Re: IPSEC stop works after r285336
Two things you might do to help. The first is just send out a list of what you are testing so we know. The second is to contribute configs and the like to the netperf repo https://github.com/gvnn3/netperf We take pull requests :-) Best, George On 3 Aug 2015, at 23:20, Sydney Meyer wrote: Besides strongswan (actually, i don't know of any other ike-daemon which supports aes-gcm, apart from netbsd's racoon) connections with manually set up policies indeed seem to work fine, host-host iperf stuff, nothing fancy yet. Anyway, i will start playing around with this in some more scenarios and let you guys know if i come around any problems. If you would like me to test something specific, please let me know if i can help. Cheers, S. On 03 Aug 2015, at 18:23, George Neville-Neil g...@neville-neil.com wrote: This is being actively debugged and jmg@ and I have been testing a fix that should address this issue. Best, George On 3 Aug 2015, at 0:15, Sydney Meyer wrote: Hi John-Mark, the revision i built included gnn's patches to setkey already. I have tried to setup a tunnel using strongswan with gcm as esp cipher mode, but the connection fails with algorithm AES_GCM_16 not supported by kernel.. Here's the full log output: Aug 3 00:34:28 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, FreeBSD 11.0-CURRENT, amd64) Aug 3 00:34:28 00[KNL] unable to set UDP_ENCAP: Invalid argument Aug 3 00:34:28 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed Aug 3 00:34:28 00[KNL] unable to set UDP_ENCAP: Invalid argument Aug 3 00:34:28 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed Aug 3 00:34:28 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Aug 3 00:34:28 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Aug 3 00:34:28 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Aug 3 00:34:28 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Aug 3 00:34:28 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' Aug 3 00:34:28 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' Aug 3 00:34:28 00[CFG] loaded IKE secret for @moon.strongswan.org @sun.strongswan.org Aug 3 00:34:28 00[LIB] loaded plugins: charon aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac gcm attr kernel-pfkey kernel-pfroute resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock Aug 3 00:34:28 00[JOB] spawning 16 worker threads Aug 3 00:34:28 15[CFG] received stroke: add connection 'host-host' Aug 3 00:34:28 15[CFG] added configuration 'host-host' Aug 3 00:34:47 15[NET] received packet: from 10.0.30.109[500] to 10.0.30.59[500] (448 bytes) Aug 3 00:34:47 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] Aug 3 00:34:47 15[IKE] 10.0.30.109 is initiating an IKE_SA Aug 3 00:34:47 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ] Aug 3 00:34:47 15[NET] sending packet: from 10.0.30.59[500] to 10.0.30.109[500] (448 bytes) Aug 3 00:34:47 15[NET] received packet: from 10.0.30.109[4500] to 10.0.30.59[4500] (282 bytes) Aug 3 00:34:47 15[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Aug 3 00:34:47 15[CFG] looking for peer configs matching 10.0.30.59[sun.strongswan.org]...10.0.30.109[moon.strongswan.org] Aug 3 00:34:47 15[CFG] selected peer config 'host-host' Aug 3 00:34:47 15[IKE] authentication of 'moon.strongswan.org' with pre-shared key successful Aug 3 00:34:47 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Aug 3 00:34:47 15[IKE] peer supports MOBIKE Aug 3 00:34:47 15[IKE] authentication of 'sun.strongswan.org' (myself) with pre-shared key Aug 3 00:34:47 15[IKE] IKE_SA host-host[1] established between 10.0.30.59[sun.strongswan.org]...10.0.30.109[moon.strongswan.org] Aug 3 00:34:47 15[IKE] scheduling reauthentication in 3416s Aug 3 00:34:47 15[IKE] maximum IKE_SA lifetime 3596s Aug 3 00:34:47 15[KNL] algorithm AES_GCM_16 not supported by kernel! Aug 3 00:34:47 15[KNL] algorithm AES_GCM_16 not supported by kernel! Aug 3 00:34:47 15[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel Aug 3 00:34:47 15[IKE] failed to establish CHILD_SA, keeping IKE_SA Aug 3 00:34:47 15[KNL] unable to delete SAD entry with SPI c07a87b4: No such file or directory (2) Aug 3 00:34:47 15[KNL] unable to delete SAD entry with SPI c653554a: No such file or directory (2) Aug 3 00:34:47 15[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_6_ADDR) N(NO_PROP) ] Aug 3 00:34:47 15[NET] sending packet: from
Re: IPSEC stop works after r285336
This is being actively debugged and jmg@ and I have been testing a fix that should address this issue. Best, George On 3 Aug 2015, at 0:15, Sydney Meyer wrote: Hi John-Mark, the revision i built included gnn's patches to setkey already. I have tried to setup a tunnel using strongswan with gcm as esp cipher mode, but the connection fails with algorithm AES_GCM_16 not supported by kernel.. Here's the full log output: Aug 3 00:34:28 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, FreeBSD 11.0-CURRENT, amd64) Aug 3 00:34:28 00[KNL] unable to set UDP_ENCAP: Invalid argument Aug 3 00:34:28 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed Aug 3 00:34:28 00[KNL] unable to set UDP_ENCAP: Invalid argument Aug 3 00:34:28 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed Aug 3 00:34:28 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Aug 3 00:34:28 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Aug 3 00:34:28 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Aug 3 00:34:28 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Aug 3 00:34:28 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' Aug 3 00:34:28 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' Aug 3 00:34:28 00[CFG] loaded IKE secret for @moon.strongswan.org @sun.strongswan.org Aug 3 00:34:28 00[LIB] loaded plugins: charon aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac gcm attr kernel-pfkey kernel-pfroute resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock Aug 3 00:34:28 00[JOB] spawning 16 worker threads Aug 3 00:34:28 15[CFG] received stroke: add connection 'host-host' Aug 3 00:34:28 15[CFG] added configuration 'host-host' Aug 3 00:34:47 15[NET] received packet: from 10.0.30.109[500] to 10.0.30.59[500] (448 bytes) Aug 3 00:34:47 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] Aug 3 00:34:47 15[IKE] 10.0.30.109 is initiating an IKE_SA Aug 3 00:34:47 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ] Aug 3 00:34:47 15[NET] sending packet: from 10.0.30.59[500] to 10.0.30.109[500] (448 bytes) Aug 3 00:34:47 15[NET] received packet: from 10.0.30.109[4500] to 10.0.30.59[4500] (282 bytes) Aug 3 00:34:47 15[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Aug 3 00:34:47 15[CFG] looking for peer configs matching 10.0.30.59[sun.strongswan.org]...10.0.30.109[moon.strongswan.org] Aug 3 00:34:47 15[CFG] selected peer config 'host-host' Aug 3 00:34:47 15[IKE] authentication of 'moon.strongswan.org' with pre-shared key successful Aug 3 00:34:47 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Aug 3 00:34:47 15[IKE] peer supports MOBIKE Aug 3 00:34:47 15[IKE] authentication of 'sun.strongswan.org' (myself) with pre-shared key Aug 3 00:34:47 15[IKE] IKE_SA host-host[1] established between 10.0.30.59[sun.strongswan.org]...10.0.30.109[moon.strongswan.org] Aug 3 00:34:47 15[IKE] scheduling reauthentication in 3416s Aug 3 00:34:47 15[IKE] maximum IKE_SA lifetime 3596s Aug 3 00:34:47 15[KNL] algorithm AES_GCM_16 not supported by kernel! Aug 3 00:34:47 15[KNL] algorithm AES_GCM_16 not supported by kernel! Aug 3 00:34:47 15[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel Aug 3 00:34:47 15[IKE] failed to establish CHILD_SA, keeping IKE_SA Aug 3 00:34:47 15[KNL] unable to delete SAD entry with SPI c07a87b4: No such file or directory (2) Aug 3 00:34:47 15[KNL] unable to delete SAD entry with SPI c653554a: No such file or directory (2) Aug 3 00:34:47 15[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_6_ADDR) N(NO_PROP) ] Aug 3 00:34:47 15[NET] sending packet: from 10.0.30.59[4500] to 10.0.30.109[4500] (159 bytes) I know that pfsense has moved from racoon to strongswan as their ike-daemon, iirc mainly because of strongswans ikev2 daemon and their GCM support. I'm going to try and have a look what changes pfsense may have made to strongswan to support GCM on FreeBSD, although i should probably mention, i am not very experienced at this. On 02 Aug 2015, at 05:53, John-Mark Gurney j...@funkthat.com wrote: Sydney Meyer wrote this message on Sun, Aug 02, 2015 at 04:03 +0200: i have tried your patches from your ipsecgcm branch. The build completes, boots fine and indeed, dmesg shows aesni0: AES-CBC,AES-XTS,AES-GCM,AES-ICM on motherboard. Yeh, these patches are more about getting IPsec to work w/ the modes that aesni now supports... I'm going to try out the new cipher modes
Re: IPSEC stop works after r285336
On 25 Jul 2015, at 1:51, Alexandr Krivulya wrote: 25.07.2015 00:38, John-Mark Gurney пишет: Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300: I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see only outgoing esp packets on ng interface: This change is -stable, not -current, but the change referenced below is -current... Which one are you running? Also, the only ipsec related change after r285535 is r285770, though that probably won't effect it... Could you possibly narrow the change that broke things? root@thinkpad:/usr/src # tcpdump -i ng0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ng0, link-type NULL (BSD loopback), capture size 262144 bytes 10:35:27.331886 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9a5), length 140 10:35:28.371707 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9a6), length 140 10:35:29.443536 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9a7), length 140 10:35:30.457370 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9a8), length 140 10:35:31.475606 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9a9), length 140 10:35:31.622315 IP 10.10.10.1.isakmp 10.10.10.2.isakmp: isakmp: phase 2/others ? inf[E] 10:35:31.622544 IP 10.10.10.2.isakmp 10.10.10.1.isakmp: isakmp: phase 2/others ? inf[E] 10:35:31.622658 IP 10.10.10.2.isakmp 10.10.10.1.isakmp: isakmp: phase 2/others ? inf[E] 10:35:31.623933 IP 10.10.10.1.isakmp 10.10.10.2.isakmp: isakmp: phase 2/others ? inf[E] 10:35:32.492349 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9aa), length 140 10:35:33.509346 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9ab), length 140 10:35:34.527187 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9ac), length 140 10:35:35.539600 IP 10.10.10.2 10.10.10.1: ESP(spi=0x03081e58,seq=0x9ad), length 140 With r285535 all works fine. Right commit is in subject - r285336. There were two IPsec related commits after 285336. Either 285347 or 285526 could be the fix. If you're OK after those two commits then the system is in correct working order. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: geli AES-XTS provider attachment broken after r285336 (was: svn commit: r285336 - in head/sys: netipsec opencrypto)
On 11 Jul 2015, at 15:27, O. Hartmann wrote: Am Sat, 11 Jul 2015 19:04:07 +0200 Fabian Keil freebsd-lis...@fabiankeil.de schrieb: Matthew D. Fuller fulle...@over-yonder.net wrote: On Thu, Jul 09, 2015 at 06:16:36PM + I heard the voice of George V. Neville-Neil, and lo! it spake thus: New Revision: 285336 URL: https://svnweb.freebsd.org/changeset/base/285336 Log: Add support for AES modes to IPSec. These modes work both in software only mode and with hardware support on systems that have AESNI instructions. With (apparently) this change, I can trigger a panic at will by running % geli onetime -e AES-XTS -d /dev/ada0s1 Thanks for the heads-up. As it wasn't obvious to me: the commit broke attachment of AES-XTS providers in general. Reverting it lets my test system boot again. Fabian Running CURRENT on several Intel platforms, using swap.eli on all systems is usual to my setups. On modern hardware, say = Intel i7 architectures (with or without AES-NI), I didn't recognize a panic at all but in one case a core i3 starts swapping dies immediately. Another box, a dual core XEON Core2 Duo based architecture without AES-NI fails booting immediately after I see the mounting and initialising of swap.eli. Maybe this observation is of use. This was addressed by jmg@ in: 285526 Best, George signature.asc Description: OpenPGP digital signature
Re: freebsd perf testing
On Nov 10, 2013, at 19:22 , Tim Kientzle t...@kientzle.com wrote: On Nov 10, 2013, at 1:05 PM, Erik Cederstrand erik+li...@cederstrand.dk wrote: Imagine being able to fetch a VirtualBox disk image for a random SVN commit, booting it and start debugging right away. I’ve been working on Crochet’s support for building VMWare images recently and have started using that approach to iterate my dev environment (using one VM to build a new VM instead of upgrading in place). Sorry to come in late. All this sounds good, and I’d like to point out that the project has network testing hardware in place, if people want to use it for these types of experiments. In the absence of a lab just for regression testing (which is also in the works) I’d suggest that prototyping be done here: https://wiki.freebsd.org/TestClusterOnePointers Anyone who is a FreeBSD committer can get access, and those who want access but are not yet committers should contact me so we can try to work something out. Best, George signature.asc Description: Message signed with OpenPGP using GPGMail
Re: axing KAME interface ioctls
On Nov 5, 2013, at 7:02 , Gleb Smirnoff gleb...@freebsd.org wrote: On Tue, Nov 05, 2013 at 03:01:14PM +0400, Gleb Smirnoff wrote: T Hello. T T Since 1999 we have got some dead code from KAME, namely support for these T ioctls: T TSIOCALIFADDR TSIOCGLIFADDR TSIOCDLIFADDR TSIOCSLIFPHYADDR TSIOCGLIFPHYADDR T T We don not have any software in base that use (or used) them. The ports T exp-run with SIOC.LIFADDR undefined didn't reveal any port that use them. T I forgot to add SIOC.LIFPHYADDR to exp-run, but pretty sure these are unused, T too. T T What did this ioctls do? They are KAME version of SIOCAIFADDR, and T SIOCSIFPHYADDR respectively. Some operating systems (at least HPUX) T have adopted them, and some software may use them on these systems. T Anyway, in FreeBSD all software always used our native ioctls. T T I hope there is no objections against axing these in head/. Patch attached. Please do. Best, George signature.asc Description: Message signed with OpenPGP using GPGMail
Anyone looking at Intel Rapid Start?
Howdy, Anyone looking into this? http://software.intel.com/en-us/articles/what-is-intel-rapid-start-technology Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Folks using Apache 2 ought to be interested in this DTrace module...
https://github.com/davepacheco/mod_usdt I've no time to port this but it ought to be straight forward and would be interesting to those serving up lots of Apache on FreeBSD. If someone wants to hack on it and have me review it, I can do that. Best, George signature.asc Description: Message signed with OpenPGP using GPGMail
Re: Boot crash with HEAD on Thinkpad X220...
On Feb 25, 2013, at 21:33 , George Neville-Neil g...@neville-neil.com wrote: Howdy, This has been happening since I updated on Saturday. I updated my tree today (Monday) as well: http://people.freebsd.org/~gnn/X220bootcrash25Feb2013.jpg The system boots and works well enough to connect to the network and build a new kernel if I use safe mode. Thoughts? Happily jhb@ pointed out that there was an issue in binutils recently. A buildworld plus buildkernel on bits from HEAD on 28 Feb did the trick and all is well again. Best, George signature.asc Description: Message signed with OpenPGP using GPGMail
Boot crash with HEAD on Thinkpad X220...
Howdy, This has been happening since I updated on Saturday. I updated my tree today (Monday) as well: http://people.freebsd.org/~gnn/X220bootcrash25Feb2013.jpg The system boots and works well enough to connect to the network and build a new kernel if I use safe mode. Thoughts? Best, George signature.asc Description: Message signed with OpenPGP using GPGMail
Re: boot2/loader: serial port handling
On Oct 18, 2012, at 14:48 , Doug Ambrisko ambri...@ambrisko.com wrote: On Fri, Oct 12, 2012 at 05:13:47PM -0700, Garrett Cooper wrote: | On Fri, Oct 12, 2012 at 5:09 PM, Xin Li delp...@delphij.net wrote: | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA256 | | ... | | Ah I wish I am not this far behind my email backlog. Yes I think | these (241300 and 241301) will solve the problem. | | Yeah -- forgot about the other one. There's another enhancement | that would make this even better (apart from maybe having multiple | primary consoles): setting the primary console if present and having | fallbacks in the event that the original primary wasn't set or | configurable; it was a thing that was present in another project I | worked on with sio that was pretty slick (and I think that there would | be some parties who wouldn't mind if the same was done with uart(4)). This concept was objected to when I checked it into sio(4) so I had to back it out. Some liked it. I have ported it to uart(4) since we need that functionality when we moved to a newer FreeBSD. BTW, sorry to come in late on the thread. Would this cause the loader to reset the machine? On a box in my work testlab I have not been able to use a recent /boot/loader for a few weeks. I get to the BIOS drive C: is disk0 bit and BOOM. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Java and NIO?
On Jul 5, 2012, at 10:38 , George Neville-Neil wrote: On Jul 4, 2012, at 15:49 , Greg Lewis wrote: On Tue, Jul 03, 2012 at 11:38:23AM -0700, Waitman Gobble wrote: g...@freebsd.org wrote .. Howdy, Can someone tell me if anyone is working on this Java NIO bug? http://freebsd.1045724.n5.nabble.com/i386-159787-openjdk-1-6-nio-muti-thread-bug-td4700530.html I would like to avoid using Linux just to run Zookeeper: http://zookeeper-user.578899.n2.nabble.com/What-s-the-problem-with-nio-on-FreeBSD-td5208183.html Hi George, There is/was a patch from David Xu http://lists.freebsd.org/pipermail/freebsd-java/2010-August/008747.html maybe this fixes it? This patch was incorporated into the openjdk6 port soon after it was posted. However, I can still reproduce the problem. Using -Djava.nio.channels.spi.SelectorProvider=sun.nio.ch.KqueueSelectorProvider makes no difference. also looks like New I/O was updated in jdk7... but would have to check it out to see if issue still exists.. I can't reproduce the problem with the current openjdk7 port. I haven't tried out Zookeeper though, so YMMV. I would say it's definitely worth a try though. I don't believe anyone is currently working on a fix for the openjdk6 port for this. I'm going to give zookeeper a try with openjdk7. Thanks! A followup. zookeeper is now ported to Freebsd (/usr/ports/devel/zookeeper) Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Java and NIO?
On Jul 8, 2012, at 22:39 , Doug Barton wrote: On 07/08/2012 19:33, George Neville-Neil wrote: A followup. zookeeper is now ported to Freebsd (/usr/ports/devel/zookeeper) George, did you see the PR and the followup from me regarding the port? I got a mail from jgh@ but only today figured out what the PR was. I'll look at the patches from him tomorrow. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Java and NIO?
On Jul 4, 2012, at 15:49 , Greg Lewis wrote: On Tue, Jul 03, 2012 at 11:38:23AM -0700, Waitman Gobble wrote: g...@freebsd.org wrote .. Howdy, Can someone tell me if anyone is working on this Java NIO bug? http://freebsd.1045724.n5.nabble.com/i386-159787-openjdk-1-6-nio-muti-thread-bug-td4700530.html I would like to avoid using Linux just to run Zookeeper: http://zookeeper-user.578899.n2.nabble.com/What-s-the-problem-with-nio-on-FreeBSD-td5208183.html Hi George, There is/was a patch from David Xu http://lists.freebsd.org/pipermail/freebsd-java/2010-August/008747.html maybe this fixes it? This patch was incorporated into the openjdk6 port soon after it was posted. However, I can still reproduce the problem. Using -Djava.nio.channels.spi.SelectorProvider=sun.nio.ch.KqueueSelectorProvider makes no difference. also looks like New I/O was updated in jdk7... but would have to check it out to see if issue still exists.. I can't reproduce the problem with the current openjdk7 port. I haven't tried out Zookeeper though, so YMMV. I would say it's definitely worth a try though. I don't believe anyone is currently working on a fix for the openjdk6 port for this. I'm going to give zookeeper a try with openjdk7. Thanks! Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: [RFT] llquantize for FreeBSD's dtrace
On Jun 26, 2012, at 15:06 , Fabian Keil wrote: Pedro Giffuni p...@freebsd.org wrote: --- Mar 26/6/12, Mark Peek m...@freebsd.org ha scritto: Try this, change the assert on line 1429 in file dt_cc.c from: assert(!(arg (UINT16_MAX args[i].shift))); to assert(!(arg ((uint64_t)UINT16_MAX args[i].shift))); This certainly looks correct. Thanks Mark ! I updated the patch: http://people.freebsd.org/~pfg/patches/patch-dtrace-llquantize Thanks a lot. Seems to work for me: And me as well. I tested the example from the web site. Nicely done! Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: DTrace broken on 9.0-Release?
Top post. File a PR and assign it to me (gnn) please. I'm on vacation until Sunday but I am actively working on DTrace when I'm not on vacation. Best, Geo On Jun 14, 2012, at 02:53 , Fabian Keil wrote: Ryan Goodfellow rgood...@eecs.wsu.edu wrote: Today I downloaded and installed FreeBSD 9.0-RELEASE and followed the directions from http://wiki.freebsd.org/DTrace to get DTrace up and running. The output of DTrace instrumenting a simple program, however, is not correct. The program is as follows: // test.cc #includecstdlib int main(void) { for(int i = 0; i 5; i++) { malloc(47); } } then compiling and running DTrace as follows: g++ test.cc -o test dtrace -n 'pid$target::malloc:entry{ }' -c ./test The correct output for this example is something to the tune of: dtrace: description 'pid$target::malloc:entry' matched 2 probes dtrace: pid 95236 has exited CPU IDFUNCTION:NAME 0 188748 malloc:entry 0 188748 malloc:entry 0 188748 malloc:entry 0 188748 malloc:entry 0 188748 malloc:entry (this from a machine with the same code running DTrace) The DTrace session should also make an immediate exit on completion. On FreeBSD I have the following CPU IDFUNCTION:NAME 2 42213 malloc:entry and the execution does either not exit on it's own or hangs, it requires a ctrl-c. Doesn't work for me either on 10-CURRENT amd64. Converting it to C doesn't make a difference, it works if one changes the loop to for (;;), though. I followed the instructions from the FreeBSD site exactly, compiling and installing the custom kernel. I used both clang++ and g++ for compilation with the same result. The system has even completely hung on other attempts. Is DTrace not something that should be relied upon in FreeBSD? I have also tried this on the latest 10-CURRENT build with the same result. In my opinion the problem with DTrace on FreeBSD is that while it's known to be incomplete, there doesn't seem to be documentation available about which parts are supposed to work already and which aren't. For example the trivial example program at: http://wiki.freebsd.org/DTrace/userland (which works for me) doesn't actually use a counting loop, so maybe dtracing your example program isn't supposed to work yet and never did on FreeBSD. Without documentation it's hard to tell. Fabian ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Rudimentary DTrace IO provider going in in one week...
Howdy, I'd really like this code: http://people.freebsd.org/~gnn/dtio_provider_2.diff to get some review before I commit it to HEAD. In particular I'd like people to try and test it but also I want to know: *) Is the code organization correct? The way that DTrace was imported had some issues and I don't fix them here. *) Are people OK with the module names? I did what DTrace on Solaris did because that makes using scripts in the DTraceToolkit an the DTrace book easier. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: more network performance info: ether_output()
On Apr 20, 2012, at 15:03 , Luigi Rizzo wrote: Continuing my profiling on network performance, another place were we waste a lot of time is if_ethersubr.c::ether_output() In particular, from the beginning of ether_output() to the final call to ether_output_frame() the code takes slightly more than 210ns on my i7-870 CPU running at 2.93 GHz + TurboBoost. In particular: - the route does not have a MAC address (lle) attached, which causes arpresolve() to be called all the times. This consumes about 100ns. It happens also with locally sourced TCP. Using the flowtable cuts this time down to about 30-40ns - another 100ns is spend to copy the MAC header into the mbuf, and then check whether a local copy should be looped back. Unfortunately the code here is a bit convoluted so the header fields are copied twice, and using memcpy on the individual pieces. Note that all the above happens not just with my udp flooding tests, but also with regular TCP traffic. Hi Luigi, I'm really glad you're working on this. I may have missed this in a thread but are you tracking these somewhere so we can pick them up and fix them? Also, how are you doing the measurements. Sorry, if these have been answered before. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: more network performance info: ether_output()
On May 1, 2012, at 11:40 , Luigi Rizzo wrote: On Tue, May 01, 2012 at 10:27:42AM -0400, George Neville-Neil wrote: On Apr 20, 2012, at 15:03 , Luigi Rizzo wrote: Continuing my profiling on network performance, another place were we waste a lot of time is if_ethersubr.c::ether_output() In particular, from the beginning of ether_output() to the final call to ether_output_frame() the code takes slightly more than 210ns on my i7-870 CPU running at 2.93 GHz + TurboBoost. In particular: - the route does not have a MAC address (lle) attached, which causes arpresolve() to be called all the times. This consumes about 100ns. It happens also with locally sourced TCP. Using the flowtable cuts this time down to about 30-40ns - another 100ns is spend to copy the MAC header into the mbuf, and then check whether a local copy should be looped back. Unfortunately the code here is a bit convoluted so the header fields are copied twice, and using memcpy on the individual pieces. Note that all the above happens not just with my udp flooding tests, but also with regular TCP traffic. Hi Luigi, I'm really glad you're working on this. I may have missed this in a thread but are you tracking these somewhere so we can pick them up and fix them? Also, how are you doing the measurements. The measurements are done with tools/tools/netrate/netsend and kernel patches to return from sendto() at various places in the stack (from the syscall entry point down to the device driver). A patch is attached. You don't really need netmap to run it, it was just a convenient place to put the variables. I am not sure how much we can fix, there are multiple expensive functions on the tx path, and probably also on the rx path. My hope at least for the tx path is that we can find out a way to install a fastpath handler in the socket. When there is no handler installed (e.g. on the first packet or unsupported protocols/interfaces) everything works as usual. Then when the packet reaches the bottom of the stack, we try to update the socket with a copy of the headers generated in the process, and the name of the fastpath function to be called. Next transmissions will then be able to shortcut the stack and go straight to the device output routine. I don't have data on the receive path or good ideas on how to proceed -- the advantage of the tx path is that traffic is implicitly classified, whereas it might not be the case for incoming traffic, and classification might be the expensive step. Hopefully we'll have time to discuss this next week in ottawa. Yes, I think we should. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: RFC: FUSE kernel module for the kernel...
On Mar 8, 2012, at 17:54 , Konstantin Belousov wrote: I just took a very quick look, and the code has all usual bugs. E.g., the filesystem is marked mpsafe, while insmntque() is performed before new vnode is initialized. The fuse was known to cause random kernel memory corruption, were the issues identified and fixed ? They are being identified and fixed as we speak. I fixed a couple yesterday. Who is going to maintain the code ? I once objected strongly for throwing the fuse into svn without first fixing bugs, and having a maintainer. I'm planning to maintain the code. As bugs arise I will take care of them. I've been using fsx to seek them out. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: RFC: FUSE kernel module for the kernel...
On Mar 9, 2012, at 04:48 , Gustau Pérez wrote: On 08/03/2012 22:20, George Neville-Neil wrote: Howdy, I've taken the GSoC work done with the FUSE kernel module, and created a patch against HEAD which I have now subjected to testing using tools/regression/fsx. The patch is here: http://people.freebsd.org/~gnn/head-fuse-1.diff I would like to commit this patch in the next few days, so, please, if you care about this take a look and get back to me. Thanks, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org When this GSoC was going on, I asked Hans Peter Selasky (the mentor) and Ilya to try the code, because I thought the project would be very useful to me (mostly in the server side, there are a few distributed/parallel filesystems using fuse). The code was not finished at the time the GSoC ended. So it does work with some filesystems, with some others doesn't. Is this the last version Ilya released for the GSoC? Yes, with fixes. It's based off of here: https://github.com/glk/fuse-freebsd Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
RFC: FUSE kernel module for the kernel...
Howdy, I've taken the GSoC work done with the FUSE kernel module, and created a patch against HEAD which I have now subjected to testing using tools/regression/fsx. The patch is here: http://people.freebsd.org/~gnn/head-fuse-1.diff I would like to commit this patch in the next few days, so, please, if you care about this take a look and get back to me. Thanks, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
A patch for a bug in the dtrace command...
Hi, I have found that the dtrace command on FreeBSD, in both STABLE and HEAD, does not print out aggregations properly, likely due to the difference in how Solaris and FreeBSD signals work. For example, this one liner will give no output: sudo dtrace -n 'syscall:::entry { @[execname] = quantize(arg0); }' While is should print this: dtrace -n 'syscall:::entry { @[execname] = quantize(arg0); }' dtrace: description 'syscall:::entry ' matched 1028 probes ^C nrpe2 value - Distribution - count 2 | 0 4 | 12 8 | 0 sshd value - Distribution - count 0 | 0 1 |@@ 5 2 |@@ 7 4 | 0 8 | 8 16 | 0 etc. I have made the following patch, but I'd be interested in people testing and commenting on it. Best, George dtrace.c.signal.diff Description: Binary data ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: Profiling code execution on amd64?
On Jan 13, 2011, at 23:05 , Steve Kargl wrote: On Thu, Jan 13, 2011 at 10:08:30PM -0500, Ryan Stone wrote: I would suggest using hwpmc for profiling: # kldload hwpmc # pmcstat -S unhalted-cycles -O /tmp/samples.out ../penetration # pmcstat -R /tmp/samples.out -G /tmp/penetration.txt You can also get pmcstat to generate gprof-compatible output with -g, but I never use the mode so I'm really not sure what it gives you. I think that you have to run gprof on the output or something, but don't hold me to that. Thanks. I'll give it a try, but my initial attempt seems to indicate that one needs to be root to use hwpmc. laptop:kargl[210] pmcstat -S unhalted-cycles -O /tmp/samples.out ../penetration pmcstat: ERROR: Cannot allocate system-mode pmc with specification unhalted-cycles: Operation not permitted You only need to be root to profile the kernel or someone else's process. This tutorial might help: www.dcbsdcon.org/speakers/slides/neville-neil_dcbsdcon2009.pdf Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: aperf/mperf
On Nov 18, 2010, at 07:32 , Andriy Gapon wrote: on 18/11/2010 05:53 George Neville-Neil said the following: On Nov 16, 2010, at 09:37 , Andriy Gapon wrote: Many modern processors provide APERF and MPERF MSRs which allow to easily and reliable calculate average CPU performance level over some interval of time. This also allows to notice things like performance boost, which is generally hidden from software. What would be a proper place to add code that would measure APERF/MPERF ratio? When should trigger such a measurement and over what interval? Ideas? Can you point me at documentation for this? This sounds a lot like hwpmc(4) and I wonder if we can make these available in the same way. Actually it feels more cpufreq-ish to me. This feature is documented in, e.g., Intel Software Developer's Manual volume 3A, section 14.2 P-STATE HARDWARE COORDINATION. Ah, yes, quite right on cpufreq etc. Thanks for the documentation pointer though. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: aperf/mperf
On Nov 16, 2010, at 09:37 , Andriy Gapon wrote: Many modern processors provide APERF and MPERF MSRs which allow to easily and reliable calculate average CPU performance level over some interval of time. This also allows to notice things like performance boost, which is generally hidden from software. What would be a proper place to add code that would measure APERF/MPERF ratio? When should trigger such a measurement and over what interval? Ideas? Can you point me at documentation for this? This sounds a lot like hwpmc(4) and I wonder if we can make these available in the same way. Best, George ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
hwpmc on Intel Core architectures fixed counters patch
Howdy, If anyone is using hwpmc on core architectures, i.e. Core, Core2, Nehalem, Westmere, can you please test the following patch which fixes occasional panics of this code on those processors? The specific bug address comes when sampling the IAF (Fixed Function) counters which are: IAF INSTR_RETIRED_ANY CPU_CLK_UNHALTED_CORE CPU_CLK_UNHALTED_REF I plan to commit this to HEAD this week. I have tested it on HEAD and 7.X. Thanks, George head-iaf-wrmsr.patch Description: Binary data ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Newbie question...
Hi, I'm just starting to work with FreeBSD-Current so I can add some software back into the mix. I've read the handbook, and the FAQ (and I've been a Unix, and Real Time developer for many years so I'm not new to programming) but I have a few questions that don't seem to be in the documentation: 1) How do I do development and not overwrite my work when cvsup'ing? 2) How do I know when cvsuping will NOT trash my current setup? It would be cool if a "last known good source tree" were stored somewhere. I ask this because I sup'd this morning and got toasted and had to sup/build again. 3) Is there a guide on using CVS with CVSup (the man page is not particularly helpful) so that I can have a CVS tree that is updated by cvsup? Thanks, George To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message