw7s98TSF60U/zTRtA 69bQ== X-Gm-Message-State: AOAM530mWUTyekfP1hJcyv1S9GDuhzszc/6N5l0bCol8zP1iW7TGTXIL T2dPdfQKodZb/ApCuTZ9dbpR0WAAtTip9Q== X-Google-Smtp-Source: ABdhPJxWx4mk5vdfE2iIABzTToUDzcRgnUrli0N0PElCYX5U6A0DC9gI2A2SPbLFyYRClvJpsDkF+g== X-Received: by 2002:a1c:21c3:: with SMTP id h186mr1768528wmh.186.1630378020924; Mon, 30 Aug 2021 19:47:00 -0700 (PDT) Received: from ?IPv6:2001:470:1f1c:a0::2? (tunnel642390-pt.tunnel.tserv1.lon2.ipv6.he.net. [2001:470:1f1c:a0::2]) by smtp.gmail.com with ESMTPSA id r16sm13190340wrg.71.2021.08.30.19.47.00 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Aug 2021 19:47:00 -0700 (PDT) Subject: Re: FreeBSD 12.2-RELEASE-p9 trim (ZFS, not OpenZFS): open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: <5a1ae42f-d0f7-beb9-fb21-a83e7e8fe06d@gmail.com> From: Graham Perrin Message-ID: <6832fcb4-42d1-efc9-e2cb-7e2df606d8ce@gmail.com> Date: Tue, 31 Aug 2021 03:46:59 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB X-Rspamd-Queue-Id: 4GzBRW3QKtz3HFV X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=paFgR6YT; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::32c as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::32c:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2021 02:47:04 -0000 On 31/08/2021 02:06, David Christensen wrote: > On 8/30/21 2:16 AM, Graham Perrin wrote: >> On 30/08/2021 08:45, David Christensen wrote: >> >>> … created with FreeBSD-12.1-RELEASE-amd64-memstick on a USB flash >>> drive with ZFS boot, encrypted swap, and encrypted ZFS root. >>> >>> >>>> If so: with or without OpenZFS kernel module? >>> >>> >>> ZFS kernel module is loaded: >>> >>> 2021-08-30 00:30:42 toor@f3 ~ >>> # kldstat >>> Id Refs Address                Size Name >>>  1   23 0xffffffff80200000  227ae98 kernel >>>  2    1 0xffffffff8247c000    1e7b0 geom_eli.ko >>>  3    2 0xffffffff8249b000     a448 opensolaris.ko >>>  4    1 0xffffffff824a8000     ee98 aesni.ko >>>  5    1 0xffffffff824b7000   3bad38 zfs.ko >>>  6    1 0xffffffff82872000    27c00 geom_mirror.ko >>>  7    1 0xffffffff8289a000    27ce8 fuse.ko >>>  8    1 0xffffffff82b21000      acf mac_ntpd.ko >>> >>> … >> >> >> Thanks. Simply installing sysutils/openzfs will get you a relevant >> manual page: >> >> man 8 zpool-trim >> >> – and `zpool trim` (alone) will run (tested in VirtualBox), however: >> _without_ an OpenZFS-enabled boot, I'd be wary of specifying a pool >> to be trimmed. Here be dragons? > > > Thank you for the response.  :-) > > > I installed the package "openzfs": > > 2021-08-30 17:54:40 toor@f2 ~ > # pkg install -y openzfs > Updating FreeBSD repository catalogue... > FreeBSD repository is up to date. > All repositories are up to date. > The following 2 package(s) will be affected (of 0 checked): > > New packages to be INSTALLED: >     openzfs: 2021062100 >     openzfs-kmod: 2021062100 > > Number of packages to be installed: 2 > > The process will require 22 MiB more space. > 4 MiB to be downloaded. > [1/2] Fetching openzfs-2021062100.txz: 100%    3 MiB 365.1kB/s 00:08 > [2/2] Fetching openzfs-kmod-2021062100.txz: 100%    1 MiB 1.2MB/s 00:01 > Checking integrity... done (0 conflicting) > [1/2] Installing openzfs-kmod-2021062100... > [1/2] Extracting openzfs-kmod-2021062100: 100% > [2/2] Installing openzfs-2021062100... > [2/2] Extracting openzfs-2021062100: 100% > > > The man page is there: > > 2021-08-30 18:00:33 toor@f2 ~ > # man zpool-trim | head -n 7 > ZPOOL-TRIM(8)           FreeBSD System Manager's Manual ZPOOL-TRIM(8) > > NAME >      zpool-trim - initiate TRIM of free space in ZFS storage pool > > SYNOPSIS >      zpool trim [-dw] [-r rate] [-c|-s] pool [device] > > > When I try to trim a pool that is on an SSD: > > 2021-08-30 18:01:18 toor@f2 ~ > # zpool trim bootpool 2>&1 | head -n 1 > unrecognized command 'trim' > > > When I try to load the kernel module: > > 2021-08-30 18:01:22 toor@f2 ~ > # kldload openzfs > kldload: an error occurred while loading module openzfs. Please check > dmesg(8) for more details. > > 2021-08-30 18:02:10 toor@f2 ~ > # dmesg | tail -n 2 > interface zfsctrl.1 already present in the KLD 'zfs.ko'! > linker_load_file: /boot/modules/openzfs.ko - unsupported file type > > > zpool-trim(8) mentions an "autotrim" property, but my pool does not > seem to have it: > > 2021-08-30 18:03:14 toor@f2 ~ > # zpool get all bootpool | grep -i trim > > > Suggestions? > > > David % pkg query %M openzfs openzfs-kmod % – strange; openzfs-kmod should probably have a package message. /boot/loader.conf can be edited to include: zfs_load="NO" openzfs_load="YES" – HOWEVER I recommend creating then activating a new boot environment before doing so (and before any future update to 12.0-RELEASE). Given the possibility of the pre-packaged kernel module not working, be prepared to build and install from ports. (If the module will not load, you'll be unable to boot. If this happens, you can boot a good environment then use `bectl mount` to temporarily access the affected environment, then revert the two lines in its loader.conf.) If the pool will require an upgrade, for what you'd like to do with TRIM, be extremely cautious about upgrading a FreeBSD 12 boot pool. From owner-freebsd-questions@freebsd.org Tue Aug 31 03:03:52 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 76450663882 for ; Tue, 31 Aug 2021 03:03:52 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GzBpv4VFtz3Lwb for ; Tue, 31 Aug 2021 03:03:51 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wr1-x42f.google.com with SMTP id u9so25144305wrg.8 for ; Mon, 30 Aug 2021 20:03:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=wPC6W69PM+hqncmXBtCOdP6FEMrM0OH1TDNsrf9kaN0=; b=QvzR/vGauPRW2JFMcCX2AN4rr1KjOnfIwqPLFyQDE7DlYByP8E0Bfq0CdLchCX2lo4 k6EeHQBZkxBH6vALps/QmIk91z7VRbgCEeTUiOR7zyW5JIWGECPjGQirZKDXRaMn5Hp6 89T+uVDy+GQ6+ShD/kgXaesmRpxKV6jpN9xIom/3Gp6fjF7XsxNSiue30ayB7OS/XBi6 1Ciox9d+4LHcWoDFdKHgEwDrEvL/f7yUq7EzTcDJbPmMOJqlxCp95FPTaSMylukOk1WH 034n5E2OTBot0AbHd0AjbphcVwPsYMkIuvQa2nM3/GEt3KvZkWL/jFwhCVY1+GvEDF0P Q9hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=wPC6W69PM+hqncmXBtCOdP6FEMrM0OH1TDNsrf9kaN0=; b=L6fSY0nXxEFpTXg2Fc0tSU9Sb6jIbnIhl7T7JTm/fZiXUS0Jo239x7r8hEHjFnTFX8 6IoowuxEWpoAnxAk3RaMziZSGx5Qg1mdQQEo4DbuhFY/fNKOTRXCBhUBrdf3r6E7Sox1 cnwUCYp7xHCsL5muvYOGDIM1tgb1z+oC8OcIWV/0ZGrw4Tq3Uj5+25BGfipzytb0b3o5 b6Dx+jxnYMa3LzogHkc/Uf5IDPgdULHtyQKLZstEQzZ70+6bGiz9cIRj8kQH+f8C1SSY KS+pWrj66Vt7OMrbknywxaW42Khl0CSbUppbUuRrJ7GVBCFJ68XBYqAIvdKnl2aD20oz ZzcA== X-Gm-Message-State: AOAM533nivnGIJX5blpZ+BGFE4t3tRtbRr8lNMJbSXGYCGFShgs2iuKt ooETZCJQPdJh3kM+uSE/XnknruG9XOYFhg== X-Google-Smtp-Source: ABdhPJx6pvV3Nk3YC/NbPSmUyEFMo1JPq9PlIXGySULen59HnUUfg8hhcAiQC5DxwFd2ANwpXRC4vg== X-Received: by 2002:adf:b318:: with SMTP id j24mr28623110wrd.84.1630379030264; Mon, 30 Aug 2021 20:03:50 -0700 (PDT) Received: from ?IPv6:2001:470:1f1c:a0::2? (tunnel642390-pt.tunnel.tserv1.lon2.ipv6.he.net. [2001:470:1f1c:a0::2]) by smtp.gmail.com with ESMTPSA id a12sm1111124wmm.42.2021.08.30.20.03.49 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Aug 2021 20:03:49 -0700 (PDT) Subject: =?UTF-8?Q?openzfs-kmod_package_message_=28was=3a_FreeBSD_12=2e2-REL?= =?UTF-8?B?RUFTRS1wOSB0cmltIChaRlMsIG5vdCBPcGVuWkZTKTog4oCmKQ==?= From: Graham Perrin To: freebsd-questions@freebsd.org References: <5a1ae42f-d0f7-beb9-fb21-a83e7e8fe06d@gmail.com> <6832fcb4-42d1-efc9-e2cb-7e2df606d8ce@gmail.com> Message-ID: <77f8dfdd-b13b-2f52-7a31-94eb0c5ee193@gmail.com> Date: Tue, 31 Aug 2021 04:03:49 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <6832fcb4-42d1-efc9-e2cb-7e2df606d8ce@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB X-Rspamd-Queue-Id: 4GzBpv4VFtz3Lwb X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b="QvzR/vGa"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::42f as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::42f:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2021 03:03:52 -0000 On 31/08/2021 03:46, Graham Perrin wrote: > … recommend creating then activating a new boot environment before … Correction (omission):     create, activate _and then boot_ the environment. Related: 258178 – sysutils/openzfs-kmod package message – thoughts welcome. From owner-freebsd-questions@freebsd.org Tue Aug 31 06:47:05 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AA536666EC4 for ; Tue, 31 Aug 2021 06:47:05 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GzHmS0tqZz3kGW for ; Tue, 31 Aug 2021 06:47:04 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1630392415; bh=m9ji4YSxVh/XFlRhdmw16/sbOgXYptbsQ+az6BqjbIA=; h=Received:From:Subject:To:References:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding; b=ERWxkGWkkrcvdO5Kqfzv/cImoidhuC0dcknxZDZ6PIzzY+iU2x+/TsCLg1GYnUCjz FRxdVPId3eStdzKh6//SOZd5T3XG9UI2b8ZLI+KCRAMNOJw8xVMVOs9Vpapo4WzbJT w822sb9EhqxkW6L6wkf8zkBjxfPjl+uSRyOWPtOknxPYQjdxJ1SP6XbsSrEjFNoOF0 fH0sQtNdCV1wmSDCSIrqteSq9dNhC1z9/IBKh2pnTE5ZVBi1z/msw9GPgj/bPN5JuX PBRbC0/uFTE8Gj2We2+aaFBL0tIP1pLntqyKq7m7diX9ncAMfssy8kmPC0jMf9U2PC cxoIqslp8kpvAcMd5DXP/PRMarVIzEIbdHwmNjNYGHBTC1AsoZJ80Kx2JcT7pEpaxH VNsYdezYh9KIZogoOdP2xu9ElgW3tqYJWSRGN92VRbhXIqd1VPbbcXrVtwUGpC/ViO O4V4ISw0ihrrlrILBbEAWPq7e+zOVzS5NP81Y35b0gjdK4Q96VlFZ0iekO9nU9w9OA Wptak3P0mqZ2YB+UMamF0EXvTGLXM2/OxdeRPehCnf0oWxlBcGa2UrO/j4cT02alox NKoFhxHsOcDIxN3ufXcqmEEb8MYHAXfde5W1FpGE+4zHhgkCn64snYdElzudPLsYSd xOlAxCxCNruK7LD0cJw6JM8E= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Mon, 30 Aug 2021 23:46:55 -0700 From: David Christensen Subject: Re: FreeBSD 12.2-RELEASE-p9 trim (ZFS, not OpenZFS): open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: <5a1ae42f-d0f7-beb9-fb21-a83e7e8fe06d@gmail.com> <6832fcb4-42d1-efc9-e2cb-7e2df606d8ce@gmail.com> Message-ID: <3d4df331-9795-fd58-d246-3793b0b8690d@holgerdanske.com> Date: Mon, 30 Aug 2021 23:46:54 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <6832fcb4-42d1-efc9-e2cb-7e2df606d8ce@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4GzHmS0tqZz3kGW X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b=ERWxkGWk; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 2001:470:0:19b::b869:801b as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-3.30 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a:november.he.net]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[holgerdanske.com:+]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; NEURAL_HAM_SHORT(-0.30)[-0.296]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2021 06:47:05 -0000 On 8/30/21 7:46 PM, Graham Perrin wrote: > On 31/08/2021 02:06, David Christensen wrote: >> On 8/30/21 2:16 AM, Graham Perrin wrote: >>> On 30/08/2021 08:45, David Christensen wrote: >>> >>>> … created with FreeBSD-12.1-RELEASE-amd64-memstick on a USB flash >>>> drive with ZFS boot, encrypted swap, and encrypted ZFS root. >>>> ZFS kernel module is loaded: >>>> >>>> 2021-08-30 00:30:42 toor@f3 ~ >>>> # kldstat >>>> Id Refs Address                Size Name >>>>  1   23 0xffffffff80200000  227ae98 kernel >>>>  2    1 0xffffffff8247c000    1e7b0 geom_eli.ko >>>>  3    2 0xffffffff8249b000     a448 opensolaris.ko >>>>  4    1 0xffffffff824a8000     ee98 aesni.ko >>>>  5    1 0xffffffff824b7000   3bad38 zfs.ko >>>>  6    1 0xffffffff82872000    27c00 geom_mirror.ko >>>>  7    1 0xffffffff8289a000    27ce8 fuse.ko >>>>  8    1 0xffffffff82b21000      acf mac_ntpd.ko >> I installed the package "openzfs": >> 2021-08-30 18:01:18 toor@f2 ~ >> # zpool trim bootpool 2>&1 | head -n 1 >> unrecognized command 'trim' >> 2021-08-30 18:01:22 toor@f2 ~ >> # kldload openzfs >> kldload: an error occurred while loading module openzfs. Please check >> dmesg(8) for more details. >> >> 2021-08-30 18:02:10 toor@f2 ~ >> # dmesg | tail -n 2 >> interface zfsctrl.1 already present in the KLD 'zfs.ko'! >> linker_load_file: /boot/modules/openzfs.ko - unsupported file type > % pkg query %M openzfs openzfs-kmod > > > % > > – strange; openzfs-kmod should probably have a package message. I also get no output: 2021-08-30 23:40:44 toor@f2 ~ # pkg query %M openzfs openzfs-kmod But the packages are there: 2021-08-30 23:42:17 toor@f2 ~ # pkg query %n openzfs openzfs-kmod openzfs openzfs-kmod > /boot/loader.conf can be edited to include: > > zfs_load="NO" > openzfs_load="YES" 2021-08-30 23:42:35 toor@f2 ~ # grep -i zfs /boot/loader.conf vfs.root.mountfrom="zfs:f2_zroot/ROOT/default" zpool_cache_type="/boot/zfs/zpool.cache" zpool_cache_name="/boot/zfs/zpool.cache" zfs_load="YES" > – HOWEVER I recommend creating then activating a new boot environment > before doing so (and before any future update to 12.0-RELEASE). Given > the possibility of the pre-packaged kernel module not working, be > prepared to build and install from ports. I do packages. > (If the module will not load, you'll be unable to boot. If this happens, > you can boot a good environment then use `bectl mount` to temporarily > access the affected environment, then revert the two lines in its > loader.conf.) > > If the pool will require an upgrade, for what you'd like to do with > TRIM, be extremely cautious about upgrading a FreeBSD 12 boot pool. I wanted to do a trim before taking an image, to reduce the image size. I guess I'll just throw hard drives are the problem for now. Thank you for your suggestions. :-) David From owner-freebsd-questions@freebsd.org Tue Aug 31 20:36:36 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5223F675BE8 for ; Tue, 31 Aug 2021 20:36:36 +0000 (UTC) (envelope-from doug@safeport.com) Received: from freeport.safeport.com (freeport.safeport.com [147.160.157.114]) by mx1.freebsd.org (Postfix) with ESMTP id 4Gzf9b3d5Rz3K8c for ; Tue, 31 Aug 2021 20:36:35 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [198.74.231.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by freeport.safeport.com (Postfix) with ESMTPS id 40C21112EB1 for ; Tue, 31 Aug 2021 16:26:44 -0400 (EDT) Date: Tue, 31 Aug 2021 16:26:52 -0400 (EDT) From: Doug Denault To: freebsd-questions@FreeBSD.ORG Subject: firefox 90.0.2,2 will not load mozilla.com Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-Rspamd-Queue-Id: 4Gzf9b3d5Rz3K8c X-Spamd-Bar: +++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of doug@safeport.com does not designate 147.160.157.114 as permitted sender) smtp.mailfrom=doug@safeport.com X-Spamd-Result: default: False [7.49 / 15.00]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all:c]; GREYLIST(0.00)[pass,body]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.99)[0.994]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROMTLD(0.00)[]; VIOLATED_DIRECT_SPF(3.50)[]; NEURAL_SPAM_LONG(1.00)[1.000]; DMARC_NA(0.00)[safeport.com]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6405, ipnet:147.160.157.0/24, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2021 20:36:36 -0000 I needed thunderbird on my 12.2 system. Installing that with pkg upgraded firefox. Most sites get the error: Your connection is not secure The website tried to negotiate an inadequate level of security. www.mozilla.com uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site. Error code: NS_ERROR_NET_INADEQUATE_SECURITY Others without security (for me) include american.express, google.com, amazon.com and youtube.com. freebsd.org works. As far as I can tell this only affects me. _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 From owner-freebsd-questions@freebsd.org Tue Aug 31 20:49:56 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 858F26761C8 for ; Tue, 31 Aug 2021 20:49:56 +0000 (UTC) (envelope-from pete@nomadlogic.org) Received: from mail.nomadlogic.org (mail.nomadlogic.org [66.165.241.226]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.nomadlogic.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GzfSz1tSlz3NPx for ; Tue, 31 Aug 2021 20:49:55 +0000 (UTC) (envelope-from pete@nomadlogic.org) Received: from [192.168.1.160] (cpe-24-24-163-126.socal.res.rr.com [24.24.163.126]) by mail.nomadlogic.org (OpenSMTPD) with ESMTPSA id ac92d645 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 31 Aug 2021 20:49:48 +0000 (UTC) Subject: Re: firefox 90.0.2,2 will not load mozilla.com To: Doug Denault , freebsd-questions@FreeBSD.ORG References: From: Pete Wright Message-ID: Date: Tue, 31 Aug 2021 13:49:47 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4GzfSz1tSlz3NPx X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.48 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[nomadlogic.org:s=04242021]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[nomadlogic.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[nomadlogic.org,quarantine]; NEURAL_HAM_SHORT(-0.48)[-0.476]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:29802, ipnet:66.165.240.0/22, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2021 20:49:56 -0000 On 8/31/21 1:26 PM, Doug Denault wrote: > I needed thunderbird on my 12.2 system. Installing that with pkg > upgraded firefox. > > Most sites get the error: > > Your connection is not secure > > The website tried to negotiate an inadequate level of security. > > www.mozilla.com uses security technology that is outdated and > vulnerable to attack. An attacker could easily reveal information > which you thought to be safe. The website administrator will need to > fix the server first before you can visit the site. > > Error code: NS_ERROR_NET_INADEQUATE_SECURITY > > Others without security (for me) include american.express, google.com, > amazon.com and youtube.com. freebsd.org works. As far as I can tell > this only affects me. > couple things worth checking: - make sure ca_root_nss is on latest version (I'm on v3.69 and not seeing this issue) - make sure your system clock is in sync for debugging, maybe try accessing a site via curl.  it may report a more helpful error message, or if it works it's possible the issue is isolated to firefox. -pete -- Pete Wright pete@nomadlogic.org @nomadlogicLA From owner-freebsd-questions@freebsd.org Tue Aug 31 21:12:22 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 22B4A676C01 for ; Tue, 31 Aug 2021 21:12:22 +0000 (UTC) (envelope-from doug@safeport.com) Received: from freeport.safeport.com (freeport.safeport.com [147.160.157.114]) by mx1.freebsd.org (Postfix) with ESMTP id 4Gzfys3Pl4z3l1n for ; Tue, 31 Aug 2021 21:12:21 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [198.74.231.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by freeport.safeport.com (Postfix) with ESMTPS id 3A4391134AC; Tue, 31 Aug 2021 17:12:21 -0400 (EDT) Date: Tue, 31 Aug 2021 17:12:29 -0400 (EDT) From: Doug Denault To: Pete Wright cc: freebsd-questions@FreeBSD.ORG Subject: Re: firefox 90.0.2,2 will not load mozilla.com In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 X-Rspamd-Queue-Id: 4Gzfys3Pl4z3l1n X-Spamd-Bar: ++++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of doug@safeport.com does not designate 147.160.157.114 as permitted sender) smtp.mailfrom=doug@safeport.com X-Spamd-Result: default: False [8.47 / 15.00]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all:c]; GREYLIST(0.00)[pass,meta]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_SHORT(1.00)[0.997]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; DMARC_NA(0.00)[safeport.com]; NEURAL_SPAM_MEDIUM(0.98)[0.984]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; VIOLATED_DIRECT_SPF(3.50)[]; CTYPE_MIXED_BOGUS(1.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.99)[0.986]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:6405, ipnet:147.160.157.0/24, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-Spam: Yes Content-Type: TEXT/PLAIN; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Aug 2021 21:12:22 -0000 On Tue, 31 Aug 2021, Pete Wright wrote: > On 8/31/21 1:26 PM, Doug Denault wrote: >> I needed thunderbird on my 12.2 system. Installing that with pkg upgraded >> firefox. >> >> Most sites get the error: >> >> Your connection is not secure >> >> The website tried to negotiate an inadequate level of security. >> >> www.mozilla.com uses security technology that is outdated and vulnerable to >> attack. An attacker could easily reveal information which you thought to be >> safe. The website administrator will need to fix the server first before >> you can visit the site. >> >> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >> >> Others without security (for me) include american.express, google.com, >> amazon.com and youtube.com. freebsd.org works. As far as I can tell this >> only affects me. >> > > couple things worth checking: > - make sure ca_root_nss is on latest version (I'm on v3.69 and not seeing > this issue) > - make sure your system clock is in sync > > for debugging, maybe try accessing a site via curl.  it may report a more > helpful error message, or if it works it's possible the issue is isolated to > firefox. Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks are sync'd using FreeBSD defaults and, curl gave no output. Chrome works. It seems clear that the lack of any others there is something firefox does not like about my setup. Doug _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 From owner-freebsd-questions@freebsd.org Wed Sep 1 03:49:18 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 60B6267B247 for ; Wed, 1 Sep 2021 03:49:18 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Gzqms4wSrz3PvG for ; Wed, 1 Sep 2021 03:49:17 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wr1-x42e.google.com with SMTP id q14so2301200wrp.3 for ; Tue, 31 Aug 2021 20:49:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=bAz9L+zZapdiWldldlWLQwmDz47wRaDzumeEKmJXVIQ=; b=Pz49D8FhqDibIqPAnUZB40l4Ph0P0I89zqRt4K79oXY5u1JewFtz5ATkwBjjaQt79G SUvwvrvX/UQAaVAHUIcXO9VBn5Puk9I7+2KXjRQ261asYHjPp6lVI5unjOrI22FWYnHT fwz5vL17d21VZ6jpET1JASn8b0OzX8ec7+zeGQd4ZpldOGLlREBb7WWrAz2MPainpUnu yME7tKp0CCjDqgwMDTPnVX25ugRRxjvUeX6olUmlNUb+MtxKgiwQOFlGSWOdRz0T/0vA g4qfUu/By5vBjvIopdwDEAXPd2/UdqmdZ49ngcT+urvK3DMz/6JSDPz0qUt3zIK1xdLD RadQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=bAz9L+zZapdiWldldlWLQwmDz47wRaDzumeEKmJXVIQ=; b=C5I0b1hh4mgc42jcxF810IdzO3UPdKYF3B+wz7RWlGOGRhXyFdI/BkADlBsPi+2WEG kH/a1wIogsrvfGcwgGlRhQQTSOOHEiHmcbP8XMBo9nr3NKBEn0/cEz70IaMtB7v6Y/qk ddIrob+nTo95Oe3FSBsJ0Mwtndve9xEVUbab+/g0gWDzlH5Gzuol7wcVbzunbmqtVlQt NT15udrwgszv4wzPCPfVFzKC8K1S6I68qCDLzT+vjCV7RLLx5OJktWKTIroRWrGvNsyd 7glAw8zQQ0S3BhsA68YPUUeOj290zAaxlcO/PFf4O64CTvcBlHaP/2uG4xMR/vNNi8ku y1cg== X-Gm-Message-State: AOAM530TI62FlLhgtHWstBqkJXwcP+RlGqjn8fSVRnXkc2KiiCnrwZx2 /DdqpOAPvAX/TXhdmKawA6VIDXec2TxMGA== X-Google-Smtp-Source: ABdhPJzOFJ7WEhnLTHw/nnlD47SRoo31K9NPn5N+OypQI9iqjREh44SU8I1u6BkXvCNsOrEStlNMcA== X-Received: by 2002:adf:de8f:: with SMTP id w15mr34956651wrl.277.1630468153968; Tue, 31 Aug 2021 20:49:13 -0700 (PDT) Received: from ?IPv6:2001:470:1f1c:a0::2? (tunnel642390-pt.tunnel.tserv1.lon2.ipv6.he.net. [2001:470:1f1c:a0::2]) by smtp.gmail.com with ESMTPSA id r12sm20509471wrv.96.2021.08.31.20.49.13 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 31 Aug 2021 20:49:13 -0700 (PDT) Subject: Re: firefox 90.0.2,2 will not load mozilla.com To: freebsd-questions@freebsd.org References: From: Graham Perrin Message-ID: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> Date: Wed, 1 Sep 2021 04:49:12 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-GB X-Rspamd-Queue-Id: 4Gzqms4wSrz3PvG X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Pz49D8Fh; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::42e as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::42e:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Sep 2021 03:49:18 -0000 On 31/08/2021 22:12, Doug Denault wrote: >>> … www.mozilla.com uses security technology that is outdated and >>> vulnerable to attack. An attacker could easily reveal information >>> which you thought to be safe. The website administrator will need to >>> fix the server first before you can visit the site. >>> >>> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >>> >>> Others without security (for me) include american.express, >>> google.com, amazon.com and youtube.com. freebsd.org works. As far as >>> I can tell this only affects me. >>> >> >> couple things worth checking: >> - make sure ca_root_nss is on latest version (I'm on v3.69 and not >> seeing this issue) >> - make sure your system clock is in sync >> >> for debugging, maybe try accessing a site via curl.  it may report a >> more helpful error message, or if it works it's possible the issue is >> isolated to firefox. > > Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks > are sync'd using FreeBSD defaults and, curl gave no output. Chrome > works. It seems clear that the lack of any others there is something > firefox does not like about my setup. Do you get the same error for ? (The site to which redirects, for me in the UK.) From owner-freebsd-questions@freebsd.org Wed Sep 1 12:35:23 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 227A8669CF7 for ; Wed, 1 Sep 2021 12:35:23 +0000 (UTC) (envelope-from freebsd-questions@freebsd.org) Received: from nodset2.westsarproperty.com (nodset2.westsarproperty.com [91.194.55.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H03Rt4CnDz4vH3 for ; Wed, 1 Sep 2021 12:35:22 +0000 (UTC) (envelope-from freebsd-questions@freebsd.org) From: freebsd-questions@freebsd.org To: freebsd-questions@freebsd.org Subject: [Important] Ownership Confirmation Date: 1 Sep 2021 12:11:59 +0000 Message-ID: <20210901121159.31A7B0F57A6555E7@freebsd.org> X-Rspamd-Queue-Id: 4H03Rt4CnDz4vH3 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[freebsd.org]; ASN(0.00)[asn:209737, ipnet:91.194.55.0/24, country:TR] MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Sep 2021 12:35:23 -0000 From owner-freebsd-questions@freebsd.org Wed Sep 1 15:25:35 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E41DD66CD52 for ; Wed, 1 Sep 2021 15:25:35 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id 4H07DH1gtDz4mG9 for ; Wed, 1 Sep 2021 15:25:35 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 943289C711 for ; Wed, 1 Sep 2021 15:25:34 +0000 (UTC) Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.16.1/8.16.1) with ESMTPS id 181FPYGO015101 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Wed, 1 Sep 2021 15:25:34 GMT (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.16.1/8.16.1/Submit) with ESMTP id 181FPYK0015097 for ; Wed, 1 Sep 2021 15:25:34 GMT (envelope-from doug@fledge.watson.org) Date: Wed, 1 Sep 2021 15:25:34 +0000 (UTC) From: doug Reply-To: doug@safeport.com To: freebsd-questions@freebsd.org Subject: Re: firefox 90.0.2,2 will not load mozilla.com In-Reply-To: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> Message-ID: <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> References: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4H07DH1gtDz4mG9 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of doug@fledge.watson.org has no SPF policy when checking 204.107.128.30) smtp.mailfrom=doug@fledge.watson.org X-Spamd-Result: default: False [-0.91 / 15.00]; HAS_REPLYTO(0.00)[doug@safeport.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.992]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.986]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_NONE(0.00)[]; NEURAL_HAM_SHORT(-0.93)[-0.929]; CTYPE_MIXED_BOGUS(1.00)[]; DMARC_NA(0.00)[watson.org]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:11288, ipnet:204.107.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Sep 2021 15:25:36 -0000 On Wed, 1 Sep 2021, Graham Perrin wrote: > On 31/08/2021 22:12, Doug Denault wrote: > >>>> ? www.mozilla.com uses security technology that is outdated and >>>> vulnerable to attack. An attacker could easily reveal information >>>> which you thought to be safe. The website administrator will need to >>>> fix the server first before you can visit the site. >>>> >>>> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >>>> >>>> Others without security (for me) include american.express, >>>> google.com, amazon.com and youtube.com. freebsd.org works. As far as >>>> I can tell this only affects me. >>>> >>> >>> couple things worth checking: >>> - make sure ca_root_nss is on latest version (I'm on v3.69 and not >>> seeing this issue) >>> - make sure your system clock is in sync >>> >>> for debugging, maybe try accessing a site via curl.  it may report a >>> more helpful error message, or if it works it's possible the issue is >>> isolated to firefox. >> >> Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks >> are sync'd using FreeBSD defaults and, curl gave no output. Chrome >> works. It seems clear that the lack of any others there is something >> firefox does not like about my setup. > > > Do you get the same error for ? > (The site to which redirects, for me in the UK.) No, wow! How did you come up with that?? That works as does onelook.com, safeport.com and all the sites we host and random others. After I posted this I found that libreoffice was also broken by the thunderbird install and upgrades. It was missing 8 dynamic libraries. I added the missing files from another workstation and got libreoffice to start but it only wanted to recover my "lost" files. Removing libreoffice and all its dependencies fixed that issue. I am wondering if my particular combination of packages has another "hidden" dependency. I stored my bookmarks using the facility that allows sync-ing. That does not work. Other than that firefox works perfectly on the sites it will load. From owner-freebsd-questions@freebsd.org Wed Sep 1 15:37:05 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 03DE766CE78 for ; Wed, 1 Sep 2021 15:37:05 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id 4H07TX27blz4pH6 for ; Wed, 1 Sep 2021 15:37:04 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 32E1A9A191 for ; Wed, 1 Sep 2021 15:37:04 +0000 (UTC) Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.16.1/8.16.1) with ESMTPS id 181Fb4RM016235 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Wed, 1 Sep 2021 15:37:04 GMT (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.16.1/8.16.1/Submit) with ESMTP id 181Fb3Dc016232 for ; Wed, 1 Sep 2021 15:37:03 GMT (envelope-from doug@fledge.watson.org) Date: Wed, 1 Sep 2021 15:37:03 +0000 (UTC) From: doug Reply-To: doug@safeport.com To: freebsd-questions@freebsd.org Subject: Re: firefox 90.0.2,2 will not load mozilla.com In-Reply-To: <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> Message-ID: References: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4H07TX27blz4pH6 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of doug@fledge.watson.org has no SPF policy when checking 204.107.128.30) smtp.mailfrom=doug@fledge.watson.org X-Spamd-Result: default: False [-0.99 / 15.00]; HAS_REPLYTO(0.00)[doug@safeport.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_NONE(0.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.989]; CTYPE_MIXED_BOGUS(1.00)[]; DMARC_NA(0.00)[watson.org]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:11288, ipnet:204.107.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Sep 2021 15:37:05 -0000 On Wed, 1 Sep 2021, doug wrote: > > > On Wed, 1 Sep 2021, Graham Perrin wrote: > >> On 31/08/2021 22:12, Doug Denault wrote: >> >>>>> ? www.mozilla.com uses security technology that is outdated and >>>>> vulnerable to attack. An attacker could easily reveal information >>>>> which you thought to be safe. The website administrator will need to >>>>> fix the server first before you can visit the site. >>>>> >>>>> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >>>>> >>>>> Others without security (for me) include american.express, >>>>> google.com, amazon.com and youtube.com. freebsd.org works. As far as >>>>> I can tell this only affects me. >>>>> >>>> >>>> couple things worth checking: >>>> - make sure ca_root_nss is on latest version (I'm on v3.69 and not >>>> seeing this issue) >>>> - make sure your system clock is in sync >>>> >>>> for debugging, maybe try accessing a site via curl.  it may report a >>>> more helpful error message, or if it works it's possible the issue is >>>> isolated to firefox. >>> >>> Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks >>> are sync'd using FreeBSD defaults and, curl gave no output. Chrome >>> works. It seems clear that the lack of any others there is something >>> firefox does not like about my setup. >> >> >> Do you get the same error for ? >> (The site to which redirects, for me in the UK.) > > No, wow! How did you come up with that?? That works as does onelook.com, > safeport.com and all the sites we host and random others. After I posted > this I found that libreoffice was also broken by the thunderbird install > and upgrades. It was missing 8 dynamic libraries. I added the missing files > from another workstation and got libreoffice to start but it only wanted to > recover my "lost" files. Removing libreoffice and all its dependencies > fixed that issue. I am wondering if my particular combination of packages > has another "hidden" dependency. I stored my bookmarks using the facility > that allows sync-ing. That does not work. Other than that firefox works > perfectly on the sites it will load. > _______________________________________________ Well cool. After posting this I went back and did it again. Now https://www.mozilla.org/en-GB/firefox/ no longer works. Clearly my combination of things if a one-of-a-kind. From owner-freebsd-questions@freebsd.org Thu Sep 2 06:07:41 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2C71B678DB8 for ; Thu, 2 Sep 2021 06:07:41 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id 4H0Vp367Kjz4m5d for ; Thu, 2 Sep 2021 06:07:39 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 6712291E03 for ; Thu, 2 Sep 2021 06:07:39 +0000 (UTC) Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.16.1/8.16.1) with ESMTPS id 18267du3093903 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Thu, 2 Sep 2021 06:07:39 GMT (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.16.1/8.16.1/Submit) with ESMTP id 18267dLG093900 for ; Thu, 2 Sep 2021 06:07:39 GMT (envelope-from doug@fledge.watson.org) Date: Thu, 2 Sep 2021 06:07:39 +0000 (UTC) From: doug Reply-To: doug@safeport.com To: freebsd-questions@freebsd.org Subject: Re: firefox 90.0.2,2 will not load mozilla.com In-Reply-To: Message-ID: References: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4H0Vp367Kjz4m5d X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of doug@fledge.watson.org has no SPF policy when checking 204.107.128.30) smtp.mailfrom=doug@fledge.watson.org X-Spamd-Result: default: False [1.00 / 15.00]; HAS_REPLYTO(0.00)[doug@safeport.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; CTYPE_MIXED_BOGUS(1.00)[]; DMARC_NA(0.00)[watson.org]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:11288, ipnet:204.107.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 06:07:41 -0000 On Wed, 1 Sep 2021, doug wrote: > On Wed, 1 Sep 2021, doug wrote: > >> >> >> On Wed, 1 Sep 2021, Graham Perrin wrote: >> >>> On 31/08/2021 22:12, Doug Denault wrote: >>> >>>>>> ? www.mozilla.com uses security technology that is outdated and >>>>>> vulnerable to attack. An attacker could easily reveal information >>>>>> which you thought to be safe. The website administrator will need to >>>>>> fix the server first before you can visit the site. >>>>>> >>>>>> Error code: NS_ERROR_NET_INADEQUATE_SECURITY >>>>>> >>>>>> Others without security (for me) include american.express, >>>>>> google.com, amazon.com and youtube.com. freebsd.org works. As far as >>>>>> I can tell this only affects me. >>>>>> >>>>> >>>>> couple things worth checking: >>>>> - make sure ca_root_nss is on latest version (I'm on v3.69 and not >>>>> seeing this issue) >>>>> - make sure your system clock is in sync >>>>> >>>>> for debugging, maybe try accessing a site via curl.  it may report a >>>>> more helpful error message, or if it works it's possible the issue is >>>>> isolated to firefox. >>>> >>>> Thanks Pete, I did update ca_root [ca_root_nss: 3.58 -> 3.63]. Clocks >>>> are sync'd using FreeBSD defaults and, curl gave no output. Chrome >>>> works. It seems clear that the lack of any others there is something >>>> firefox does not like about my setup. >>> >>> >>> Do you get the same error for ? >>> (The site to which redirects, for me in the UK.) >> >> No, wow! How did you come up with that?? That works as does onelook.com, >> safeport.com and all the sites we host and random others. After I posted >> this I found that libreoffice was also broken by the thunderbird install >> and upgrades. It was missing 8 dynamic libraries. I added the missing files >> from another workstation and got libreoffice to start but it only wanted to >> recover my "lost" files. Removing libreoffice and all its dependencies >> fixed that issue. I am wondering if my particular combination of packages >> has another "hidden" dependency. I stored my bookmarks using the facility >> that allows sync-ing. That does not work. Other than that firefox works >> perfectly on the sites it will load. >> _______________________________________________ > > Well cool. After posting this I went back and did it again. Now > https://www.mozilla.org/en-GB/firefox/ no longer works. Clearly my > combination of things if a one-of-a-kind. > _______________________________________________ > On a test system I followed the same upgrade path getting the same firefox errors. Following a suggestion I got on the Facebook group, I did a upgrade all. This fixes firefox. I think that means firefox requires something in xfce or Xorg be upgraded. E.g, a missing dependency From owner-freebsd-questions@freebsd.org Thu Sep 2 08:13:32 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 88DD367B40E for ; Thu, 2 Sep 2021 08:13:32 +0000 (UTC) (envelope-from mark@tinka.africa) Received: from the-host.tinka.africa (ge-1.ln-01-jnb.za.seacomnet.com [105.28.96.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0YbH67X6z3tYH for ; Thu, 2 Sep 2021 08:13:31 +0000 (UTC) (envelope-from mark@tinka.africa) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tinka.africa; s=tinka; h=Content-Type:MIME-Version:Date:Message-ID:To: Subject:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=NhPUQn7UHWVDHhDGaBvSYQXnU2Yvdu5F1MWF+VyQ5Co=; b=jQKOlhyuaHAaKe8hHj+aHhBapF 1igJAHCGvnmo5juf4wnlVp677mL1cR5rbPEU5DtjVrOx1/1BAZY3/8WW2MV5DsY7K4bv5A+RX/pNs +ogWfidLQw3uUOroVTK5Os8vLSnbz+RnvJ7Wz8K8ersXuywVmaz9VsGRLKkDg1hTVfA5Rg3DFAI5p qCV+iyK8cJI9Q9vdHGSQDbNiNrL9d6qjSzyNil6H0Jel+ztG231BSYZ+ffgqWC1LYXM70JhaRP42j Jhe4R4dW7W1UlIsuKtc+rlJq2O7LS3hcvjTXxch08EC8rw+t6rISedvMgMZTSs+6yCJxI8LjNVqS1 xEoKneYQ==; Received: from [127.0.0.1] (helo=Marks-MacBook-Pro.local) by the-host.tinka.africa with esmtp (Exim 4.94) (envelope-from ) id QYSS6H-0009FM-6V for freebsd-questions@freebsd.org; Thu, 02 Sep 2021 10:13:29 +0200 From: Mark Tinka Subject: BIND 'max-cache-size' Value on FreeBSD-13.0 To: freebsd-questions@freebsd.org Message-ID: Date: Thu, 2 Sep 2021 10:13:23 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 Content-Language: en-US X-Rspamd-Queue-Id: 4H0YbH67X6z3tYH X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tinka.africa header.s=tinka header.b=jQKOlhyu; dmarc=pass (policy=none) header.from=tinka.africa; spf=pass (mx1.freebsd.org: domain of mark@tinka.africa designates 105.28.96.5 as permitted sender) smtp.mailfrom=mark@tinka.africa X-Spamd-Result: default: False [-3.00 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tinka.africa:s=tinka]; FREEFALL_USER(0.00)[mark]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:105.28.96.5]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[tinka.africa:+]; HFILTER_HELO_2(1.00)[the-host.tinka.africa]; DMARC_POLICY_ALLOW(-0.50)[tinka.africa,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:37100, ipnet:105.16.0.0/12, country:MU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 08:13:32 -0000 Hi all. Ever since we moved from BIND-9.11 to BIND-9.16, we've been experiencing 'named' crashing after 24hrs - 36hrs on high-load resolver-only servers, running on FreeBSD-13.0. We found that the reason for this was due to BIND running out of swap space. An increase in swap space by creating a 4GB swap file did not help. So we are now playing with the 'max-cache-size' value in BIND. The system has 15GB of physical RAM. Limiting BIND to 13GB of memory does not work; 'named' still crashes due to a lack of swap space. We have then switched to % values, and it's still crashing for the same reason at 90% and now 80%. We are now testing 70%. Anyone have some idea of how we can get this under control? Is there a possibility that BIND is not properly understanding how much physical RAM is available to FreeBSD, and just burns through it anyway, tripping swap space in the process? I can't think of any reason why BIND would keep burning RAM if it has been told to limit its demand to a certain value or %. All help appreciated. Thanks. Mark. From owner-freebsd-questions@freebsd.org Thu Sep 2 08:32:58 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C2AA067B6A0 for ; Thu, 2 Sep 2021 08:32:58 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0Z1k4xQhz4V1Q for ; Thu, 2 Sep 2021 08:32:58 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "R3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 76AD9B61 for ; Thu, 2 Sep 2021 08:32:58 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from PD0786.local (unknown [IPv6:2001:8b0:151:1:e84f:8889:ff36:826e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 67E495D6A for ; Thu, 2 Sep 2021 08:32:56 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/67E495D6A; dkim=none; dkim-atps=neutral Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 To: freebsd-questions@freebsd.org References: From: Matthew Seaman Message-ID: <57a5c2ef-87c1-dd1a-775e-acae89b0bbbc@FreeBSD.org> Date: Thu, 2 Sep 2021 09:32:55 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 08:32:58 -0000 On 02/09/2021 09:13, Mark Tinka wrote: > Hi all. > > Ever since we moved from BIND-9.11 to BIND-9.16, we've been experiencing > 'named' crashing after 24hrs - 36hrs on high-load resolver-only servers, > running on FreeBSD-13.0. > > We found that the reason for this was due to BIND running out of swap > space. > > An increase in swap space by creating a 4GB swap file did not help. > > So we are now playing with the 'max-cache-size' value in BIND. The > system has 15GB of physical RAM. Limiting BIND to 13GB of memory does > not work; 'named' still crashes due to a lack of swap space. > > We have then switched to % values, and it's still crashing for the same > reason at 90% and now 80%. > > We are now testing 70%. > > Anyone have some idea of how we can get this under control? > > Is there a possibility that BIND is not properly understanding how much > physical RAM is available to FreeBSD, and just burns through it anyway, > tripping swap space in the process? I can't think of any reason why BIND > would keep burning RAM if it has been told to limit its demand to a > certain value or %. > > All help appreciated. Thanks. Hmmm.... unlike many big opensource groups, ISC has traditionally used FreeBSD extensively as a development platform, so they should be on top of the differences between FreeBSD and Linux with regard to memory management. You've clearly got some sort of memory leak, which you are attributing to bind not managing its cache correctly. I think that may possibly be a red-herring, and the leak is occurring in some other aspect of bind operation. But what that might be I have no idea. I suggest asking on the bind-users@lists.isc.org mailing list, as that's where the ISC devs and many bind specialists hang out. Cheers, Matthew From owner-freebsd-questions@freebsd.org Thu Sep 2 10:02:57 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 035BA67C7D1 for ; Thu, 2 Sep 2021 10:02:57 +0000 (UTC) (envelope-from cpanel@freebsd.org) Received: from freebsd.org (pppoe-static.82.209.221.201.telecom.mogilev.by [82.209.221.201]) by mx1.freebsd.org (Postfix) with ESMTP id 4H0c1W70Psz4vgd for ; Thu, 2 Sep 2021 10:02:55 +0000 (UTC) (envelope-from cpanel@freebsd.org) From: cPanel on freebsd.org To: freebsd-questions@freebsd.org Subject: [ freebsd.org =?UTF-8?B?XSBXQVJOSU5HOiBUaGUg4oCc?=freebsd-questions@freebsd.org=?UTF-8?B?4oCdIGVtYWlsIGFjY291bnQgaXMgbmVhcmx5IGZ1bGw=?= Date: 2 Sep 2021 13:02:47 +0300 Message-ID: <20210902130247.621E8474BB32B51F@freebsd.org> X-Rspamd-Queue-Id: 4H0c1W70Psz4vgd X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[freebsd.org]; ASN(0.00)[asn:6697, ipnet:82.209.192.0/18, country:BY] MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 10:02:57 -0000 From owner-freebsd-questions@freebsd.org Thu Sep 2 11:19:51 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 53A9967DE24 for ; Thu, 2 Sep 2021 11:19:51 +0000 (UTC) (envelope-from mark@tinka.africa) Received: from the-host.tinka.africa (the-host.tinka.africa [105.22.37.14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0dkG3pQpz3qbF for ; Thu, 2 Sep 2021 11:19:50 +0000 (UTC) (envelope-from mark@tinka.africa) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tinka.africa; s=tinka; h=Content-Transfer-Encoding:Content-Type:In-Reply-To :MIME-Version:Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=8LQx+SeTzvte6bXccB/TR9FMVd6fx/oyWQTsHW+fE5Y=; b=Hd3L3Mu3EH6GsPg6siOuOEeAsh jivCelRQS0agzsW3PeGYgumpiOj1T0GhLsrPVk/+wrnPcJesoTtf24+K0UzfR2wUID5HNx6LKBsws 8+2FOaLFtiDOwlThKdaJBjX0KmTcw222WaByy7RwUJOSc1EvAHvW5FCx2xG9+Vi2dS/tbHN9DUyhP yTILDr1bTpGnKiGls+VpwcZs1Zt5FWqs/iWeC2jdu96qawK0v7n/exG0SN1ag84CLyf0Yz2EtpI10 f3VABHl5LYpKD++uQHYmMOIpriLL+yAJSN56AbPOGzZSojAjjC7SayerjnnbfJfE4LPnFKkUK+eIa H3NUFnaQ==; Received: from [127.0.0.1] (helo=Marks-MacBook-Pro.local) by the-host.tinka.africa with esmtp (Exim 4.94) (envelope-from ) id QYT0SR-0000SF-MG for freebsd-questions@freebsd.org; Thu, 02 Sep 2021 13:19:39 +0200 Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 To: freebsd-questions@freebsd.org References: <57a5c2ef-87c1-dd1a-775e-acae89b0bbbc@FreeBSD.org> From: Mark Tinka Message-ID: <432ec6e9-bcb7-b933-006f-a0accc2be6fb@tinka.africa> Date: Thu, 2 Sep 2021 13:19:39 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <57a5c2ef-87c1-dd1a-775e-acae89b0bbbc@FreeBSD.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4H0dkG3pQpz3qbF X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tinka.africa header.s=tinka header.b=Hd3L3Mu3; dmarc=pass (policy=none) header.from=tinka.africa; spf=pass (mx1.freebsd.org: domain of mark@tinka.africa designates 105.22.37.14 as permitted sender) smtp.mailfrom=mark@tinka.africa X-Spamd-Result: default: False [-2.60 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tinka.africa:s=tinka]; FREEFALL_USER(0.00)[mark]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:105.22.37.14]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[tinka.africa:+]; HFILTER_HELO_2(1.00)[the-host.tinka.africa]; DMARC_POLICY_ALLOW(-0.50)[tinka.africa,none]; NEURAL_HAM_SHORT(-0.60)[-0.601]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:37100, ipnet:105.16.0.0/12, country:MU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 11:19:51 -0000 On 9/2/21 10:32, Matthew Seaman wrote: > > Hmmm.... unlike many big opensource groups, ISC has traditionally used > FreeBSD extensively as a development platform, so they should be on > top of the differences between FreeBSD and Linux with regard to memory > management. > > You've clearly got some sort of memory leak, which you are attributing > to bind not managing its cache correctly.  I think that may possibly > be a red-herring, and the leak is occurring in some other aspect of > bind operation.  But what that might be I have no idea. > > I suggest asking on the bind-users@lists.isc.org mailing list, as > that's where the ISC devs and many bind specialists hang out. Thanks, Matthew. I'll try on the BIND list as well. Mark. From owner-freebsd-questions@freebsd.org Thu Sep 2 17:53:52 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 07E6366375A for ; Thu, 2 Sep 2021 17:53:52 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id 4H0pSt4m2Hz3m6Y for ; Thu, 2 Sep 2021 17:53:50 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 0491F42C25; Thu, 2 Sep 2021 17:53:50 +0000 (UTC) Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.16.1/8.16.1) with ESMTPS id 182HrnRo073290 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Thu, 2 Sep 2021 17:53:49 GMT (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.16.1/8.16.1/Submit) with ESMTP id 182Hrn5X073287; Thu, 2 Sep 2021 17:53:49 GMT (envelope-from doug@fledge.watson.org) Date: Thu, 2 Sep 2021 17:53:49 +0000 (UTC) From: doug Reply-To: doug@safeport.com To: Mark Tinka cc: freebsd-questions@freebsd.org Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 In-Reply-To: <432ec6e9-bcb7-b933-006f-a0accc2be6fb@tinka.africa> Message-ID: References: <57a5c2ef-87c1-dd1a-775e-acae89b0bbbc@FreeBSD.org> <432ec6e9-bcb7-b933-006f-a0accc2be6fb@tinka.africa> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4H0pSt4m2Hz3m6Y X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of doug@fledge.watson.org has no SPF policy when checking 204.107.128.30) smtp.mailfrom=doug@fledge.watson.org X-Spamd-Result: default: False [-1.00 / 15.00]; HAS_REPLYTO(0.00)[doug@safeport.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; DMARC_NA(0.00)[watson.org]; AUTH_NA(1.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; CTYPE_MIXED_BOGUS(1.00)[]; RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:11288, ipnet:204.107.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 17:53:52 -0000 On Thu, 2 Sep 2021, Mark Tinka wrote: > On 9/2/21 10:32, Matthew Seaman wrote: > >> >> Hmmm.... unlike many big opensource groups, ISC has traditionally used >> FreeBSD extensively as a development platform, so they should be on >> top of the differences between FreeBSD and Linux with regard to memory >> management. >> >> You've clearly got some sort of memory leak, which you are attributing >> to bind not managing its cache correctly.  I think that may possibly >> be a red-herring, and the leak is occurring in some other aspect of >> bind operation.  But what that might be I have no idea. >> >> I suggest asking on the bind-users@lists.isc.org mailing list, as >> that's where the ISC devs and many bind specialists hang out. > > Thanks, Matthew. > > I'll try on the BIND list as well. > > Mark. > _______________________________________________ > Have you checked for disk errors? From owner-freebsd-questions@freebsd.org Thu Sep 2 19:17:38 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3C64B664B8B for ; Thu, 2 Sep 2021 19:17:38 +0000 (UTC) (envelope-from mark@tinka.africa) Received: from the-host.tinka.africa (the-host.tinka.africa [105.22.37.14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0rKX52yVz4fJc for ; Thu, 2 Sep 2021 19:17:36 +0000 (UTC) (envelope-from mark@tinka.africa) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tinka.africa; s=tinka; h=Content-Transfer-Encoding:Content-Type:In-Reply-To :MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=rq8yo+KFEBaPKAe1YWsUfzwSfwM5imkSdpOCB2baguk=; b=fTeO7sBMia3dsCKMtazKMvERLO S89tAyoB3r+Z2w8slfCVWZvKIpuVqwFRDuLoBdTX5DNbJEnEtVYdHu+nsLQIwgD2adA2H+w0yYBfj Z4786t+/7rBiVlNadygiWBAtMSad7yA3JSB7LFaL8j9sZY0/tJ1gG629/3DWnosBi0lhfr7EWZ6pC hRUdbKmeW4bKjRL21WsLSE3GzyFoeuKsiy4G9ZNFLaC+0vvK0iV3Z4MIdSzXYpv/Wr0S+/3NV8SHT maVdG8FqZ7l6Z3DXMpKsQF1qbzIp/ypr0g0XzWX0I7bKF71QzbuAWicKK8sA9btG5nBsoILcbKOBD hUaAC+NA==; Received: from [127.0.0.1] (helo=Marks-MacBook-Pro.local) by the-host.tinka.africa with esmtp (Exim 4.94) (envelope-from ) id QYTMX6-0004VO-JN; Thu, 02 Sep 2021 21:17:30 +0200 Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 To: doug@safeport.com Cc: freebsd-questions@freebsd.org References: <57a5c2ef-87c1-dd1a-775e-acae89b0bbbc@FreeBSD.org> <432ec6e9-bcb7-b933-006f-a0accc2be6fb@tinka.africa> From: Mark Tinka Message-ID: <63f0861f-3b81-804c-990b-6c214d71ff30@tinka.africa> Date: Thu, 2 Sep 2021 21:17:29 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 4H0rKX52yVz4fJc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tinka.africa header.s=tinka header.b=fTeO7sBM; dmarc=pass (policy=none) header.from=tinka.africa; spf=pass (mx1.freebsd.org: domain of mark@tinka.africa designates 105.22.37.14 as permitted sender) smtp.mailfrom=mark@tinka.africa X-Spamd-Result: default: False [-3.00 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tinka.africa:s=tinka]; FREEFALL_USER(0.00)[mark]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:105.22.37.14]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tinka.africa:+]; RCPT_COUNT_TWO(0.00)[2]; HFILTER_HELO_2(1.00)[the-host.tinka.africa]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[tinka.africa,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:37100, ipnet:105.16.0.0/12, country:MU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 19:17:38 -0000 On 9/2/21 19:53, doug wrote: > Have you checked for disk errors? It's running on a VM with ample resources. No disk issues. I've had the issue happen on another box on a VM in another city too, same deal. This only happens on name servers under load. Mark. From owner-freebsd-questions@freebsd.org Thu Sep 2 20:12:12 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC0EF665DCE for ; Thu, 2 Sep 2021 20:12:12 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0sXW6TRWz4vHX for ; Thu, 2 Sep 2021 20:12:11 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-ot1-x334.google.com with SMTP id c42-20020a05683034aa00b0051f4b99c40cso4102681otu.0 for ; Thu, 02 Sep 2021 13:12:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:from:date:message-id:subject:to; bh=SpaLXVc2iL8wWzIN8nSk+eeO4GbHsQTPn39VWVnzkD0=; b=Dn1EYtvaEH4nmnNaxl8XQlctnrOehN4xQP8+XcXpLbXemSL53/1RhdhVTof+/3hMn9 cekTrcSwAqIXotJK0vLZJN3W6Pa3UtrEmHumfMPxFW2yUdLAUqanwecTosKWoFEqoADP fr+mZYIaKuVnovgQ6Iq4Z162/D8TXF44bEeQ5zcpU3ahfRxW4t/U4drn8bMh+23zic/z +gvZrJvueVYwznbLVLwLnS7FIALL6JionKooGEwY9hY7TLh9dZJKmyTCFSVr/OzdreRz shSfFPfyE/SS+kLUyHxuGQzkW/MEgunPF1G/R1VVakbniJ08u4PN82dQlfRkx6XfCoUl slDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SpaLXVc2iL8wWzIN8nSk+eeO4GbHsQTPn39VWVnzkD0=; b=VrA3leffuPrzDZXv+ZShgP1bAq2CXpLNeN3rvxs1+PQ65XoaehqnUQSYnM/cnxHsIs 5l3XqDJHefy7754RSEfMgd0vwTJrAobg3H2RCKR2REimNaQcmZ7MtE1xtaV1CqSUZJu+ B6p9eHt7aqzT2KnuaG7ql3FNmKTrxp4bBTWiBktwZ1zi89gTpZXs/WoneljxczailWLF eMf4EYxySanOVENdnSMDEbS47RtRq7qfPHPSbkY9uD9ztlXPF1ADNPAWP9zH57SNoIMu x7S2ydQKf3yz/6IvMAPwb6LcMNyEPkDkgrmWuj+DOMc44TJLwDVULdPiLrT8r4LeBDe0 vnXg== X-Gm-Message-State: AOAM530iuBKi52tc14Ifzsr3uW0b+4QVtz4WYaLGY2Zt0pqr3I5sAEtc Kiov9e2ieRQT0ZN2mi1OW/4mHlMDtJlQefL22eUydw== X-Google-Smtp-Source: ABdhPJx/EuVcgRMsA96+LqgLypsDALEkZ7fF3VRLmyRhVvrcq7YiPPkf2atYZ6xWVbEc/ePSqlJoC8gbBQl76PZ+Fus= X-Received: by 2002:a9d:73d5:: with SMTP id m21mr20001otk.358.1630613525502; Thu, 02 Sep 2021 13:12:05 -0700 (PDT) MIME-Version: 1.0 From: Tomasz CEDRO Date: Thu, 2 Sep 2021 22:11:31 +0200 Message-ID: Subject: malware in gpu adress space To: freebsd-desktop@freebsd.org, FreeBSD Questions Mailing List Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4H0sXW6TRWz4vHX X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=Dn1EYtva; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::334) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-3.30 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cedro.info]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::334:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 20:12:12 -0000 Hello world :-) I have found that article on hiding malware/rootkit in GPU address space using OpenCL 2.0+ and launching it from there as evasion on antivirus software. https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/ Is it bug/feature of Windows GPU drivers? Is it bug/feature of OpenCL? Is it possible on FreeBSD? :-) -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-questions@freebsd.org Thu Sep 2 20:32:57 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A5BF7666999 for ; Thu, 2 Sep 2021 20:32:57 +0000 (UTC) (envelope-from merlyn@geeks.org) Received: from mail.geeks.org (mail.geeks.org [IPv6:2001:4980:3333:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0t0T04LMz3H5N for ; Thu, 2 Sep 2021 20:32:56 +0000 (UTC) (envelope-from merlyn@geeks.org) Received: from mail.geeks.org (localhost [127.0.0.1]) by after-clamsmtpd.geeks.org (Postfix) with ESMTP id F14859D6B for ; Thu, 2 Sep 2021 15:32:49 -0500 (CDT) Received: by mail.geeks.org (Postfix, from userid 1003) id DA7D39DEA; Thu, 2 Sep 2021 15:32:49 -0500 (CDT) Date: Thu, 2 Sep 2021 15:32:49 -0500 From: Doug McIntyre To: freebsd-questions@freebsd.org Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Virus-Scanned: ClamAV using ClamSMTP X-Rspamd-Queue-Id: 4H0t0T04LMz3H5N X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of merlyn@geeks.org designates 2001:4980:3333:1::1 as permitted sender) smtp.mailfrom=merlyn@geeks.org X-Spamd-Result: default: False [-3.30 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[geeks.org]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7753, ipnet:2001:4980::/32, country:US]; RCVD_TLS_LAST(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 20:32:57 -0000 On Thu, Sep 02, 2021 at 10:13:23AM +0200, Mark Tinka wrote: > Ever since we moved from BIND-9.11 to BIND-9.16, we've been experiencing > 'named' crashing after 24hrs - 36hrs on high-load resolver-only servers, > running on FreeBSD-13.0. > We found that the reason for this was due to BIND running out of swap space. I remember a while back on an older specific version of BIND, that there was a memory cache leakage bug in BIND specificly on FreeBSD and no other OS; that I filed a ticket with ISC on. They were able to identify it and fix it on the next version. I'm running BIND 9.16 but still mostly back on FreeBSD 12.2. From owner-freebsd-questions@freebsd.org Thu Sep 2 20:40:57 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 576866665EC for ; Thu, 2 Sep 2021 20:40:57 +0000 (UTC) (envelope-from mark@tinka.africa) Received: from the-host.tinka.africa (the-host.tinka.africa [105.22.37.14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0t9h3SR6z3KbL for ; Thu, 2 Sep 2021 20:40:56 +0000 (UTC) (envelope-from mark@tinka.africa) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tinka.africa; s=tinka; h=Content-Transfer-Encoding:Content-Type:In-Reply-To :MIME-Version:Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tZJHVEE6bxIatmsiEKH3SyN3nZoGagMbm2hsjj/liPo=; b=wnLwpIz3Xqovc21BW0WIk72tXr N0fKO7MFWeR0argX4ZuEUc6Wd5Z5DD2gxwhPd9JpTujrkRsvTZ3AiMJkulOQDR85xB0NkRTD3wI+u vp8Wx7XM8O3bT+KTKnKYcr0P5/cBdQavKB4Mg3RKqsfftGjydiWM7spvw7s3f4Jw5yooCLYQ8TWHo n7YJuz23boeXjxWhLfDvd8PVWs6nEZqcSHdqNKhj3Dotlc6AzPU97fsOJOy+Oxz5GJCAWGrihyjBh mmcW7ak+XIpZZdaCNB7SqRjizakPDScpB1xCUO1NoPJ+1F+VX5A3df3bjJO+1gsdfbuP8dgOnE5Ui ME/M2Iuw==; Received: from [127.0.0.1] (helo=Marks-MacBook-Pro.local) by the-host.tinka.africa with esmtp (Exim 4.94) (envelope-from ) id QYTQS3-0006ZN-FR for freebsd-questions@freebsd.org; Thu, 02 Sep 2021 22:40:51 +0200 Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 To: freebsd-questions@freebsd.org References: From: Mark Tinka Message-ID: <17a6c714-67a9-7c88-7628-d56368dcd172@tinka.africa> Date: Thu, 2 Sep 2021 22:40:50 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 4H0t9h3SR6z3KbL X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tinka.africa header.s=tinka header.b=wnLwpIz3; dmarc=pass (policy=none) header.from=tinka.africa; spf=pass (mx1.freebsd.org: domain of mark@tinka.africa designates 105.22.37.14 as permitted sender) smtp.mailfrom=mark@tinka.africa X-Spamd-Result: default: False [-3.00 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tinka.africa:s=tinka]; FREEFALL_USER(0.00)[mark]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:105.22.37.14]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[tinka.africa:+]; HFILTER_HELO_2(1.00)[the-host.tinka.africa]; DMARC_POLICY_ALLOW(-0.50)[tinka.africa,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:37100, ipnet:105.16.0.0/12, country:MU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 20:40:57 -0000 On 9/2/21 22:32, Doug McIntyre wrote: > I remember a while back on an older specific version of BIND, that > there was a memory cache leakage bug in BIND specificly on FreeBSD > and no other OS; that I filed a ticket with ISC on. Might you recall the ticket ID? > They were able to identify it and fix it on the next version. > > I'm running BIND 9.16 but still mostly back on FreeBSD 12.2. 9.11 was solid on FreeBSD-13.0. Only after moving to 9.16(.19|20) did this swap issue begin. Mark. From owner-freebsd-questions@freebsd.org Thu Sep 2 21:05:30 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 155A266770B for ; Thu, 2 Sep 2021 21:05:30 +0000 (UTC) (envelope-from merlyn@geeks.org) Received: from mail.geeks.org (jacobs.geeks.org [204.153.247.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0tk10qTjz3hdR for ; Thu, 2 Sep 2021 21:05:29 +0000 (UTC) (envelope-from merlyn@geeks.org) Received: from mail.geeks.org (localhost [127.0.0.1]) by after-clamsmtpd.geeks.org (Postfix) with ESMTP id F117C9D77 for ; Thu, 2 Sep 2021 16:05:21 -0500 (CDT) Received: by mail.geeks.org (Postfix, from userid 1003) id E1B4B9DFE; Thu, 2 Sep 2021 16:05:21 -0500 (CDT) Date: Thu, 2 Sep 2021 16:05:21 -0500 From: Doug McIntyre To: freebsd-questions@freebsd.org Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 Message-ID: References: <17a6c714-67a9-7c88-7628-d56368dcd172@tinka.africa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <17a6c714-67a9-7c88-7628-d56368dcd172@tinka.africa> X-Virus-Scanned: ClamAV using ClamSMTP X-Rspamd-Queue-Id: 4H0tk10qTjz3hdR X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of merlyn@geeks.org designates 204.153.247.1 as permitted sender) smtp.mailfrom=merlyn@geeks.org X-Spamd-Result: default: False [-3.30 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[geeks.org]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7753, ipnet:204.153.244.0/22, country:US]; RCVD_TLS_LAST(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 21:05:30 -0000 On Thu, Sep 02, 2021 at 10:40:50PM +0200, Mark Tinka wrote: > On 9/2/21 22:32, Doug McIntyre wrote: > > > I remember a while back on an older specific version of BIND, that > > there was a memory cache leakage bug in BIND specificly on FreeBSD > > and no other OS; that I filed a ticket with ISC on. > > Might you recall the ticket ID? Sorry, I can't find it, and the older bugs system is shutdow. In checking out their newer gitlab, I do find similar problems reported. https://gitlab.isc.org/isc-projects/bind9/-/issues/2639 From owner-freebsd-questions@freebsd.org Thu Sep 2 21:34:19 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 41965667C1F for ; Thu, 2 Sep 2021 21:34:19 +0000 (UTC) (envelope-from mark@tinka.africa) Received: from the-host.tinka.africa (the-host.tinka.africa [105.22.37.14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0vMG3slnz3sCt for ; Thu, 2 Sep 2021 21:34:18 +0000 (UTC) (envelope-from mark@tinka.africa) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tinka.africa; s=tinka; h=Content-Transfer-Encoding:Content-Type:In-Reply-To :MIME-Version:Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=k+RQqk0M5lcActjwTeGXHsCfH0jAgGpy7a+5+fNOUF8=; b=kKu1rU97fMsPgdEZUbnmRG5329 gxQ9fLL0ONdbGHpuSqkZObQO1GYwH2OZYMocZKkTNy254b1HGUAtR8hi91yE9wLsia0EazQ5IWq7w 6GcWkPqW3sZhn1xfosn8j9B75R8bDkGzU0MANbM45+qXPoHjLMaklkBIJkv6cJmYreIjFUvkc7ceA MwuL3z9QJUqTRY/ftsoG/qPXStMVuDTp20G7Z0tC0IC1wUgK9Mcmpmclqf5iMHwppklfTZFMtjsog 9fxwix+hyczHqhUTCjUY4UIVoNAnKZF0TNj9JYDPPiuwLOEp1THqi69UR19A3fytIW8F59oXLlMv2 ogkqrehA==; Received: from [127.0.0.1] (helo=Marks-MacBook-Pro.local) by the-host.tinka.africa with esmtp (Exim 4.94) (envelope-from ) id QYTT93-0007OB-PL for freebsd-questions@freebsd.org; Thu, 02 Sep 2021 23:34:15 +0200 Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 To: freebsd-questions@freebsd.org References: <17a6c714-67a9-7c88-7628-d56368dcd172@tinka.africa> From: Mark Tinka Message-ID: <6cce62ef-d045-379d-583b-d8f0d497800b@tinka.africa> Date: Thu, 2 Sep 2021 23:34:14 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4H0vMG3slnz3sCt X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tinka.africa header.s=tinka header.b=kKu1rU97; dmarc=pass (policy=none) header.from=tinka.africa; spf=pass (mx1.freebsd.org: domain of mark@tinka.africa designates 105.22.37.14 as permitted sender) smtp.mailfrom=mark@tinka.africa X-Spamd-Result: default: False [-3.00 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tinka.africa:s=tinka]; FREEFALL_USER(0.00)[mark]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:105.22.37.14]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[tinka.africa:+]; HFILTER_HELO_2(1.00)[the-host.tinka.africa]; DMARC_POLICY_ALLOW(-0.50)[tinka.africa,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:37100, ipnet:105.16.0.0/12, country:MU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 21:34:19 -0000 On 9/2/21 23:05, Doug McIntyre wrote: > Sorry, I can't find it, and the older bugs system is shutdow. > > In checking out their newer gitlab, I do find similar problems reported. > > https://gitlab.isc.org/isc-projects/bind9/-/issues/2639 So this seems to go into the best detail on the bug, going back as far as 9.6.12 (but in a chroot'd environment, which we don't use):     https://gitlab.isc.org/isc-projects/bind9/-/issues/2575 The maintainer just closed the issue 11hrs ago, as it's been open for 5 months :-(. Mark. From owner-freebsd-questions@freebsd.org Thu Sep 2 21:35:30 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DCF5C667EBA for ; Thu, 2 Sep 2021 21:35:30 +0000 (UTC) (envelope-from mark@tinka.africa) Received: from the-host.tinka.africa (the-host.tinka.africa [105.22.37.14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0vNf04MNz3sF6 for ; Thu, 2 Sep 2021 21:35:30 +0000 (UTC) (envelope-from mark@tinka.africa) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tinka.africa; s=tinka; h=Content-Transfer-Encoding:Content-Type:In-Reply-To :MIME-Version:Date:Message-ID:References:To:Subject:From:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+iwz6SlXgyc5ryWu0ZnAJSlfY9xOxMAnoVClvaSXTC0=; b=pjBBlZvjlxxW+f0W5IsWHWWwe9 afYMSBTtqAll/Vn5ciQpBkrZwoVSiZaMoDB4Z7EjVO5+84jVf88mIddNCuTuXxDksANpIphHvTSLL rQAIsJ3SJmcLZMTIWAdBwKZU4f8/hqb1XHJ5mpdFzxpqqIXLKSlz0Zes91PwJH2wC53Ii+SytXt63 v49ELsyD8Llt138Sg9ncY0+QzOEgITNqBaQpGUWMLit5RpWEBVoA6apGLBNPtq0ev1m2oL3S7qoeL GODVAsnobvQwfgJ9IB7XFv+Gn7BCZtavbh2hrpx0HTCxahy+o5KEJFZe2IfsEP3UamRh5VUxF0PlX Eoe0eaiw==; Received: from [127.0.0.1] (helo=Marks-MacBook-Pro.local) by the-host.tinka.africa with esmtp (Exim 4.94) (envelope-from ) id QYTTB3-0007OR-IP for freebsd-questions@freebsd.org; Thu, 02 Sep 2021 23:35:27 +0200 From: Mark Tinka Subject: Re: BIND 'max-cache-size' Value on FreeBSD-13.0 To: freebsd-questions@freebsd.org References: <17a6c714-67a9-7c88-7628-d56368dcd172@tinka.africa> Message-ID: <7c086c8a-5437-334b-0f76-abb9dbfef64c@tinka.africa> Date: Thu, 2 Sep 2021 23:35:27 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4H0vNf04MNz3sF6 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tinka.africa header.s=tinka header.b=pjBBlZvj; dmarc=pass (policy=none) header.from=tinka.africa; spf=pass (mx1.freebsd.org: domain of mark@tinka.africa designates 105.22.37.14 as permitted sender) smtp.mailfrom=mark@tinka.africa X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[tinka.africa:s=tinka]; FREEFALL_USER(0.00)[mark]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:105.22.37.14:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[tinka.africa:+]; MID_RHS_MATCH_FROM(0.00)[]; HFILTER_HELO_2(1.00)[the-host.tinka.africa]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[tinka.africa,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:37100, ipnet:105.16.0.0/12, country:MU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 21:35:30 -0000 On 9/2/21 23:05, Doug McIntyre wrote: > Sorry, I can't find it, and the older bugs system is shutdow. > > In checking out their newer gitlab, I do find similar problems reported. > > https://gitlab.isc.org/isc-projects/bind9/-/issues/2639 So this seems to go into the best detail on the bug, going back as far as 9.16.12 (but in a chroot'd environment, which we don't use):     https://gitlab.isc.org/isc-projects/bind9/-/issues/2575 The maintainer just closed the issue 11hrs ago, as it's been open for 5 months :-(. Mark. From owner-freebsd-questions@freebsd.org Thu Sep 2 22:07:56 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B11A4668912 for ; Thu, 2 Sep 2021 22:07:56 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0w632S9yz4WMQ for ; Thu, 2 Sep 2021 22:07:55 +0000 (UTC) (envelope-from grahamperrin@gmail.com) Received: by mail-wm1-x336.google.com with SMTP id c8-20020a7bc008000000b002e6e462e95fso2498739wmb.2 for ; Thu, 02 Sep 2021 15:07:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=4GhOw29jca3KGQhkwqga+7hhZlzJ25R33FX4LDnZ7Tk=; b=IWuSG4Xz8rZLLkhTCOLy/HDeG9ZHmifaVR0rahS8jYnBjk0/WbNbHlS5md8tTfj+Yq 5hdblpwc6JnkOlM+9mMEfRt6GZtxzyYgo8GndTl2k8RJfmzf6Q9ypdgZ/Xe5HUzPQvUt pXId08KjO0DoKQHc4ZpeK3l9JMRwRgZDmyT0ktbfiQqldFhdDXhmweakMgPMMsgDt9AN MzK2pS7n2szFx6AhIMW0KMDR5Sb4t2t/aPOzZXGd8Trf4kPYjUn54UMmEvscUwqrHGw5 nj7Z+9CCjRjDbKJKxulDFDXS3q5zvrGrfrpa+mWwG45vbImYTPzMFFEE6UyAZkAH+lw3 oBGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=4GhOw29jca3KGQhkwqga+7hhZlzJ25R33FX4LDnZ7Tk=; b=PU7w9q9BviUUcZMUQsJDzBJJD0+T14G7YWsQR2xEthR+3I7wTkzP63KK2JoLm4MPl1 ACVOJyQ2j9zKaKyykDD+lMfU7A3TsL7hGXPbKIjI6lLEwMy5MeCGkfE9ZiZkxPvwh6qQ uM43Gh9BThguj2cJin9MH+nPi655/E2I1HnFbNyuxfiT8gCxjRcyuE4roYVNV+NxiOti N8f8pfpWeHCSie0f15vQxWwc6qv8JPut9DTjZ7BUAeFFLQGN7wCAuNHG+VxmXX+dB1Qs B3PjFfZ1JzQTAeNx1seS1ecXkAcXNlGxk7vr6yQX9S20AeqJkaFzbK/8n/FcYpmK/hg4 8Qug== X-Gm-Message-State: AOAM530ZwbaLus6L7/7LV2/+UZYPfFTE/D5m/o13RbACrgsx/KmRK/LB anSZNyGCFD23KNVGHQX0jI5EaVJ0UUFT/A== X-Google-Smtp-Source: ABdhPJxIQizeRzH6XhmqThWgXZh4WZInztXI6ah8dZ+4nmWM0/+/qYJ4iEt7KeV1JG0gCZk3+knVug== X-Received: by 2002:a7b:c316:: with SMTP id k22mr5152394wmj.56.1630620474187; Thu, 02 Sep 2021 15:07:54 -0700 (PDT) Received: from ?IPv6:2001:470:1f1c:a0::2? (tunnel642390-pt.tunnel.tserv1.lon2.ipv6.he.net. [2001:470:1f1c:a0::2]) by smtp.gmail.com with ESMTPSA id n4sm3461578wro.81.2021.09.02.15.07.53 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 02 Sep 2021 15:07:53 -0700 (PDT) Subject: Re: firefox 90.0.2,2 will not load mozilla.com To: freebsd-questions@freebsd.org References: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> From: Graham Perrin Message-ID: <86a9edb0-0495-8556-a372-a74c0d22bd1f@gmail.com> Date: Thu, 2 Sep 2021 23:07:52 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB X-Rspamd-Queue-Id: 4H0w632S9yz4WMQ X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=IWuSG4Xz; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::336 as permitted sender) smtp.mailfrom=grahamperrin@gmail.com X-Spamd-Result: default: False [-2.88 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_SHORT(0.12)[0.121]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::336:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 22:07:56 -0000 On 02/09/2021 07:07, doug wrote: > … upgrade all. This fixes firefox. I think that means firefox requires > something in xfce or Xorg be upgraded. E.g, a missing dependency If you can (again) reproduce the non-fixed environment, then: pkg check -Bds From owner-freebsd-questions@freebsd.org Fri Sep 3 00:40:23 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F391466B5A1 for ; Fri, 3 Sep 2021 00:40:22 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id 4H0zTy1rWMz3sNq for ; Fri, 3 Sep 2021 00:40:22 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 9E86F4C4C8; Fri, 3 Sep 2021 00:40:21 +0000 (UTC) Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.16.1/8.16.1) with ESMTPS id 1830eLao022416 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Fri, 3 Sep 2021 00:40:21 GMT (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.16.1/8.16.1/Submit) with ESMTP id 1830eLti022413; Fri, 3 Sep 2021 00:40:21 GMT (envelope-from doug@fledge.watson.org) Date: Fri, 3 Sep 2021 00:40:21 +0000 (UTC) From: doug Reply-To: doug@safeport.com To: Graham Perrin cc: freebsd-questions@freebsd.org Subject: Re: firefox 90.0.2,2 will not load mozilla.com In-Reply-To: <86a9edb0-0495-8556-a372-a74c0d22bd1f@gmail.com> Message-ID: <53fb2dd4-b6c2-d777-35bf-46708d3bdb32@fledge.watson.org> References: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> <86a9edb0-0495-8556-a372-a74c0d22bd1f@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Rspamd-Queue-Id: 4H0zTy1rWMz3sNq X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of doug@fledge.watson.org has no SPF policy when checking 204.107.128.30) smtp.mailfrom=doug@fledge.watson.org X-Spamd-Result: default: False [-2.00 / 15.00]; HAS_REPLYTO(0.00)[doug@safeport.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; DMARC_NA(0.00)[watson.org]; AUTH_NA(1.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; R_SPF_NA(0.00)[no SPF record]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11288, ipnet:204.107.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 00:40:23 -0000 On Thu, 2 Sep 2021, Graham Perrin wrote: > On 02/09/2021 07:07, doug wrote: > >> ? upgrade all. This fixes firefox. I think that means firefox requires >> something in xfce or Xorg be upgraded. E.g, a missing dependency > > If you can (again) reproduce the non-fixed environment, then: > > pkg check -Bds > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Thank you. I got the upgrade all answer also in closing a PR I submitted. Firefox notes might say you can not upgrade firefox, but I think that's like `pkg prime-origins`. I updated a test system and it worked. Just not going to take the chance on the system I need for work. Chrome is fine and thunderbird works so I am functional. Re `pkg check -Bds` did not know that combination, thanks, I will look into it. From owner-freebsd-questions@freebsd.org Fri Sep 3 06:06:25 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B9F0866FE0F for ; Fri, 3 Sep 2021 06:06:25 +0000 (UTC) (envelope-from doug@safeport.com) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id 4H16k91Kr9z4kCF for ; Fri, 3 Sep 2021 06:06:25 +0000 (UTC) (envelope-from doug@safeport.com) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 0EAA01E44F; Fri, 3 Sep 2021 05:56:55 +0000 (UTC) Received: from fledge.watson.org (doug@localhost [127.0.0.1]) by fledge.watson.org (8.16.1/8.16.1) with ESMTPS id 1835us2p063416 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Fri, 3 Sep 2021 05:56:54 GMT (envelope-from doug@safeport.com) Received: from localhost (doug@localhost) by fledge.watson.org (8.16.1/8.16.1/Submit) with ESMTP id 1835usiB063413; Fri, 3 Sep 2021 05:56:54 GMT (envelope-from doug@safeport.com) X-Authentication-Warning: fledge.watson.org: doug owned process doing -bs Date: Fri, 3 Sep 2021 05:56:54 +0000 (UTC) From: doug@safeport.com Reply-To: doug@fledge.watson.org To: Graham Perrin cc: freebsd-questions@freebsd.org Subject: Re: firefox 90.0.2,2 will not load mozilla.com In-Reply-To: <53fb2dd4-b6c2-d777-35bf-46708d3bdb32@fledge.watson.org> Message-ID: References: <8b46adef-694b-a93c-10a1-41a1b1ab12f6@gmail.com> <8d498d22-170-d958-36cd-eeef9e4dcb9@fledge.watson.org> <86a9edb0-0495-8556-a372-a74c0d22bd1f@gmail.com> <53fb2dd4-b6c2-d777-35bf-46708d3bdb32@fledge.watson.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Rspamd-Queue-Id: 4H16k91Kr9z4kCF X-Spamd-Bar: +++++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=fail (mx1.freebsd.org: domain of doug@safeport.com does not designate 204.107.128.30 as permitted sender) smtp.mailfrom=doug@safeport.com X-Spamd-Result: default: False [7.48 / 15.00]; HAS_REPLYTO(0.00)[doug@fledge.watson.org]; TO_DN_SOME(0.00)[]; REPLYTO_DN_EQ_FROM_DN(0.00)[]; HAS_XAW(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11288, ipnet:204.107.128.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_SPF_FAIL(1.00)[-all:c]; NEURAL_SPAM_SHORT(0.98)[0.980]; MIME_GOOD(-0.10)[text/plain]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; DMARC_NA(0.00)[safeport.com]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; TO_MATCH_ENVRCPT_SOME(0.00)[]; VIOLATED_DIRECT_SPF(3.50)[]; NEURAL_SPAM_LONG(1.00)[1.000]; FROM_NO_DN(0.00)[]; GREYLIST(0.00)[pass,body]; MAILMAN_DEST(0.00)[freebsd-questions] X-Spam: Yes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 06:06:25 -0000 On Fri, 3 Sep 2021, doug wrote: > On Thu, 2 Sep 2021, Graham Perrin wrote: > >> On 02/09/2021 07:07, doug wrote: >> >>> ? upgrade all. This fixes firefox. I think that means firefox requires >>> something in xfce or Xorg be upgraded. E.g, a missing dependency >> >> If you can (again) reproduce the non-fixed environment, then: >> >> pkg check -Bds >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > Thank you. I got the upgrade all answer also in closing a PR I submitted. > Firefox notes might say you can not upgrade firefox, but I think that's like > `pkg prime-origins`. I updated a test system and it worked. Just not going to > take the chance on the system I need for work. Chrome is fine and thunderbird > works so I am functional. > > Re `pkg check -Bds` did not know that combination, thanks, I will look into > it. > `pkg check -Bds` found nothing amiss. Thanks BTW I had never looked at `pgk check`. But that verifies what the firefox maintainers said. You have to update everything if something does not work. There would appear to be no way to ascertain which upgrade[s] is/are required. From owner-freebsd-questions@freebsd.org Fri Sep 3 17:04:47 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 756AA678C26 for ; Fri, 3 Sep 2021 17:04:47 +0000 (UTC) (envelope-from shadowomf@arcor.de) Received: from smtpout2.vodafonemail.de (smtpout2.vodafonemail.de [145.253.239.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "www.vodafonemail.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1PKp3NvZz3jw2 for ; Fri, 3 Sep 2021 17:04:46 +0000 (UTC) (envelope-from shadowomf@arcor.de) Received: from smtp.vodafone.de (smtpa05.fra-mediabeam.com [10.2.0.36]) by smtpout2.vodafonemail.de (Postfix) with ESMTP id 4B9996A68F for ; Fri, 3 Sep 2021 19:04:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arcor.de; s=vfde-smtpout-mb-15sep; t=1630688678; bh=tWFWlk20Ou1T5heJWaUYiLYWYSBNcWCMtBFlWjsw3Ak=; h=To:From:Subject:Date; b=q+aTIJAOa8Vn7YZpj4uk+pHFaURBy4MHxf2cbxcpe1O+yhAFV2DZQM9jEEvMbkMvW XIGgNG/2hQz4jC2MQR8t1DrSpWcyOl2nbLyF7Bo8ZZiU5FyY6lfeivg485+PSAfIbR FD/hk1X8Xui/JOJxvy62q/Y04BlQtbsa1JSjmrvE= Received: from [10.86.1.1] (192-8-142-46.pool.kielnet.net [46.142.8.192]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 10E9A140239 for ; Fri, 3 Sep 2021 17:04:37 +0000 (UTC) To: freebsd-questions@freebsd.org From: Christoph Harder Subject: ipfw and ftpd Message-ID: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> Date: Fri, 3 Sep 2021 19:04:37 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BkoBb8bxBvI8S9Oybo5swmkyxMofCiRmT" X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate: clean X-purgate-size: 4782 X-purgate-ID: 155817::1630688678-00004EF9-1F21065E/0/0 X-Rspamd-Queue-Id: 4H1PKp3NvZz3jw2 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=arcor.de header.s=vfde-smtpout-mb-15sep header.b=q+aTIJAO; dmarc=none; spf=pass (mx1.freebsd.org: domain of shadowomf@arcor.de designates 145.253.239.133 as permitted sender) smtp.mailfrom=shadowomf@arcor.de X-Spamd-Result: default: False [-5.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[arcor.de]; R_SPF_ALLOW(-0.20)[+ip4:145.253.239.128/29]; HAS_ATTACHMENT(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[arcor.de:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[145.253.239.133:from]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:~,5:~]; FREEMAIL_ENVFROM(0.00)[arcor.de]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:3209, ipnet:145.253.0.0/16, country:DE]; MIME_UNKNOWN(0.10)[application/pgp-keys]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[arcor.de:s=vfde-smtpout-mb-15sep]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[arcor.de]; RCPT_COUNT_ONE(0.00)[1]; RECEIVED_SPAMHAUS_PBL(0.00)[46.142.8.192:received]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RWL_MAILSPIKE_POSSIBLE(0.00)[145.253.239.133:from]; MAILMAN_DEST(0.00)[freebsd-questions] X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 17:04:47 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BkoBb8bxBvI8S9Oybo5swmkyxMofCiRmT Content-Type: multipart/mixed; boundary="HwBe3tIhcgewwNbMmWPwe4QbdHKJ52KRK"; protected-headers="v1" From: Christoph Harder To: freebsd-questions@freebsd.org Message-ID: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> Subject: ipfw and ftpd --HwBe3tIhcgewwNbMmWPwe4QbdHKJ52KRK Content-Type: multipart/mixed; boundary="------------DB25804A461BDDC395222D27" Content-Language: de-DE This is a multi-part message in MIME format. --------------DB25804A461BDDC395222D27 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hello everybody, I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw. Currently I'm trying to get ftpd working for the local network, but when = ipfw is enabled it's not working. It works without any problems when ipfw is not running. The client is a F= ileZilla Cleint on a windows machine in localnetwork0. My ipfw.rules file looks like below. I've removed the pass rules for othe= r services, but I didn't delete any of the deny rules. /etc/ipfw.rules #!/bin/sh # ipfw command ii=3D"/sbin/ipfw -q" # flush old ${ii} -f flush #${ii} pipe flush #${ii} queue flush #${ii} table all flush # local trusted networks localnet0=3D"10.55.0.0/16" # loopback adapter ${ii} add pass all from any to any via lo0 ${ii} add deny log all from any to 127.0.0.0/8 ${ii} add deny log ip from 127.0.0.0/8 to any ${ii} add deny log all from any to ::1 ${ii} add deny log all from ::1 to any # allow if matching entry in dynamic rule table ${ii} add check-state log # allow local ftp traffic ${ii} add pass log tcp from ${localnet0} to me 21 in setup keep-state ${ii} add pass log tcp from me to ${localnet0} 20 out setup keep-state ${ii} add pass log tcp from ${localnet0} to me 49152-65535 in setup keep-= state # deny and log everything else, this should always be the last rule ${ii} add deny log all from any to any Strangely /var/log/securtiy is only showing accept for the ftp connection= s and no deny entries, still it's not working. Did I mess anything up? Maybe the in/out/setup/check-state or keep-state = parts? Best regards, Christoph --------------DB25804A461BDDC395222D27-- --HwBe3tIhcgewwNbMmWPwe4QbdHKJ52KRK-- --BkoBb8bxBvI8S9Oybo5swmkyxMofCiRmT Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wrsEABMKACMWIQSb3Ikq38zYR4NRM5GjYkefPwrcBgUCYTJVpQUDAAAAAAAKCRCjYkefPwrcBnZW Af9GC6O5IYVWWKRpYzXdK4ZJ7/S6wem7YHhXkDQt98NBY5DMZq1leRZh90JlGumzPzP/+xoREyoC lmThtjJAG5S6Af0Uk4eZEXEJwjH/knbmRnzO6TeQkuiVW5LGGmWPh/2KHsEUbjGlUT/zB2cjPDPk ir/q9djNN8Xq4ik2ayxZ4JJq =Xfbg -----END PGP SIGNATURE----- --BkoBb8bxBvI8S9Oybo5swmkyxMofCiRmT-- From owner-freebsd-questions@freebsd.org Fri Sep 3 17:09:37 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 666936789CA for ; Fri, 3 Sep 2021 17:09:37 +0000 (UTC) (envelope-from 482254ac@razorfever.net) Received: from pmta21.teksavvy.com (pmta21.teksavvy.com [76.10.157.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.teksavvy.com", Issuer "DigiCert SHA2 High Assurance Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1PRN36P0z3kjc for ; Fri, 3 Sep 2021 17:09:36 +0000 (UTC) (envelope-from 482254ac@razorfever.net) IronPort-SDR: RpG5J/FUV52IWlQW82e2Kc8brBqo2QYcAgocQy4uDJSftWSew7JJLzuBE4tj2TFqAAbtBYyj66 5IFR+EbPap4A== IronPort-HdrOrdr: =?us-ascii?q?A9a23=3ADqUxyaqfRpyhWnDMr5/BQuEaV5obeYIsim?= =?us-ascii?q?QD101hICG9Afbo8PxG+85rsyMc6QxhPE3I9urhBEDtex3hHNtOkOws1NSZLW?= =?us-ascii?q?vbUQmTTb2KhLGKq1bd8m/FmdK1vp0MT0ERMrHN5BRB/KXHCDnTKbwdKcG8gd?= =?us-ascii?q?iVbPnlvg5QcT0=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2ENAACUVTJh/0StpUVaGwEBAQEBAQE?= =?us-ascii?q?BBQEBARIBAQEDAwEBAUAJgTwGAQEBCwFYgx8BhTOBR4ZdYIVhVgEBAQMGgRQ?= =?us-ascii?q?xOAGbS4F8CwEBAQEBAQEBAQlBBAEBhG4Cgj8mNAkOAQIEAQEBEgEBAQUBAQE?= =?us-ascii?q?BAQYEAgKBIIV1hkwBBSMVHjMLGAICJgICVxMIAQGCbYJiJqxJgTGBAYQphU4?= =?us-ascii?q?TfSoBjXmBQIEQgTwMgnY+hRGCSoJkBIoIkxyOHIIGm3gIgy2eSgYULJVjkSK?= =?us-ascii?q?7Zw2BYYIVH1yDL08ZD45XjjUlA2gCBgsBAQMJkgsBAQ?= X-IPAS-Result: =?us-ascii?q?A2ENAACUVTJh/0StpUVaGwEBAQEBAQEBBQEBARIBAQEDA?= =?us-ascii?q?wEBAUAJgTwGAQEBCwFYgx8BhTOBR4ZdYIVhVgEBAQMGgRQxOAGbS4F8CwEBA?= =?us-ascii?q?QEBAQEBAQlBBAEBhG4Cgj8mNAkOAQIEAQEBEgEBAQUBAQEBAQYEAgKBIIV1h?= =?us-ascii?q?kwBBSMVHjMLGAICJgICVxMIAQGCbYJiJqxJgTGBAYQphU4TfSoBjXmBQIEQg?= =?us-ascii?q?TwMgnY+hRGCSoJkBIoIkxyOHIIGm3gIgy2eSgYULJVjkSK7Zw2BYYIVH1yDL?= =?us-ascii?q?08ZD45XjjUlA2gCBgsBAQMJkgsBAQ?= X-IronPort-AV: E=Sophos;i="5.85,265,1624334400"; d="scan'208";a="169212569" Received: from 69-165-173-68.dsl.teksavvy.com (HELO mail.razorfever.net) ([69.165.173.68]) by smtp12.teksavvy.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 03 Sep 2021 13:09:29 -0400 Received: from [192.168.0.33] (bock.razorfever.net [192.168.0.33]) by mail.razorfever.net (8.15.2/8.15.2) with ESMTP id 183H9TOF000853 for ; Fri, 3 Sep 2021 13:09:29 -0400 (EDT) (envelope-from 482254ac@razorfever.net) X-Authentication-Warning: mail.razorfever.net: Host bock.razorfever.net [192.168.0.33] claimed to be [192.168.0.33] Subject: Re: FreeBSD 12.2-RELEASE-p9 trim: open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: From: "Derek (freebsd lists)" <482254ac@razorfever.net> Message-ID: <47d0f250-a47c-bbe0-2875-4f42f4464fcc@chezmarcotte.ca> Date: Fri, 3 Sep 2021 13:09:29 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.4 required=5.0 tests=ALL_TRUSTED, FROM_STARTS_WITH_NUMS,RP_MATCHES_RCVD autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.razorfever.net X-Rspamd-Queue-Id: 4H1PRN36P0z3kjc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of 482254ac@razorfever.net has no SPF policy when checking 76.10.157.36) smtp.mailfrom=482254ac@razorfever.net X-Spamd-Result: default: False [-2.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; HAS_XAW(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_NA(0.00)[razorfever.net]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5645, ipnet:76.10.128.0/19, country:CA]; RCVD_TLS_LAST(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_IN_DNSWL_LOW(-0.10)[76.10.157.36:from] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 17:09:37 -0000 On 2021-08-29 10:26 p.m., David Christensen wrote: > I would like to trim the SSD, but trim(8) is not happy: > > 2021-08-29 19:22:36 toor@f1 ~ > # trim -f /dev/ada0 > trim /dev/ada0 offset 0 length 60022480896 > trim: open failed: /dev/ada0: Operation not permitted > I don't know if it's still relevant to the thread, but I feel like what you are encountering here relates to what you are trying to trim. It feels like if you trim the "raw device", the system wouldn't know what is in use, and what isn't. I feel like you should be trying to trim a filesystem on the device, rather than the device itself, as the utility would be able to determine what is currently allocated with the filesystem data. It might be that a raw device could be trimmed, but perhaps there's some safety there to stop it from wiping a device that is backing a mounted filesystem. Something to look at? Derek From owner-freebsd-questions@freebsd.org Fri Sep 3 17:13:47 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1CF2A679280 for ; Fri, 3 Sep 2021 17:13:47 +0000 (UTC) (envelope-from pprocacci@gmail.com) Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1PXB2bfCz3mLR for ; Fri, 3 Sep 2021 17:13:46 +0000 (UTC) (envelope-from pprocacci@gmail.com) Received: by mail-pg1-x52f.google.com with SMTP id t1so6141828pgv.3 for ; Fri, 03 Sep 2021 10:13:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WWRFqjNRFdhYpFh0Ub7JOBT5WGzJX9pEp/iQvlFnjoQ=; b=RqYGqrQfXJJU/FEEVXXt2Od0uynOxYVcYWV+PiOZQfBHtV/mPKmV33EERoHirmF5sM b7jsUor0Ii1palFixSj3D8poSuLrVqm1GRvys4qSx5ls8SDB6laXykukMbefMG0gGAZW de5rQGr4G89/D223r9Sqg429I/dm2o31UEUfLc0MdaLMW40+xRL2MzFfaXA9RCDfK00t DQWIPMvq/bRhhYGZb4lER/qBAXdmBEu+pGc63AwdCdFx5DnszC6K6lda6YeMPDD5UB0U F5pHC7FyV2jATCujjMm1tsfSqIdOlxk+wBGdIxMj2x12riZyqvtpuDp1HG5JSI+P1A/x fDkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WWRFqjNRFdhYpFh0Ub7JOBT5WGzJX9pEp/iQvlFnjoQ=; b=jCAnFemZUn6U+PWpcAoFSK53jy89tPCHITnz+l8hH08a58kMep1kk/uI4zNQionodE ado103hJxHlPmvaLzhzcBfgLYm8FryewEOg3a8eQvM5iOM4GGJpfoaPl4eePy4ZnyZpK NH/ai1eXS3Set9rTXFZ/AHMJjASiDjyjmMU8t8XXfZEF2q1gcg35qN9Wio9WnxmIu/PZ 2Pcx1kc0O6CLmkCAHjWmaNn9+3VsD2qKnd9pDTUSZYuA4B67TEW5LSdlT5dXTrybsZ7i KhG4rom2jdhgy5rFzgegg7EZ43RFnlLUIXnblbhx0BsHGT+1Ecym0CYUOKhv3hBaCsNb PEeA== X-Gm-Message-State: AOAM533e2bvENYuPxjX2ZvQiiY3mCuna5KcxUxYzT1eB1PA41p2qxOQc 1FKlEawkarjaN+tjuidUiLA78p5QZo9fFFSuzognsBvP+g== X-Google-Smtp-Source: ABdhPJzyvQ4g2AbmwxEJa2xSwJsi+wp5ZWcmrCORVlgSFglOLpxLUNnhgQzPjo9FcJs8JBrTsR4hOGEGrZO8E5jHNfU= X-Received: by 2002:aa7:8058:0:b029:332:9da3:102d with SMTP id y24-20020aa780580000b02903329da3102dmr4163918pfm.21.1630689225199; Fri, 03 Sep 2021 10:13:45 -0700 (PDT) MIME-Version: 1.0 References: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> In-Reply-To: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> From: Paul Procacci Date: Fri, 3 Sep 2021 13:13:34 -0400 Message-ID: Subject: Re: ipfw and ftpd To: Christoph Harder Cc: FreeBSD Questions X-Rspamd-Queue-Id: 4H1PXB2bfCz3mLR X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=RqYGqrQf; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of pprocacci@gmail.com designates 2607:f8b0:4864:20::52f as permitted sender) smtp.mailfrom=pprocacci@gmail.com X-Spamd-Result: default: False [-0.08 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.97)[-0.967]; FREEMAIL_TO(0.00)[arcor.de]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_SPAM_MEDIUM(0.88)[0.884]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::52f:from]; HTTP_TO_IP(1.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 17:13:47 -0000 Try a different ftp mode. https://www.exavault.com/blog/active-vs-passive-ftp This page describes it pretty well. In short, there could be more than one connection being initiated from the client. Ensure the ftp client is set to use the one you prefer. ~Paul On Fri, Sep 3, 2021 at 1:05 PM Christoph Harder wrote: > Hello everybody, > > I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw. > Currently I'm trying to get ftpd working for the local network, but when > ipfw is enabled it's not working. > It works without any problems when ipfw is not running. The client is a > FileZilla Cleint on a windows machine in localnetwork0. > > My ipfw.rules file looks like below. I've removed the pass rules for other > services, but I didn't delete any of the deny rules. > > > /etc/ipfw.rules > #!/bin/sh > > # ipfw command > ii="/sbin/ipfw -q" > > # flush old > ${ii} -f flush > #${ii} pipe flush > #${ii} queue flush > #${ii} table all flush > > # local trusted networks > localnet0="10.55.0.0/16" > > # loopback adapter > ${ii} add pass all from any to any via lo0 > ${ii} add deny log all from any to 127.0.0.0/8 > ${ii} add deny log ip from 127.0.0.0/8 to any > ${ii} add deny log all from any to ::1 > ${ii} add deny log all from ::1 to any > > # allow if matching entry in dynamic rule table > ${ii} add check-state log > > # allow local ftp traffic > ${ii} add pass log tcp from ${localnet0} to me 21 in setup keep-state > ${ii} add pass log tcp from me to ${localnet0} 20 out setup keep-state > ${ii} add pass log tcp from ${localnet0} to me 49152-65535 in setup > keep-state > > # deny and log everything else, this should always be the last rule > ${ii} add deny log all from any to any > > > Strangely /var/log/securtiy is only showing accept for the ftp connections > and no deny entries, still it's not working. > Did I mess anything up? Maybe the in/out/setup/check-state or keep-state > parts? > > Best regards, > Christoph > -- __________________ :(){ :|:& };: From owner-freebsd-questions@freebsd.org Fri Sep 3 18:25:02 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D451D67A0FF for ; Fri, 3 Sep 2021 18:25:02 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1R6P2HD6z4Zp3 for ; Fri, 3 Sep 2021 18:25:01 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-ot1-x331.google.com with SMTP id i3-20020a056830210300b0051af5666070so118574otc.4 for ; Fri, 03 Sep 2021 11:25:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iSOlAA9MgmXSDMuLpIBqrEkJD7XfrLtf6CgSW7RW9Zw=; b=hly9xbjiE0Am0mZFHAEFCDl1RyxgvET34TcLzomZc/Ry0kI6G3739vEzU1AJwoxG2K H6Uog3EVS5MRP1ScCVySqWLYMsQcNT2EEOmJYVtg+rOxomNYzocbnEwwuQi2Nx55KTOO 73E3pZrVMGC7Vb17qeKyx+iD0/HMT3dQhCpDJZc4b7bvz97BanLUEc8m3GxKoLME5FPD vmsZQ5Hlnb3Kng8smLl5pnU+z3dEtRM4gvYBezPEMTmzFXuhHlb2tspgwWgn0gU/Uf4W XxRq4wTY68j4tvDOtZ2a+kTt3L9ln+9v8Dc8xwvfUJZztCRfA7sW06e9VpIqXlHAIvr5 l0QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iSOlAA9MgmXSDMuLpIBqrEkJD7XfrLtf6CgSW7RW9Zw=; b=EmgMAFVGi1/c0TbuVlNh4QJJ9IPcpuuepHVpK5iawup7RoohGkl5xog4u8n7+GVoaH 4HUDCLyW1CvMEaX8sFg9THgfJ49YyzXUNj4zKSaYJ8OaF3ZUu31VLa3nxq7736R1NB7Y VMjFOP551itdKbNbt+H2LGootnTJox4oQ7Rkd/8Fx5cOv7JIpDGUGg6jyUztPRHyV4yD ijlq+3FaWZUvBp7sQvyb5WMZYqGzXtlHowcmRX/vQJPofqbVtIZw2+ispdH0RUTNFdGe egToaqWQb1EyKjKBUZzui6ba+/MZnhW0eru5l+2YoifwyoRwN7ecGzj9VlK9FBAqxDCT pMuQ== X-Gm-Message-State: AOAM530adHNDw7PU/GxwEmQzl8VunxXsChW/fsCrZD4sVchAhEv95iXZ njRMCC2flgwII5rG+sb/B8wcn9B6/Z69sqgjkUrVTA== X-Google-Smtp-Source: ABdhPJwvt7gP7d+nDjWfuK1blC22SO6t3qoBOXzzjByY1WkU53aI0K1IaPODSi4sX4hEulrjOhs1QY+VEQkpbSnS0yM= X-Received: by 2002:a9d:331:: with SMTP id 46mr306823otv.359.1630693500420; Fri, 03 Sep 2021 11:25:00 -0700 (PDT) MIME-Version: 1.0 References: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> In-Reply-To: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> From: Tomasz CEDRO Date: Fri, 3 Sep 2021 20:24:23 +0200 Message-ID: Subject: Re: ipfw and ftpd To: Christoph Harder Cc: FreeBSD Questions Mailing List Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4H1R6P2HD6z4Zp3 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=hly9xbji; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::331) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-1.04 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[cedro.info]; NEURAL_SPAM_MEDIUM(0.91)[0.907]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::331:from]; NEURAL_HAM_SHORT(-0.64)[-0.643]; R_SPF_NA(0.00)[no SPF record]; FREEMAIL_TO(0.00)[arcor.de]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 18:25:02 -0000 On Fri, Sep 3, 2021 at 7:05 PM Christoph Harder wrote: > I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw. > Currently I'm trying to get ftpd working for the local network, but when ipfw is enabled it's not working. > It works without any problems when ipfw is not running. The client is a FileZilla Cleint on a windows machine in localnetwork0. > > My ipfw.rules file looks like below. I've removed the pass rules for other services, but I didn't delete any of the deny rules. Have you tried this generic approach using /etc/rc.conf ? firewall_enable="YES" firewall_type="workstation" firewall_myservices="20/tcp 21/tcp" firewall_allowservices="10.55.0.0/16" Take a look at /etc/rc.firewall source code, comments will explain everything, there is a 'firewall_logdeny' that enables logging dropped packets :-) [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) # Configuration: # firewall_myservices: List of ports/protocols on which this # host offers services. # firewall_allowservices: List of IPv4 and/or IPv6 addresses # that have access to # $firewall_myservices. # firewall_trusted: List of IPv4 and/or IPv6 addresses # that have full access to this host. # Be very careful when setting this. # This option can seriously degrade # the level of protection provided by # the firewall. # firewall_logdeny: Boolean (YES/NO) specifying if the # default denied packets should be # logged (in /var/log/security). # firewall_nologports: List of TCP/UDP ports for which # denied incoming packets are not # logged. -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-questions@freebsd.org Fri Sep 3 18:31:49 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9321C67A6F3 for ; Fri, 3 Sep 2021 18:31:49 +0000 (UTC) (envelope-from shadowomf@arcor.de) Received: from smtpout2.vodafonemail.de (smtpout2.vodafonemail.de [145.253.239.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "www.vodafonemail.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1RGD5pSGz4cxT for ; Fri, 3 Sep 2021 18:31:48 +0000 (UTC) (envelope-from shadowomf@arcor.de) Received: from smtp.vodafone.de (smtpa06.fra-mediabeam.com [10.2.0.37]) by smtpout2.vodafonemail.de (Postfix) with ESMTP id 799556A991; Fri, 3 Sep 2021 20:31:47 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arcor.de; s=vfde-smtpout-mb-15sep; t=1630693907; bh=AmHrw1Rp9GgzzX6lNpTE7SoClkicRk74QpOGybOL0t8=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=i7iwHAJ5zcNS996RBzrzgqUKfzQBtYpjYD3HHql/sbUOEXf79d6seWHt5bl33t57o tqZYzA/lVdm98KIsdjLsq+FKiVzsxJVRKY3tUaOeqShnY25UHJSpgKI48LTSOsxmJm d6DCYtDBH250WJ7sAw/wBYAmdEuLXWHrEPoJKbYQ= Received: from [10.86.1.1] (192-8-142-46.pool.kielnet.net [46.142.8.192]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 2CED4140254; Fri, 3 Sep 2021 18:31:47 +0000 (UTC) Subject: Re: ipfw and ftpd To: Paul Procacci Cc: FreeBSD Questions References: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> From: Christoph Harder Message-ID: Date: Fri, 3 Sep 2021 20:31:46 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="j12Vb66ieDGMfsfqSqJLRUzqbFcJ72aZQ" X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate: clean X-purgate-size: 5774 X-purgate-ID: 155817::1630693907-00003C24-9B9D11B9/0/0 X-Rspamd-Queue-Id: 4H1RGD5pSGz4cxT X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=arcor.de header.s=vfde-smtpout-mb-15sep header.b=i7iwHAJ5; dmarc=none; spf=pass (mx1.freebsd.org: domain of shadowomf@arcor.de designates 145.253.239.133 as permitted sender) smtp.mailfrom=shadowomf@arcor.de X-Spamd-Result: default: False [-5.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[arcor.de]; R_SPF_ALLOW(-0.20)[+ip4:145.253.239.128/29]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[arcor.de:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[46.142.8.192:received]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:~,5:~]; FREEMAIL_ENVFROM(0.00)[arcor.de]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:3209, ipnet:145.253.0.0/16, country:DE]; MIME_UNKNOWN(0.10)[application/pgp-keys]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[arcor.de:s=vfde-smtpout-mb-15sep]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[arcor.de]; RCVD_IN_DNSWL_LOW(-0.10)[145.253.239.133:from]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[145.253.239.133:from]; MAILMAN_DEST(0.00)[freebsd-questions] X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 18:31:49 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --j12Vb66ieDGMfsfqSqJLRUzqbFcJ72aZQ Content-Type: multipart/mixed; boundary="rhpPSQBbWwxj3Tdpm3ifTgxr4OhRxiNC4"; protected-headers="v1" From: Christoph Harder To: Paul Procacci Cc: FreeBSD Questions Message-ID: Subject: Re: ipfw and ftpd References: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> In-Reply-To: --rhpPSQBbWwxj3Tdpm3ifTgxr4OhRxiNC4 Content-Type: multipart/mixed; boundary="------------D02D1F0622C2D5C3AFD2E5DB" Content-Language: de-DE This is a multi-part message in MIME format. --------------D02D1F0622C2D5C3AFD2E5DB Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hello Paul, I tried both passive and active mode. both didn't work. Best regards, Christoph Am 03.09.2021 um 19:13 schrieb Paul Procacci: > Try a different ftp mode. >=20 > https://www.exavault.com/blog/active-vs-passive-ftp >=20 > This page describes it pretty well. In short, there could be more than= one > connection being initiated from the client. > Ensure the ftp client is set to use the one you prefer. >=20 > ~Paul >=20 > On Fri, Sep 3, 2021 at 1:05 PM Christoph Harder wr= ote: >=20 >> Hello everybody, >> >> I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw. >> Currently I'm trying to get ftpd working for the local network, but wh= en >> ipfw is enabled it's not working. >> It works without any problems when ipfw is not running. The client is = a >> FileZilla Cleint on a windows machine in localnetwork0. >> >> My ipfw.rules file looks like below. I've removed the pass rules for o= ther >> services, but I didn't delete any of the deny rules. >> >> >> /etc/ipfw.rules >> #!/bin/sh >> >> # ipfw command >> ii=3D"/sbin/ipfw -q" >> >> # flush old >> ${ii} -f flush >> #${ii} pipe flush >> #${ii} queue flush >> #${ii} table all flush >> >> # local trusted networks >> localnet0=3D"10.55.0.0/16" >> >> # loopback adapter >> ${ii} add pass all from any to any via lo0 >> ${ii} add deny log all from any to 127.0.0.0/8 >> ${ii} add deny log ip from 127.0.0.0/8 to any >> ${ii} add deny log all from any to ::1 >> ${ii} add deny log all from ::1 to any >> >> # allow if matching entry in dynamic rule table >> ${ii} add check-state log >> >> # allow local ftp traffic >> ${ii} add pass log tcp from ${localnet0} to me 21 in setup keep-state >> ${ii} add pass log tcp from me to ${localnet0} 20 out setup keep-state= >> ${ii} add pass log tcp from ${localnet0} to me 49152-65535 in setup >> keep-state >> >> # deny and log everything else, this should always be the last rule >> ${ii} add deny log all from any to any >> >> >> Strangely /var/log/securtiy is only showing accept for the ftp connect= ions >> and no deny entries, still it's not working. >> Did I mess anything up? Maybe the in/out/setup/check-state or keep-sta= te >> parts? >> >> Best regards, >> Christoph >> >=20 >=20 --------------D02D1F0622C2D5C3AFD2E5DB-- --rhpPSQBbWwxj3Tdpm3ifTgxr4OhRxiNC4-- --j12Vb66ieDGMfsfqSqJLRUzqbFcJ72aZQ Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wrsEABMKACMWIQSb3Ikq38zYR4NRM5GjYkefPwrcBgUCYTJqEgUDAAAAAAAKCRCjYkefPwrcBmiC Af4sZDInv9EdK4E8FDREFys1cqN8CoArJykBEMPJZC7gUWtgj8XPm59WJxWtF2zjqOAIc9cT5J3S DfW88SG9AyQJAfwKvj02m29TmaPczD5s0vjurPBA1bDjIEJ9zkitFBIEmDjaQot5QnpeupzfoD3u 1Unu6fl1cI2nluhtfNeRXa5g =YZ5R -----END PGP SIGNATURE----- --j12Vb66ieDGMfsfqSqJLRUzqbFcJ72aZQ-- From owner-freebsd-questions@freebsd.org Fri Sep 3 18:39:30 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DC40567AB1D for ; Fri, 3 Sep 2021 18:39:30 +0000 (UTC) (envelope-from shadowomf@arcor.de) Received: from smtpout2.vodafonemail.de (smtpout2.vodafonemail.de [145.253.239.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "www.vodafonemail.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1RR56PzMz4fS0 for ; Fri, 3 Sep 2021 18:39:29 +0000 (UTC) (envelope-from shadowomf@arcor.de) Received: from smtp.vodafone.de (smtpa04.fra-mediabeam.com [10.2.0.35]) by smtpout2.vodafonemail.de (Postfix) with ESMTP id D5E4D6849B; Fri, 3 Sep 2021 20:39:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arcor.de; s=vfde-smtpout-mb-15sep; t=1630694368; bh=cLAU7Mf+Q13YdTumT5Eyz+ZKyBby5J8nhTwcZWcWR7Q=; h=To:Cc:References:From:Subject:Date:In-Reply-To; b=Z0uygrJ1YP51eBBnyosIvkdcISFD77nLKtn38CUjzaraHyxmix3A+ocPj2/87KcEN pMA3LbF22aXE8jRcxuzBoILNvIhj13lQlY/fe8SjQemdzS7Q2KnE9fPMqPgdokxeH3 sNq6F2RQ5XVWGvX+9kInCACuAjZFCiqjw/6QR9us= Received: from [10.86.1.1] (192-8-142-46.pool.kielnet.net [46.142.8.192]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 434CB140193; Fri, 3 Sep 2021 18:39:28 +0000 (UTC) To: Tomasz CEDRO Cc: FreeBSD Questions Mailing List References: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> From: Christoph Harder Subject: Re: ipfw and ftpd Message-ID: Date: Fri, 3 Sep 2021 20:39:27 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SAax5aOz4mKOCIxTaR7F8h7fjNwis5BzT" X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate: clean X-purgate-size: 6221 X-purgate-ID: 155817::1630694368-00006056-54FDBBD6/0/0 X-Rspamd-Queue-Id: 4H1RR56PzMz4fS0 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=arcor.de header.s=vfde-smtpout-mb-15sep header.b=Z0uygrJ1; dmarc=none; spf=pass (mx1.freebsd.org: domain of shadowomf@arcor.de designates 145.253.239.133 as permitted sender) smtp.mailfrom=shadowomf@arcor.de X-Spamd-Result: default: False [-5.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[arcor.de]; R_SPF_ALLOW(-0.20)[+ip4:145.253.239.128/29]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[arcor.de:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-1.00)[-1.000]; SIGNED_PGP(-2.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[145.253.239.133:from]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:~,5:~]; FREEMAIL_ENVFROM(0.00)[arcor.de]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:3209, ipnet:145.253.0.0/16, country:DE]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[arcor.de:s=vfde-smtpout-mb-15sep]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_UNKNOWN(0.10)[application/pgp-keys]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; DMARC_NA(0.00)[arcor.de]; RECEIVED_SPAMHAUS_PBL(0.00)[46.142.8.192:received]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[145.253.239.133:from]; MAILMAN_DEST(0.00)[freebsd-questions] X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 18:39:30 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --SAax5aOz4mKOCIxTaR7F8h7fjNwis5BzT Content-Type: multipart/mixed; boundary="wNRbVu0C5T1Y6XixmDYsUgZZGqhchMlBi"; protected-headers="v1" From: Christoph Harder To: Tomasz CEDRO Cc: FreeBSD Questions Mailing List Message-ID: Subject: Re: ipfw and ftpd References: <33043b47-0eca-9eb9-7f1f-4d50067575c2@arcor.de> In-Reply-To: --wNRbVu0C5T1Y6XixmDYsUgZZGqhchMlBi Content-Type: multipart/mixed; boundary="------------512EE7384AEE68D245C51DDE" Content-Language: de-DE This is a multi-part message in MIME format. --------------512EE7384AEE68D245C51DDE Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hello Tomasz, sadly the generic approach for the complete firewall configuration is not= really an option. Well it is but the host is also used to setup ipsec connections to other = networks and all of them (including the host) use dynamic ip addresses. I= wouldn't know how to set that up using the gerneric approach. However I'll try out the firewall_logdeny setting. Thank you. Best regards, Christoph Am 03.09.2021 um 20:24 schrieb Tomasz CEDRO: > On Fri, Sep 3, 2021 at 7:05 PM Christoph Harder wrote: >> I'm using "FreeBSD 12.2-RELEASE-p7 GENERIC amd64" and ipfw. >> Currently I'm trying to get ftpd working for the local network, but wh= en ipfw is enabled it's not working. >> It works without any problems when ipfw is not running. The client is = a FileZilla Cleint on a windows machine in localnetwork0. >> >> My ipfw.rules file looks like below. I've removed the pass rules for o= ther services, but I didn't delete any of the deny rules. >=20 > Have you tried this generic approach using /etc/rc.conf ? >=20 > firewall_enable=3D"YES" > firewall_type=3D"workstation" > firewall_myservices=3D"20/tcp 21/tcp" > firewall_allowservices=3D"10.55.0.0/16" >=20 > Take a look at /etc/rc.firewall source code, comments will explain > everything, there is a 'firewall_logdeny' that enables logging dropped > packets :-) >=20 > [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) > # Configuration: > # firewall_myservices: List of ports/protocols on whi= ch this > # host offers services. > # firewall_allowservices: List of IPv4 and/or IPv6 addre= sses > # that have access to > # $firewall_myservices. > # firewall_trusted: List of IPv4 and/or IPv6 addre= sses > # that have full access to this= host. > # Be very careful when setting = this. > # This option can seriously deg= rade > # the level of protection provi= ded by > # the firewall. > # firewall_logdeny: Boolean (YES/NO) specifying if= the > # default denied packets should= be > # logged (in /var/log/security)= =2E > # firewall_nologports: List of TCP/UDP ports for whic= h > # denied incoming packets are n= ot > # logged. >=20 >=20 --------------512EE7384AEE68D245C51DDE-- --wNRbVu0C5T1Y6XixmDYsUgZZGqhchMlBi-- --SAax5aOz4mKOCIxTaR7F8h7fjNwis5BzT Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wrsEABMKACMWIQSb3Ikq38zYR4NRM5GjYkefPwrcBgUCYTJr3wUDAAAAAAAKCRCjYkefPwrcBixL AgCgVroVO9CBUYtRN/nz0uBkCHL8vC/aJz0R+DRed/UaVWc68AMSEQ61SUu1enVqKfbPQxR2bDvh LUAUg5pmGr5RAf99IRHnOU4SfHF8sNg5q6WT7vq2xOF0RRcmITHXrJP3Q0KQc7AcwkvW7hcnpDlI xlqV2XyYgC08Z331hlHKztUl =GI2i -----END PGP SIGNATURE----- --SAax5aOz4mKOCIxTaR7F8h7fjNwis5BzT-- From owner-freebsd-questions@freebsd.org Fri Sep 3 20:30:51 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0B80567CE29 for ; Fri, 3 Sep 2021 20:30:51 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "xray.he.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1TvY6JTpz3hbR for ; Fri, 3 Sep 2021 20:30:49 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1630701039; bh=8coMxaF37cudU3wlvB43zBIGzUD3nErOs9n2pFTGyHM=; h=Received:Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding; b=qLWfFtrJ2rCN0eHagalneNdDhavOrPGYGwJvuHyS7pJi6/SB+qGzaASUV8ScN0dLP SaH0SEKENIIfPMy8mqoSaEBNLA0ajn4KG1hGdlR5gPGQpxaHMErOAWDaBHzw7Rxjx9 uumkWZ8XrgAZbPZ7mR/4YDRzxiPcelIq5X7GxW58q4ePBvloSkwI7C32eEq4W5B4b/ gJ19u4wJ2nlmUzqv1l2TI2DjOpCnqQHXC9fpurFGCa0WReRpoQEVLvTecSED5sZqyn 3hVJ+kEwhujV/1p92CLYa63DF2yl8651Jy6d3blPfew05wNyqM2a4Z4EZnx2Z/r1Ru xzCh4WajlLzZqCyDVTk5ZrqHipbEV5HNMnLOEEpSuj2tHdjOl+o9rsovduKBKcSmZN 9337d8MWKmwmBvOxNtZEZzQQeBUyf9SmBm2eEpLmlh9K6do3gemnC0TKi7hsdr6iD+ Cukj464XqPQ6TTGA5qnU4iTXKvZ7jaPhaXy7LEiMPd0rID1IoHEcojQPML+TeevjOC lUfSLYv4j4170AFTkasGGL/XLWE99KUSZTdai5ceORRIyOPra2YM8u1CGP3TguePX7 k41UXvzlQh/F5jP3nO2tyvZhojAN21//hqxOdHDAne0Oi/zD8Ts3LN25b1dam8ixRA vA2UZDDxOvFDCirL+utEHmOU= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Fri, 3 Sep 2021 13:30:39 -0700 Subject: Re: FreeBSD 12.2-RELEASE-p9 trim: open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: <47d0f250-a47c-bbe0-2875-4f42f4464fcc@chezmarcotte.ca> From: David Christensen Message-ID: <64099455-5526-beb5-8ead-6ce8a9d073e6@holgerdanske.com> Date: Fri, 3 Sep 2021 13:30:38 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <47d0f250-a47c-bbe0-2875-4f42f4464fcc@chezmarcotte.ca> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4H1TvY6JTpz3hbR X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b=qLWfFtrJ; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 2001:470:0:19b::b869:801b as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-3.57 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a:november.he.net]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[holgerdanske.com:+]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; NEURAL_HAM_SHORT(-0.57)[-0.568]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 20:30:51 -0000 On 9/3/21 10:09 AM, Derek (freebsd lists) wrote: > On 2021-08-29 10:26 p.m., David Christensen wrote: >> I would like to trim the SSD, but trim(8) is not happy: >> >> 2021-08-29 19:22:36 toor@f1 ~ >> # trim -f /dev/ada0 >> trim /dev/ada0 offset 0 length 60022480896 >> trim: open failed: /dev/ada0: Operation not permitted >> > > I don't know if it's still relevant to the thread, but I feel like what > you are encountering here relates to what you are trying to trim. > > It feels like if you trim the "raw device", the system wouldn't know > what is in use, and what isn't. > > I feel like you should be trying to trim a filesystem on the device, > rather than the device itself, as the utility would be able to determine > what is currently allocated with the filesystem data. > > It might be that a raw device could be trimmed, but perhaps there's some > safety there to stop it from wiping a device that is backing a mounted > filesystem. > > Something to look at? > > Derek That is a good point -- the filesystem knows what blocks are in use, what blocks are not in use, and when blocks are removed from use. Somehow, trim(8) gets this information (from the kernel filesystem stack?). RTFM trim(8): SYNOPSIS trim [-Nfqv] [-[lo] offset[K|k|M|m|G|g|T|t]] [-r rfile] device ... -l offset[K|k|M|m|G|g|T|t] -o offset[K|k|M|m|G|g|T|t] Specify the length -l of the region to trim or its offset -o from the beginning of the device. The whole device is erased by default unless one or both of these options are presented. Note that actual success of the operation depends of underlying device driver such as ada(4), da(4) and others. Refer to corresponding manual pages for detail on possible caveats in low level support for ATA TRIM or SCSI UNMAP commands. Note: 1. The command line argument is *device*. 2. The descriptions for the -l and -o options state trim(8) erases the whole *device*. Here is another console session: 2021-09-03 12:07:27 toor@f2 ~ # freebsd-version ; uname -a 12.2-RELEASE-p10 FreeBSD f2.tracy.holgerdanske.com 12.2-RELEASE-p7 FreeBSD 12.2-RELEASE-p7 GENERIC amd64 2021-09-03 12:10:06 toor@f2 ~ # kldstat | egrep 'Id|zfs' Id Refs Address Size Name 2 1 0xffffffff8247c000 3bad38 zfs.ko 2021-09-03 12:11:54 toor@f2 ~ # find /boot -iname '*zfs*' 2021-09-03 12:12:18 toor@f2 ~ # geom disk list ada0 Geom name: ada0 Providers: 1. Name: ada0 Mediasize: 60022480896 (56G) Sectorsize: 512 Mode: r3w3e9 descr: INTEL SSDSC2CW060A3 lunid: **************** ident: ****************** rotationrate: 0 fwsectors: 63 fwheads: 16 2021-09-03 12:13:14 toor@f2 ~ # geom part show -p => 63 117231345 ada0 MBR (56G) 63 1985 - free - (993K) 2048 29360128 ada0s1 freebsd [active] (14G) 29362176 87867392 ada0s2 freebsd (42G) 117229568 1840 - free - (920K) => 0 29360128 ada0s1 BSD (14G) 0 4194304 ada0s1a freebsd-zfs (2.0G) 4194304 4194304 ada0s1b freebsd-swap (2.0G) 8388608 20971520 ada0s1d freebsd-zfs (10G) 2021-09-03 12:15:28 toor@f2 ~ # geli status Name Status Components ada0s1d.eli ACTIVE ada0s1d mirror/swap.eli ACTIVE mirror/swap 2021-09-03 12:16:41 toor@f2 ~ # zpool list NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT bootpool 1.88G 475M 1.41G - - 3% 24% 1.08x ONLINE - f2_zroot 9.50G 5.88G 3.62G - - 23% 61% 1.21x ONLINE - 2021-09-03 12:17:34 toor@f2 ~ # zpool status pool: bootpool state: ONLINE status: Some supported features are not enabled on the pool. The pool can still be used, but some features are unavailable. action: Enable all features using 'zpool upgrade'. Once this is done, the pool may no longer be accessible by software that does not support the features. See zpool-features(7) for details. scan: scrub repaired 0 in 0 days 00:00:02 with 0 errors on Sat May 29 16:18:50 2021 config: NAME STATE READ WRITE CKSUM bootpool ONLINE 0 0 0 ada0s1a ONLINE 0 0 0 errors: No known data errors pool: f2_zroot state: ONLINE status: Some supported features are not enabled on the pool. The pool can still be used, but some features are unavailable. action: Enable all features using 'zpool upgrade'. Once this is done, the pool may no longer be accessible by software that does not support the features. See zpool-features(7) for details. scan: scrub repaired 0 in 0 days 00:00:23 with 0 errors on Sat May 29 16:19:12 2021 config: NAME STATE READ WRITE CKSUM f2_zroot ONLINE 0 0 0 ada0s1d.eli ONLINE 0 0 0 errors: No known data errors 2021-09-03 12:18:46 toor@f2 ~ # zfs get mountpoint bootpool f2_zroot NAME PROPERTY VALUE SOURCE bootpool mountpoint /bootpool local f2_zroot mountpoint /f2_zroot local 2021-09-03 12:19:06 toor@f2 ~ # trim -f -v /bootpool trim /bootpool offset 0 length 3 trim: open failed: /bootpool: Is a directory 2021-09-03 12:20:00 toor@f2 ~ # trim -f -v /f2_zroot trim /f2_zroot offset 0 length 2 trim: open failed: /f2_zroot: Is a directory 2021-09-03 12:21:49 toor@f2 ~ # trim -f -v ada0 trim ada0 offset 0 length 60022480896 trim: open failed: ada0: Operation not permitted 2021-09-03 12:22:52 toor@f2 ~ # trim -f -v ada0s1 trim ada0s1 offset 0 length 15032385536 trim: open failed: ada0s1: Operation not permitted 2021-09-03 12:23:55 toor@f2 ~ # trim -f -v ada0s1a trim ada0s1a offset 0 length 2147483648 trim: open failed: ada0s1a: Operation not permitted 2021-09-03 12:24:57 toor@f2 ~ # trim -f -v ada0s1b trim ada0s1b offset 0 length 2147483648 trim: open failed: ada0s1b: Operation not permitted 2021-09-03 12:25:58 toor@f2 ~ # trim -f -v ada0s1d trim ada0s1d offset 0 length 10737418240 trim: open failed: ada0s1d: Operation not permitted 2021-09-03 12:26:57 toor@f2 ~ # man 4 ada | grep -i trim 2021-09-03 12:27:35 toor@f2 ~ # man 4 ada | grep -i unmap 2021-09-03 13:24:51 toor@f2 ~ # man 8 zpool | grep -i trim 2021-09-03 13:24:54 toor@f2 ~ # man 8 zpool | grep -i unmap 2021-09-03 13:24:55 toor@f2 ~ # man 8 zfs | grep -i trim 2021-09-03 13:25:07 toor@f2 ~ # man 8 zfs | grep -i unmap My WAG: 1. trim(8) is not integrated with ZFS. 2. ZFS does not provide a TRIM configuration settings or userland tools. 3. Given the disk was zeroed before installation and given the monotonically increasing sizes of the 'gzip -1' compressed raw images I take monthly, TRIM is not implemented by ZFS. David From owner-freebsd-questions@freebsd.org Fri Sep 3 20:49:11 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BDA4267D6C0 for ; Fri, 3 Sep 2021 20:49:11 +0000 (UTC) (envelope-from kh@panix.com) Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1VJk4HSbz3mZY for ; Fri, 3 Sep 2021 20:49:10 +0000 (UTC) (envelope-from kh@panix.com) Received: from rain.home (pool-96-230-243-2.bstnma.fios.verizon.net [96.230.243.2]) by mailbackend.panix.com (Postfix) with ESMTPSA id 4H1VJc5P0SzSwg for ; Fri, 3 Sep 2021 16:49:04 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=panix.com; s=panix; t=1630702144; bh=HY081WSLPl3ujP0uk3us8BFFni2Co1FXyS47DhWqgVI=; h=Subject:To:References:From:Date:In-Reply-To; b=G18hd3Hh0ogwuSqet0MgkBJidGBJ++yhReCAGISF0gTfcp3sHpAADpjSjrNpTBFhx Raw5i1jMdrwSDGavJkMjcCpIZKFBKtC0hQ0/xZ0clYu7IwyFAtzFaQamcrMQ4G+dtN sWS3jJVblIIzPMYN5euiTd8eqC35UTpWWS4Nn/gk= Subject: Re: FreeBSD 12.2-RELEASE-p9 trim: open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: <47d0f250-a47c-bbe0-2875-4f42f4464fcc@chezmarcotte.ca> <64099455-5526-beb5-8ead-6ce8a9d073e6@holgerdanske.com> From: Kurt Hackenberg Message-ID: <4019d92e-c33d-6ba1-dc80-7e28ccc44802@panix.com> Date: Fri, 3 Sep 2021 16:49:02 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: <64099455-5526-beb5-8ead-6ce8a9d073e6@holgerdanske.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4H1VJk4HSbz3mZY X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=panix.com header.s=panix header.b=G18hd3Hh; dmarc=none; spf=pass (mx1.freebsd.org: domain of kh@panix.com designates 166.84.1.89 as permitted sender) smtp.mailfrom=kh@panix.com X-Spamd-Result: default: False [-2.15 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[166.84.1.89:from]; R_SPF_ALLOW(-0.20)[+ip4:166.84.0.0/16]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[panix.com:+]; RECEIVED_SPAMHAUS_PBL(0.00)[96.230.243.2:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:2033, ipnet:166.84.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[panix.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[panix.com:s=panix]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[panix.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_SHORT(0.35)[0.354]; RCVD_IN_DNSWL_NONE(0.00)[166.84.1.89:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2021 20:49:11 -0000 On 2021/09/03 16:30, David Christensen wrote: >> It might be that a raw device could be trimmed, but perhaps there's >> some safety there to stop it from wiping a device that is backing a >> mounted filesystem. ... > That is a good point -- the filesystem knows what blocks are in use, > what blocks are not in use, and when blocks are removed from use. > Somehow, trim(8) gets this information (from the kernel filesystem stack?). > > > RTFM trim(8): Do I understand correctly that you want to set a state, so that the filesystem, ongoing, erases a block when it frees the block? According to that man page, the trim command does something different: it erases blocks immediately, unconditionally, regardless of whether they're in use. The man page says: "The trim utility erases specified region of the device." "The whole device is erased by default..." If you're using ZFS, perhaps you should look for a way to configure the ZFS filesystem to erase on free. From owner-freebsd-questions@freebsd.org Sat Sep 4 01:54:55 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 271346A9715 for ; Sat, 4 Sep 2021 01:54:55 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [IPv6:2001:470:0:19b::b869:801b]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "holgerdanske.com", Issuer "holgerdanske.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1d5T5xLzz4pLm for ; Sat, 4 Sep 2021 01:54:53 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1630720488; bh=4eedslorLMQe7iMJxgqdSHmnQVOlmVr2zQl0Hcan4z8=; h=Received:Subject:To:References:From:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type:Content-Language: Content-Transfer-Encoding; b=2e6Yb4xTe3DKmqV0e5tZ1k5s08rp6EU2NROeD8TS8PqN6PKwBXnFj1unpWcvm4mvC WdPYDRAKPa9rqlxWC76pANIsZ3KkkfQD+Jx2yO29Ozs+CuYA91dIEm/GPR3V5XFbPy E3W3neHuVnZazk18vKtPGKfeIiyPDWD+AcKQxzu2BAqDhStoi1l/OcleL9j8VUGB9d 1J+z+oo1m4EdVq4caKrXqcfToXcPHDNFguzirr9huCKwQCF3NdvqM4jxJc9XOuOBGv ETC5AIwb25GS80GPQmbLXaBn/+6i12cbzqqG0j1r5AsS/Az6ngu8ejkKs7mGMuL4zz AtsGg2OsnXPbxWr1COcNuqwI0TclX6wwHfhWS4xJRCZpNr1FYD+jhhjzZh6qI96h43 2hXbBTfXAWjBdvdXzNv/Gn5iNxOPC2mN8flHeemzATZk/YIlSNC0WY+r9S7LtrFrq+ ZXtFAVaIJ4z2mKkS9fwCOHrc68GEHScJBfRvFu254yBZyv4XbCoYqdlwpdkbD1wblA +DcltjIP6KJXkfzu1AHcO13fHvNIkkLsiApQ/VMu/nvC3lHfWIwnMmGSwj9O+Om9ir qqMOMdJs7aGt4vTZpXKQvvGrAEAUWWQeGO8pc1rKut0HXApkdVXvyESKPwfDs7R3Qa 9kFPyLy7IplTDpTqMU7nOeQg= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Fri, 3 Sep 2021 18:54:48 -0700 Subject: Re: FreeBSD 12.2-RELEASE-p9 trim: open failed: /dev/ada0: Operation not permitted To: freebsd-questions@freebsd.org References: <47d0f250-a47c-bbe0-2875-4f42f4464fcc@chezmarcotte.ca> <64099455-5526-beb5-8ead-6ce8a9d073e6@holgerdanske.com> <4019d92e-c33d-6ba1-dc80-7e28ccc44802@panix.com> From: David Christensen Message-ID: <3cefb7d0-6a6e-8cb5-f730-d4c7fc6dbb4e@holgerdanske.com> Date: Fri, 3 Sep 2021 18:54:48 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <4019d92e-c33d-6ba1-dc80-7e28ccc44802@panix.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4H1d5T5xLzz4pLm X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b=2e6Yb4xT; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 2001:470:0:19b::b869:801b as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com X-Spamd-Result: default: False [-3.78 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a:november.he.net]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[holgerdanske.com:+]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; NEURAL_HAM_SHORT(-0.78)[-0.778]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2021 01:54:55 -0000 On 9/3/21 1:49 PM, Kurt Hackenberg wrote: > On 2021/09/03 16:30, David Christensen wrote: > >>> It might be that a raw device could be trimmed, but perhaps there's >>> some safety there to stop it from wiping a device that is backing a >>> mounted filesystem. > ... >> That is a good point -- the filesystem knows what blocks are in use, >> what blocks are not in use, and when blocks are removed from use. >> Somehow, trim(8) gets this information (from the kernel filesystem >> stack?). >> >> >> RTFM trim(8): > > Do I understand correctly that you want to set a state, so that the > filesystem, ongoing, erases a block when it frees the block? My goal is to invoke a userspace utility that trims the unused blocks of the SSD prior to taking a raw binary image. On Linux, it is pronounced fstrim(8): https://man.archlinux.org/man/fstrim.8 > According to that man page, the trim command does something different: > it erases blocks immediately, unconditionally, regardless of whether > they're in use. > > The man page says: > > "The trim utility erases specified region of the device." > > "The whole device is erased by default..." If so, I am lucky that trim(8) did not work (!). > If you're using ZFS, perhaps you should look for a way to configure the > ZFS filesystem to erase on free. A reply from another reader indicates OpenZFS on FreBSD 14 supports both automatic trim and userspace trim on command. David From owner-freebsd-questions@freebsd.org Sat Sep 4 02:06:38 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 30C866A9C12 for ; Sat, 4 Sep 2021 02:06:38 +0000 (UTC) (envelope-from nc@FreeBSD.org) Received: from rainpuddle.neelc.org (locks.neelc.org [IPv6:2602:fed2:7106:25ff::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1dM16NP5z4sV3; Sat, 4 Sep 2021 02:06:37 +0000 (UTC) (envelope-from nc@FreeBSD.org) Received: from mail.neelc.org (locks.neelc.org [IPv6:2602:fed2:7106:25ff::1]) by rainpuddle.neelc.org (Postfix) with ESMTPSA id 2C81F89333; Fri, 3 Sep 2021 19:06:28 -0700 (PDT) MIME-Version: 1.0 Date: Fri, 03 Sep 2021 19:06:26 -0700 From: Neel Chauhan To: Tomasz CEDRO Cc: freebsd-desktop@freebsd.org, FreeBSD Questions Mailing List Subject: Re: malware in gpu adress space In-Reply-To: References: User-Agent: Roundcube Webmail/1.4.11 Message-ID: <54142f61126127c158644229e32ba99f@FreeBSD.org> X-Sender: nc@FreeBSD.org Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4H1dM16NP5z4sV3 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:23470, ipnet:2602:fed2:7106::/48, country:US]; local_wl_from(0.00)[FreeBSD.org] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2021 02:06:38 -0000 Hi, Disclaimer: I work at Microsoft, but not on Windows. In fact, I am pretty much clueless on how NT works on the inside. On 2021-09-02 13:11, Tomasz CEDRO wrote: > I have found that article on hiding malware/rootkit in GPU address > space using OpenCL 2.0+ and launching it from there as evasion on > antivirus software. > > https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/ > > Is it bug/feature of Windows GPU drivers? Is it bug/feature of OpenCL? > Is it possible on FreeBSD? :-) If you read this quote in the article: > According to the advertiser, the project works only on Windows systems > that support versions 2.0 and above of the OpenCL framework for > executing code on various processors, GPUs included. The app by itself can't run on FreeBSD as it exists today. It would depend on whether mesa has the same vulnerability as the Windows OpenGL implementation, or if it's a hardware vulnerability (in which case it can affect all OSes). I'm no expert on OpenCL. Yes, I've helped with drm-kmod 5.6-wip, but that's about it with GPU drivers. -Neel (nc@) From owner-freebsd-questions@freebsd.org Sat Sep 4 02:44:47 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8D18A6A9F54 for ; Sat, 4 Sep 2021 02:44:47 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-oo1-xc2b.google.com (mail-oo1-xc2b.google.com [IPv6:2607:f8b0:4864:20::c2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4H1fC32lDlz3Jt2 for ; Sat, 4 Sep 2021 02:44:47 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-oo1-xc2b.google.com with SMTP id b5-20020a4ac285000000b0029038344c3dso240660ooq.8 for ; Fri, 03 Sep 2021 19:44:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Rf7EisIBXIktGDVX6BKWLFWfHCl1Y5Z2gAfSAu83mIo=; b=iCOKFHaMms0SazOnRiG7rgjNe42/WArtIBbSTLrZVr1P3MxXBZtlpyiQcnoeXhQgc7 Okg5oD1iNmvkDNCfx/JoDUVmQHn/2/rttw6ncvPp28VpOl5yC/6Ie8kIxg0ZGj2XA4Ln vHN43LRqDHlJwvjQfPo8OGfTaKbxasfp5W7R7yLqvZZrA+nN+GLhInqEkLoWwoIWz8eO hWqiuJVhBTGqRgYHleKNNLHjW4qXgaIive7C5sIYGKVMpSqrlGolikyBFLR7/g1IAVBO t2oyuBInZ4OtYUZ6akL34vmQsh/d3GOLQSLGx7TlzUDpc7Cfs67U7RThUbj/o12nYeAn vs4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Rf7EisIBXIktGDVX6BKWLFWfHCl1Y5Z2gAfSAu83mIo=; b=Df3LjhByKCmc59xZPtLwFWKFLafdDX7Wa9Kah3a4POqAgX5nmlXAQInoHEUjXV4yAX KXDycBhTml3726tMLu/1G8scPK2sT1U6EQ4x+7OJzu1cGUTpAZe+xWT4dLIUZoxkJ1rN 5vgt/lHIs2bhoTV6LTyEhCR9fwMrb0jLW5N2+owf9zBSugFqYod7ow0OtyHGOQUWhthS WIWkVhzOVNAB+NLS4auIPgdnk21chilcWL/TAistX8Aptcdy+2hK7mKce52KEPxZONXN cqmsxLEFhyoi0So9S2qsgol4tbubZ692IMq6W8Z/RNFJ6Dx+bvpCY1BgOKnih28yxLQL FD4w== X-Gm-Message-State: AOAM530oLcfljBfJNbGaqv26R5vpoTsPQp2k2LmOH7UTmIh70badeVfz 7+dt85RmutjHSh7xHshrjvCrIMy+vnlrJA9+KTlPbg== X-Google-Smtp-Source: ABdhPJwFLpD9Q99rmTMCoFAtA9BJgISWMTJhpGl8+nY9EYUhJ42XPwt+aCIHr1kUSAjNwMfA+09MTqHd/0nLKJPJshA= X-Received: by 2002:a4a:a40c:: with SMTP id v12mr5403233ool.72.1630723486329; Fri, 03 Sep 2021 19:44:46 -0700 (PDT) MIME-Version: 1.0 References: <54142f61126127c158644229e32ba99f@FreeBSD.org> In-Reply-To: <54142f61126127c158644229e32ba99f@FreeBSD.org> From: Tomasz CEDRO Date: Sat, 4 Sep 2021 04:44:08 +0200 Message-ID: Subject: Re: malware in gpu adress space To: Neel Chauhan Cc: freebsd-desktop@freebsd.org, FreeBSD Questions Mailing List Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4H1fC32lDlz3Jt2 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2021 02:44:47 -0000 On Sat, Sep 4, 2021 at 4:06 AM Neel Chauhan wrote: > Disclaimer: I work at Microsoft, but not on Windows. In fact, I am > pretty much clueless on how NT works on the inside. > > On 2021-09-02 13:11, Tomasz CEDRO wrote: > > I have found that article on hiding malware/rootkit in GPU address > > space using OpenCL 2.0+ and launching it from there as evasion on > > antivirus software. > > > > https://www.bleepingcomputer.com/news/security/cybercriminal-sells-tool-to-hide-malware-in-amd-nvidia-gpus/ > > > > Is it bug/feature of Windows GPU drivers? Is it bug/feature of OpenCL? > > Is it possible on FreeBSD? :-) > > If you read this quote in the article: > > > According to the advertiser, the project works only on Windows systems > > that support versions 2.0 and above of the OpenCL framework for > > executing code on various processors, GPUs included. > > The app by itself can't run on FreeBSD as it exists today. It would > depend on whether mesa has the same vulnerability as the Windows OpenGL > implementation, or if it's a hardware vulnerability (in which case it > can affect all OSes). > > I'm no expert on OpenCL. Yes, I've helped with drm-kmod 5.6-wip, but > that's about it with GPU drivers. > > -Neel (nc@) Just a curiosity and maybe hint to someone that knows the internals and might check if we might have similar problem in the GPU layer :-) Looks like a design flaw / exploited feature of OpenCL 2.0+ ? This is not the part of base, but I was wondering if problem is / may be multiplatform :-) Thanks for your time and reply Neel :-) -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-questions@freebsd.org Sat Sep 4 09:56:52 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DE90E6AF2BD for ; Sat, 4 Sep 2021 09:56:52 +0000 (UTC) (envelope-from olgeni@FreeBSD.org) Received: from hub.olgeni.com (hub.olgeni.com [31.171.246.156]) by mx1.freebsd.org (Postfix) with ESMTP id 4H1qnc1fyWz4yRw for ; Sat, 4 Sep 2021 09:56:52 +0000 (UTC) (envelope-from olgeni@FreeBSD.org) Received: from [192.168.0.4] (94-36-151-155.adsl-ull.clienti.tiscali.it [94.36.151.155]) by hub.olgeni.com (Postfix) with ESMTPSA id 6FD1ED7946 for ; Sat, 4 Sep 2021 11:56:45 +0200 (CEST) Date: Sat, 4 Sep 2021 11:56:44 +0200 (CEST) From: Jimmy Olgeni To: freebsd-questions@freebsd.org Subject: Locating ZFS checksum errors Message-ID: X-OpenPGP-KeyID: 0xFCDB3E82F778D8D7 X-OpenPGP-Fingerprint: EE37 B427 91C5 7707 EC54 064A FCDB 3E82 F778 D8D7 X-OpenPGP-URL: http://hub.olgeni.com/~olgeni/pgp/olgeni@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 4H1qnc1fyWz4yRw X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; ASN(0.00)[asn:50837, ipnet:31.171.244.0/22, country:CH] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2021 09:56:52 -0000 Hi, Short version of the story: due to a bad RAM stick I managed to collect some checksum errors on a ZFS pool; they are not reported by a scrub, but show up when running "zdb -bcsvL". They look like this: capacity operations bandwidth ---- errors ---- description used avail read write read write read write cksum rpool 469G 451G 1.65K 0 146M 0 0 0 0 mirror 469G 451G 1.65K 0 146M 0 0 0 0 /dev/gpt/pool1 843 0 73.0M 0 0 0 98 /dev/gpt/pool0 842 0 73.1M 0 0 0 98 A few of them are logged during the scan: zdb_blkptr_cb: Got error 97 reading <404, 0, 1, 17> DVA[0]=<0:e0956e000:6000> DVA[1]=<0:1200c25000:6000> [L1 DMU dnode] fletcher4 lz4 unencrypted LE contiguous unique double size=20000L/6000P birth=7322L/7322P fill=5419 cksum=743743d4a15:652404d7275bf1:349b01108bcc58b4:6eb5731a7332a4d1 -- skipping zdb_blkptr_cb: Got error 97 reading <2271, 0, 5, 0> DVA[0]=<0:c2f30ab000:1000> DVA[1]=<0:c600436000:1000> [L5 DMU dnode] fletcher4 lz4 unencrypted LE contiguous unique double size=20000L/1000 P birth=7289L/7289P fill=337300 cksum=85bc497d18:1eb5fc0b1421b:38938f1daa6522b:5ad4e58754321611 -- skipping zdb_blkptr_cb: Got error 97 reading <3310, 4, 1, 0> DVA[0]=<0:e0956c000:2000> DVA[1]=<0:120086c000:2000> [L1 ZFS directory] fletcher4 lz4 unencrypted LE contiguous unique double size=20000L/2 000P birth=7322L/7322P fill=129 cksum=288290d57d8:bc9ebda8906ed:200f1da7dabb56ec:4fcfb4af9ef377a4 -- skipping zdb_blkptr_cb: Got error 97 reading <3722, 0, 0, 0> DVA[0]=<0:600a59000:1000> DVA[1]=<0:a000c5000:1000> [L0 DMU dnode] fletcher4 lz4 unencrypted LE contiguous unique double size=4000L/1000P b irth=7302L/7302P fill=28 cksum=aa07fc9336:1ad004ec7af20:25a14bccd8cf7cf:61322f0ae33d86ad -- skipping zdb_blkptr_cb: Got error 97 reading <3722, 0, 0, 2> DVA[0]=<0:601948000:1000> DVA[1]=<0:a05199000:1000> [L0 DMU dnode] fletcher4 lz4 unencrypted LE contiguous unique double size=4000L/1000P b irth=7316L/7316P fill=20 cksum=67169bc899:13f93c35f3010:1ff78fe1b055272:31b6e7e44bb229c0 -- skipping zdb_blkptr_cb: Got error 97 reading <3722, 139, 0, 0> DVA[0]=<0:ca000f6000:1000> [L0 ZFS plain file] fletcher4 uncompressed unencrypted LE contiguous unique single size=800L/800P birth=7298L/ 7298P fill=1 cksum=8af8a441c3:9476600aa3da:63e5ffe2b26478:3244cdb4fc8d9b34 -- skipping zdb_blkptr_cb: Got error 97 reading <3722, 0, 0, 9> DVA[0]=<0:600881000:1000> DVA[1]=<0:a000ba000:1000> [L0 DMU dnode] fletcher4 lz4 unencrypted LE contiguous unique double size=4000L/1000P b irth=7300L/7300P fill=11 cksum=4f4ecf4565:10844f3c60c42:1bdd551a4002c08:fb9b06c01f06226f -- skipping zdb_blkptr_cb: Got error 97 reading <3722, 385, 0, 0> DVA[0]=<0:e09567000:2000> [L0 ZFS plain file] fletcher4 uncompressed unencrypted LE contiguous unique single size=1400L/1400P birth=7322L /7322P fill=1 cksum=d3768c188b:21a57dbb50d02:37b485d3c25dc20:5c04a9cd9a910a53 -- skipping zdb_blkptr_cb: Got error 97 reading <3722, 760, 0, 0> DVA[0]=<0:ca00280000:1000> [L0 ZFS plain file] fletcher4 uncompressed unencrypted LE contiguous unique single size=400L/400P birth=7322L/ 7322P fill=1 cksum=97317b812:7d938af334d:364ea0c01c20e:1030d470306d731 -- skipping Now, how do I find out which files (or whatever else) are affected, in order to fix them? :) I tried to get a detailed log from zdb with all the DVAs and checksums, but I could not find any match. -- jimmy From owner-freebsd-questions@freebsd.org Thu Sep 2 08:10:14 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9C56C67B149 for ; Thu, 2 Sep 2021 08:10:14 +0000 (UTC) (envelope-from mark.tinka@seacom.com) Received: from the-host.tinka.africa (ge-1.ln-01-jnb.za.seacomnet.com [105.28.96.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4H0YWT5NKsz3t33 for ; Thu, 2 Sep 2021 08:10:13 +0000 (UTC) (envelope-from mark.tinka@seacom.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tinka.africa; s=tinka; h=Content-Type:MIME-Version:Date:Message-ID:Subject: From:To:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=N8FG/QDSGAetcdNCIgPU9YeBqv9LQMJkOFjN5HOcgxQ=; b=Vlkb/FNec/6o0M6EggsB0Sk2Qr 5OoZlssaq/wieI/M2T+BDLWuyV+vWiHxduEuHA2KMrCQ7SoZLxXMyxWsvFVb9dz/etL9MZLTvAdB4 NmrJvDFuAmlnYtvGUBbyKODc0HowpTtxLGQ2yqCqZlFduOOVhqoc+iEky68cID0SoYAS0t7tBZfBL IqxDhK24N/MDVDPopCIYl8A5fW8r0whMWbgPJV3IBGYSQvwSG/qJ4rtJZLC1etiehIVjPQx26FCzZ EjT34LZpEbu0iBcpDlRqRtIcHg5cJhBSF+1ANoh53L1iXiOwPk+cdgevgUaxFUMvfWP7L2yYdoG1S alHdsTsQ==; Received: from [127.0.0.1] (helo=Marks-MacBook-Pro.local) by the-host.tinka.africa with esmtp (Exim 4.94) (envelope-from ) id QYSS0R-0009EL-ED for freebsd-questions@freebsd.org; Thu, 02 Sep 2021 10:10:03 +0200 To: freebsd-questions@freebsd.org From: Mark Tinka Subject: BIND 'max-cache-size' Value on FreeBSD-13.0 Organization: SEACOM Message-ID: Date: Thu, 2 Sep 2021 10:10:03 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 MIME-Version: 1.0 Content-Language: en-US X-Rspamd-Queue-Id: 4H0YWT5NKsz3t33 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tinka.africa header.s=tinka header.b="Vlkb/FNe"; dmarc=pass (policy=none) header.from=seacom.com; spf=pass (mx1.freebsd.org: domain of mark.tinka@seacom.com designates 105.28.96.5 as permitted sender) smtp.mailfrom=mark.tinka@seacom.com X-Spamd-Result: default: False [-3.00 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tinka.africa:s=tinka]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:105.28.96.5]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; DKIM_TRACE(0.00)[tinka.africa:+]; HFILTER_HELO_2(1.00)[the-host.tinka.africa]; DMARC_POLICY_ALLOW(-0.50)[seacom.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:37100, ipnet:105.16.0.0/12, country:MU]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-Mailman-Approved-At: Sat, 04 Sep 2021 20:47:48 +0000 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2021 08:10:14 -0000 Hi all. Ever since we moved from BIND-9.11 to BIND-9.16, we've been experiencing 'named' crashing after 24hrs - 36hrs on high-load resolver-only servers, running on FreeBSD-13.0. We found that the reason for this was due to BIND running out of swap space. An increase in swap space by creating a 4GB swap file did not help. So we are now playing with the 'max-cache-size' value in BIND. The system has 15GB of physical RAM. Limiting BIND to 13GB of memory does not work; 'named' still crashes due to a lack of swap space. We have then switched to % values, and it's still crashing for the same reason at 90% and now 80%. We are now testing 70%. Anyone have some idea of how we can get this under control? Is there a possibility that BIND is not properly understanding how much physical RAM is available to FreeBSD, and just burns through it anyway, tripping swap space in the process? I can't think of any reason why BIND would keep burning RAM if it has been told to limit its demand to a certain value or %. All help appreciated. Thanks. Mark.