Cy Schubert | 23 Jul 22:08 2014

Re: Future of pf / firewall in FreeBSD ? - does it have one ?

In message <alpine.LRH.2.11.1407201430030.2748 <at> nber7.nber.org>, Daniel 
Feenberg
 writes:
> 
> 
> On Sun, 20 Jul 2014, Lars Engels wrote:
> 
> > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> >> all of that is true, but you are missing the point. Having two versions of
> >> pf on the bsd's at the user level, is a bad thing. It confuses people,
> >> which puts them off. Its a classic case of divide an conquer for other
> >> platforms. I really like the idea of the openpf version, that has been
> >> mentioned in this thread. It would be awesome if it ended up as a supporte
> d
> >> linux thing as well, so the world could be rid of iptables. However i gues
> s
> >> thats just an unrealistic dream
> >
> > And you don't seem to get the point that _someone_ has to do the work.
> > No one has stepped up so far, so nothing is going to change.
> >
> 
> No one with authority has yet said that "If an updated pf were available,
>   would be welcomed". Rather they have said "An updated pf would not be
> suitable, as it would be incompatible with existing configuration files".
> If the latter is indeed the case, there is little incentive for anyone
> to go to the effort of porting the newer pf. After all, the reward for
> the work is chiefly in glory, and if there is to be no glory, the work
> is unlikely to be done.

(Continue reading)

Cy Schubert | 23 Jul 21:59 2014

Re: Future of pf / firewall in FreeBSD ? - does it have one ?

In message <53CCF596.1070302 <at> yandex.ru>, "Andrey V. Elsukov" writes:
> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
> --EITUmaAVUtsHLdssNwHpA0G0W8jTQ9d3L
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> 
> On 20.07.2014 18:15, Maxim Khitrov wrote:
> > In my opinion, the way forward is to forget (at least temporarily) the
> > SMP changes, bring pf in sync with OpenBSD, put a policy in place to
> > follow their releases as closely as possible, and then try to
> > reintroduce all the SMP work. I think the latter has to be done
> > upstream, otherwise it'll always be a story of diverging codebases.
> > Furthermore, if FreeBSD developers were willing to spend some time
> > improving pf performance on OpenBSD, then Henning and other OpenBSD
> > developers might be more receptive to changes that make the porting
> > process easier.
> 
> Even if you just drop current PF from FreeBSD, there is nobody, who want
> to port new PF from OpenBSD. And this is not easy task, as you may
> think. Gleb has worked on rewriting PF more than half year. So, return
> back all improvements after import will be hard enough and, again,
> nobody want to do it. :)

One way or another something needs to be done and agreed it would be a lot 
of work. Our options are,

a) Import OpenBSD pf thereby throwing away our current investment in pf. 
All our work to get it up to snuff with our IP stack, SMP, and VIMAGE would 
be all for naught. We do get a new pf though. Won't be a quality port 
though. Personally, not my #1 option.
(Continue reading)

Cy Schubert | 23 Jul 17:42 2014

Re: Future of pf / firewall in FreeBSD ? - does it have one ?

In message <20381608.Hhy3QfhrOP <at> overcee.wemm.org>, Peter Wemm writes:
> On Saturday 19 July 2014 13:06:52 Baptiste Daroussin wrote:
> > On Fri, Jul 18, 2014 at 03:22:18PM -0400, Allan Jude wrote:
> > > On 2014-07-18 15:07, Adrian Chadd wrote:
> > > > On 18 July 2014 07:34, krad <kraduk <at> gmail.com> wrote:
> > > >> that is true and I have not problem using man pages, however tha=
> ts not
> > > >> the
> > > >> way most of the world work and search engines arent exactly new =
> either.
> > > >> We
> > > >> should be trying to engage more people not less, and part of tha=
> t is
> > > >> reaching out.
> > > >=20
> > > > Then do the port and maintain it.
> > > >=20
> > > > The problem isn't the desire to keep things up to date, it's a la=
> ck of
> > > > people who want that _and_ are willing/able to do it _and_ are fu=
> nded
> > > > somehow.
> > > >=20
> > > > So, please step up! We'll all love you for it.
> > > >=20
> > > >=20
> > > >=20
> > > > -a
> > > > _______________________________________________
> > > > freebsd-current <at> freebsd.org mailing list
(Continue reading)

Cy Schubert | 23 Jul 18:18 2014

Re: Future of pf / firewall in FreeBSD ? - does it have one ?

In message <CAJ-Vmo=_vLkMZn02EPUmpvqugcT8ga1_Kqs=XU49SGUNGEO0Pw <at> mail.gmail.c
om>
, Adrian Chadd writes:
> On 18 July 2014 07:34, krad <kraduk <at> gmail.com> wrote:
> > that is true and I have not problem using man pages, however thats not the
> > way most of the world work and search engines arent exactly new either. We
> > should be trying to engage more people not less, and part of that is
> > reaching out.
> 
> Then do the port and maintain it.
> 
> The problem isn't the desire to keep things up to date, it's a lack of
> people who want that _and_ are willing/able to do it _and_ are funded
> somehow.

Funding is the issue. Sure, some of us maintain software because a personal 
need however without funding one has to fit maintaining software into 
whatever time is left. For those of us who do this without funding you 
manage to squeeze in an hour here or there.

> So, please step up! We'll all love you for it.

Many hands make light work.

--

-- 
Cheers,
Cy Schubert <Cy.Schubert <at> komquats.com>
FreeBSD UNIX:  <cy <at> FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.
(Continue reading)

Baptiste Daroussin | 23 Jul 16:42 2014
Picon

[ANNOUNCEMENT] pkg 1.3.0 out!

Hi all,

I'm very please to announce the release of pkg 1.3.0
This version is the result of almost 9 month of hard work

Here are the statistics for the version:
- 373 files changed, 66973 insertions(+), 38512 deletions(-)
- 29 different contributors

Please not that for the first time I'm not the main contributor, and I would
like to particularly thanks Vsevold Stakhov for all the hard work he has done to
allow us to get this release out. I would like also to give a special thanks to
Andrej Zverev for the tons of hours spending on testing and cleaning the bug
tracker!

So much has happened that it is hard to summarize so I'll try to highlight the
major points:
- New solver, now pkg has a real SAT solver able to automatically handle
  conflicts and dynamically discover them. (yes pkg set -o is deprecated now)
- pkg install now able to install local files as well and resolve their
  dependencies from the remote repositories
- Lots of parts of the code has been sandboxed
- Lots of rework to improve portability
- Package installation process has been reworked to be safer and handle properly
  the schg flags
- Important modification of the locking system for finer grain locks
- Massive usage of libucl
- Simplification of the API
- Lots of improvements on the UI to provide a better user experience.
- Lots of improvements in multi repository mode
(Continue reading)

Sean Bruno | 22 Jul 19:52 2014

sys/boot unbuildable

I can't quite see what the difference in building sys/i386/loader and
sys/i386/zfsloader is outside of the obvious zfs loader support flag.

But, loader will build, and zfsloader will not.  Clang will give me a
nice error that tells me how I could fix this, but since loader builds
fine I suspect something buildsystem related is occuring here?

cc -O2 -pipe   -DLOADER_ZFS_SUPPORT -DLOADER_NFS_SUPPORT -DBOOT_FORTH
-I/home/sbruno/bsd/fbsd_head/sys/boot/i386/zfsloader/../../ficl
-I/home/sbruno/bsd/fbsd_head/sys/boot/i386/zfsloader/../../ficl/i386
-DLOADER_GZIP_SUPPORT -DLOADER_DISK_SUPPORT -DLOADER_GPT_SUPPORT
-DLOADER_MBR_SUPPORT
-I/home/sbruno/bsd/fbsd_head/sys/boot/i386/zfsloader/../../common -I.
-Wall -I/home/sbruno/bsd/fbsd_head/sys/boot/i386/zfsloader/..
-I/home/sbruno/bsd/fbsd_head/sys/boot/i386/zfsloader/../btx/lib
-march=i386 -ffreestanding -mno-mmx -mno-3dnow -mno-sse -mno-sse2
-mno-sse3 -msoft-float -m32 -std=gnu99   -Qunused-arguments
-DLOADER_PREFER_AMD64
-c /home/sbruno/bsd/fbsd_head/sys/boot/i386/zfsloader/../loader/main.c
/home/sbruno/bsd/fbsd_head/sys/boot/i386/zfsloader/../loader/main.c:38:10: error:
'machine/bootinfo.h' file not found with <angled> include; use "quotes" instead
#include <machine/bootinfo.h>
         ^~~~~~~~~~~~~~~~~~~~
         "machine/bootinfo.h"
1 error generated.
*** Error code 1

Stop.
make: stopped in /home/sbruno/bsd/fbsd_head/sys/boot/i386/zfsloader

(Continue reading)

Sean Bruno | 22 Jul 17:45 2014

libstand modification

https://phabric.freebsd.org/D443

the 64bit version of userboot has been screaming about bit shifting
operators for a while now.

The short explanation, amd64 sizeof(long) != i386 sizeof(long).

The long explanation is in the phabric diff and comments.

I see no reason to not commit this, but thought I'd throw it here for
your commentary.

sean

_______________________________________________
freebsd-current <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe <at> freebsd.org"

Pedro Giffuni | 22 Jul 06:15 2014
Picon

NPF (was Re: Future of pf / firewall in FreeBSD ? - does it have one ?)

FWIW, and while I still wonder why we need three packet filters …

There is yet another firewall implementation in NetBSD:

http://www.netbsd.org/~rmind/npf/

It seems to be more portable, it is thought with SMP-friendliness in mind and according to a EuroBSDCon talk
ports for FreeBSD and Illumos were being considered.

Good to have more options … I think.

Pedro. 

_______________________________________________
freebsd-current <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe <at> freebsd.org"

Benjamin Kaduk | 22 Jul 00:34 2014
Picon

clang assertion failure+coredump in clang 3.4.1

Building some out-of-tree software with a rather long set of compiler 
flags, I can reliably get our clang to crash.
The system is current as of r267362 (June 11), with clang reporting itself 
as FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 
20140512
Target: x86_64-unknown-freebsd11.0
(freefall's clang crashes as well.)

Unfortunately, I don't have debug symbols around for that clang binary.
If someone does have a clang with debug symbols handy, I'd be interested 
in seeing the backtrace.

The processed source file and invocation shell script may be found at:
http://web.mit.edu/kaduk/Public/clang/dumptool-09e584.c    (1.1M)
http://web.mit.edu/kaduk/Public/clang/dumptool-09e584.sh

Thanks,

Ben
_______________________________________________
freebsd-current <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe <at> freebsd.org"

Larry Rosenman | 21 Jul 10:17 2014

[PANIC][vboxdrv] use afer free/iprtheap

Got the following panic this morning....

borg.lerctr.org dumped core - see /var/crash/vmcore.5

Sun Jul 20 03:28:12 CDT 2014

FreeBSD borg.lerctr.org 11.0-CURRENT FreeBSD 11.0-CURRENT #50 r268894M: Sat Jul 19 18:06:08 CDT 2014    
root <at> borg.lerctr.org:/usr/obj/usr/src/sys/VT-LER  amd64

panic: solaris assert: !(zio->io_flags & ZIO_FLAG_DELEGATED), file:
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c, line: 2874

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
panic: solaris assert: !(zio->io_flags & ZIO_FLAG_DELEGATED), file:
/usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zio.c, line: 2874
cpuid = 7
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe100c49f930
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe100c49f9e0
vpanic() at vpanic+0x126/frame 0xfffffe100c49fa20
panic() at panic+0x43/frame 0xfffffe100c49fa80
assfail() at assfail+0x1d/frame 0xfffffe100c49fa90
(Continue reading)

Anders Bolt-Evensen | 20 Jul 18:19 2014

Problems starting X on Mac using vesa, radeon or intel drivers when running FreeBSD-CURRENT in EFI

Hello, everyone!
Last week, I created a custom ISO from the latest -CURRENT sources which 
contained an EFI image that is bootable on my MacBook Pro.
Both installation and booting from this new FreeBSD 11 EFI system goes 
without any problems.
However, I've also installed X11 and GNOME to get a graphical 
environment to work with, and that's when my problem occurs.

This computer has an Intel HD 3000 card as well as an AMD Radeon 
Mobility HD 6770M card.

The problem is that every time I start up X, using the Intel driver, the 
screen freezes with a cursor in the top left corner of the screen.
In other words, the X windowing system does not show up at all.
Pressing i.e. alt+F2 to switch away from this screen does not work.

When I try to use the radeon driver, X exits because of BIOS errors 
(since I do not use BIOS when in EFI mode), as can be seen from the 
output of "dmesg -a" from a verbose boot (at the time dmesg -a was run, 
I had commented out the line with the intel driver to force it to use 
the radeon driver instead, since the intel driver caused the screen to 
freeze).
The vesa driver does not work either.

My Mac is using EFI 1.10.

I hope you guys can help out on the screen freezing issue when I start 
X.org.
It is worth mentioning that even if the screen freezes when X is 
starting, the computer is still fully able to run other commands.
(Continue reading)


Gmane