From owner-freebsd-stable@freebsd.org Sun Jun 5 11:04:49 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC940B69C4B for ; Sun, 5 Jun 2016 11:04:49 +0000 (UTC) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from saturn.lyxys.ka.sub.org (saturn.lyxys.ka.sub.org [217.29.35.151]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5D78D1936 for ; Sun, 5 Jun 2016 11:04:48 +0000 (UTC) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from juno.lyxys.ka.sub.org (juno.lyx [IPv6:fd2a:89ca:7d54:0:240:caff:fe92:4f47]) by saturn.lyxys.ka.sub.org (8.15.2/8.15.2) with ESMTPS id u55AaQxt004298 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=FAIL) for ; Sun, 5 Jun 2016 12:36:28 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) Received: from juno.lyxys.ka.sub.org (localhost [127.0.0.1]) by juno.lyxys.ka.sub.org (8.15.2/8.15.2) with ESMTPS id u55AaQEe082082 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 5 Jun 2016 12:36:26 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) Received: (from wolfgang@localhost) by juno.lyxys.ka.sub.org (8.15.2/8.15.2/Submit) id u55AaQAN082081 for freebsd-stable@freebsd.org; Sun, 5 Jun 2016 12:36:26 +0200 (CEST) (envelope-from wolfgang@lyxys.ka.sub.org) X-Authentication-Warning: juno.lyx: wolfgang set sender to wolfgang@lyxys.ka.sub.org using -f Date: Sun, 5 Jun 2016 12:36:26 +0200 From: Wolfgang Zenker To: freebsd-stable@freebsd.org Subject: How is ntp leapfile update supposed to work? Message-ID: <20160605103626.GA81945@lyxys.ka.sub.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: private site User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (saturn.lyxys.ka.sub.org [IPv6:fd2a:89ca:7d54:1:200:24ff:feca:b4cc]); Sun, 05 Jun 2016 12:36:28 +0200 (CEST) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jun 2016 11:04:49 -0000 Hi, after rebooting my ntp-server into FreeBSD 10.3-p5 I find a message in dmesg reading leapsecond file ('/var/db/ntpd.leap-seconds.list'): expired less than 5 days ago Looking through /etc/periodic I find daily/480.leapfile-ntpd which updates the leapfile if daily_ntpd_leapfile_enable is set. daily_ntpd_leapfile_enable defaults to "NO". How is it supposed to work? Do I enable daily_ntpd_leapfile_enable on all hosts running ntpd? Or just on the server that the other systems use for synchroising? Or not at all? Greetings, Wolfgang From owner-freebsd-stable@freebsd.org Sun Jun 5 12:20:07 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2127B6954A for ; Sun, 5 Jun 2016 12:20:07 +0000 (UTC) (envelope-from prvs=096488a553=ari@ish.com.au) Received: from mail11.tpgi.com.au (smtp-out11.tpgi.com.au [220.244.226.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.tpg.com.au", Issuer "RapidSSL SHA256 CA - G3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 39E7E1F0F for ; Sun, 5 Jun 2016 12:20:05 +0000 (UTC) (envelope-from prvs=096488a553=ari@ish.com.au) X-TPG-Junk-Status: Message not scanned X-TPG-Antivirus: Passed X-TPG-Abuse: host=[202.161.115.54]; ip=202.161.115.54; date=Sun, 5 Jun 2016 22:05:41 +1000 Received: from fish.ish.com.au (202-161-115-54.static.tpgi.com.au [202.161.115.54] (may be forged)) by mail11.tpgi.com.au (envelope-from prvs=096488a553=ari@ish.com.au) (8.14.3/8.14.3) with ESMTP id u55C5cYZ014644 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 5 Jun 2016 22:05:41 +1000 Received: from [10.242.2.5] (port=59551 helo=Aristedess-MacBook-Pro.local) by fish.ish.com.au with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1b9WoC-0003Rt-2c for freebsd-stable@freebsd.org; Sun, 05 Jun 2016 22:05:36 +1000 To: freebsd-stable From: Aristedes Maniatis Subject: mariadb/percona cluster choices Message-ID: <801a2f92-291d-462f-f260-a7a993918d56@ish.com.au> Date: Sun, 5 Jun 2016 22:05:35 +1000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4EVRM8HSlwjtgSAJHmgFNbTnnaMfsBc3f" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jun 2016 12:20:07 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4EVRM8HSlwjtgSAJHmgFNbTnnaMfsBc3f Content-Type: multipart/mixed; boundary="186HC3Qn26mlkKcIk25rdtuOJBKvpjRRU" From: Aristedes Maniatis To: freebsd-stable Message-ID: <801a2f92-291d-462f-f260-a7a993918d56@ish.com.au> Subject: mariadb/percona cluster choices --186HC3Qn26mlkKcIk25rdtuOJBKvpjRRU Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Does anyone have recommendations or experience migrating away from MySQL = toward either MariaDB or Percona? I'm not looking for a discussion about the products themselves; there is = plenty on the internet to read about that. But I'm interested in stabilit= y and support on FreeBSD. None of mysql, percona or mariadb have anything= but a fleeting reference to FreeBSD on their sites. And the FreeBSD port= s appear to have a roughly equal set of patches [1] [2] [3], so it doesn'= t appear that any of them have upstreamed patches or perform their own te= sting on FreeBSD. I'm looking to adopt Galera for clustering. Is there anything to recommen= d one over the other with regard to stability on BSD? Do either of Maria = or Percona have a stronger involvement with the FreeBSD community? I know= Oracle isn't big on community :-( Cheers Ari [1] https://reviews.freebsd.org/diffusion/P/browse/head/databases/mysql57= -server/files/ [2] https://reviews.freebsd.org/diffusion/P/browse/head/databases/percona= 56-server/files/ [3] https://reviews.freebsd.org/diffusion/P/browse/head/databases/mariadb= 101-server/files/ --=20 --------------------------> Aristedes Maniatis CEO, ish https://www.ish.com.au GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --186HC3Qn26mlkKcIk25rdtuOJBKvpjRRU-- --4EVRM8HSlwjtgSAJHmgFNbTnnaMfsBc3f Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAldUFY8ACgkQ72p9Lj5JECo7VQCfXOBascTtUYTJN1PfySHGiVYX EuUAnjNbPj3C9UR7ZI4nkf8bgdWY+7hX =0Kpz -----END PGP SIGNATURE----- --4EVRM8HSlwjtgSAJHmgFNbTnnaMfsBc3f-- From owner-freebsd-stable@freebsd.org Sun Jun 5 12:29:11 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19EB9B69ABA for ; Sun, 5 Jun 2016 12:29:11 +0000 (UTC) (envelope-from ganbold@gmail.com) Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D48AF1512 for ; Sun, 5 Jun 2016 12:29:10 +0000 (UTC) (envelope-from ganbold@gmail.com) Received: by mail-oi0-x22c.google.com with SMTP id k23so190038021oih.0 for ; Sun, 05 Jun 2016 05:29:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=i91bpLHZdgj3lR0JnV/6Jupckx0grNQNuASmBEpxM7k=; b=GFdoCYw5WGjEYIBZlhVeElYXUcflwqsfp2Zggk/qL+WhrgV0wcwQ8kHImO1qqGQqI4 +k89eLLHnDNGoOiU5MNJHQhXRCeiGJ4lx+VdYKwAALx1BJ5NxLchzxRQIDOxOV1gRaO5 RpprbJNHEFVf8nDz5X8r5ykYJzb+x7SMjFKMXr9cAwnPQ/uOEP55HjfeE3Yo0Zbc5EBo gqX+/g2HORzqqPV5r8bo+ojWLiLCifCPj9AsHoYmVDvoN4P0uCiDMhtUy9Y7bJpE/Z9w 4PclMg0jp0LFSgKi8hDGwhmy8SnoxlQfk/8A3QaXZuvljqz1DnVHAmH69U7k5U/JHaha /s6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=i91bpLHZdgj3lR0JnV/6Jupckx0grNQNuASmBEpxM7k=; b=NRYoWoj35JiVyYAbW4WUinZ63kR9RE06UWA8LvF8HDN9/hL3SAQNIBawmkAH1wn7TL J0a1ES3Mi7cJ7Sh8kGgTeiJi9saKoKRTVk/UAnniy9dGXHuVo0bIyH/GG6lbxSNrv+RU R9c0h8JHPwtZgV3yss/Ms4xuIbm5pUS+JR4NkNvsu1XQH3FeXQfWRzazhWMXo/Z+L4dK TLyHqG8pTN+XZmaZQyFqa6t7BZxXE1gtcpMM//tsdd6CCVUUGRd1hlCylF37aE0GkjwH zDrtZe+gwfFMLqeafGZoMPUgCsijXU5DMWMU8Q+6BLkM/SYPoysHxuMUz2Uvj6MIBq2N 05Yw== X-Gm-Message-State: ALyK8tIQ8X9Ztn5YnZ89nFuU7Jc5q9bTXKimUn1TKtRlDJFOIOZD8KDofNkda1m8sPSSgVUus/pINGV6+nnUbA== X-Received: by 10.157.44.240 with SMTP id e45mr6411798otd.177.1465129750204; Sun, 05 Jun 2016 05:29:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.51.72 with HTTP; Sun, 5 Jun 2016 05:29:09 -0700 (PDT) In-Reply-To: <801a2f92-291d-462f-f260-a7a993918d56@ish.com.au> References: <801a2f92-291d-462f-f260-a7a993918d56@ish.com.au> From: Ganbold Tsagaankhuu Date: Sun, 5 Jun 2016 21:29:09 +0900 Message-ID: Subject: Re: mariadb/percona cluster choices To: Aristedes Maniatis Cc: freebsd-stable Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jun 2016 12:29:11 -0000 Hi, On Sun, Jun 5, 2016 at 9:05 PM, Aristedes Maniatis wrote: > Does anyone have recommendations or experience migrating away from MySQL > toward either MariaDB or Percona? > > I'm not looking for a discussion about the products themselves; there is > plenty on the internet to read about that. But I'm interested in stability > and support on FreeBSD. None of mysql, percona or mariadb have anything but > a fleeting reference to FreeBSD on their sites. And the FreeBSD ports > appear to have a roughly equal set of patches [1] [2] [3], so it doesn't > appear that any of them have upstreamed patches or perform their own > testing on FreeBSD. > > I'm looking to adopt Galera for clustering. Is there anything to recommend > one over the other with regard to stability on BSD? Do either of Maria I have tried Galera with MariaDB couple of months ago: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208109 Please let me know how it works if you try. thanks, Ganbold > or Percona have a stronger involvement with the FreeBSD community? I know > Oracle isn't big on community :-( > > > Cheers > Ari > > > > [1] > https://reviews.freebsd.org/diffusion/P/browse/head/databases/mysql57-server/files/ > [2] > https://reviews.freebsd.org/diffusion/P/browse/head/databases/percona56-server/files/ > [3] > https://reviews.freebsd.org/diffusion/P/browse/head/databases/mariadb101-server/files/ > > > -- > --------------------------> > Aristedes Maniatis > CEO, ish > https://www.ish.com.au > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A > > From owner-freebsd-stable@freebsd.org Sun Jun 5 13:11:53 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85B10B6A31B for ; Sun, 5 Jun 2016 13:11:53 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: from box-hlm-03.niklaas.eu (box-hlm-03.niklaas.eu [84.22.113.24]) by mx1.freebsd.org (Postfix) with ESMTP id 4D5C5167A for ; Sun, 5 Jun 2016 13:11:52 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: by box-hlm-03.niklaas.eu (Postfix, from userid 1001) id 4FE5A387DF2; Sun, 5 Jun 2016 15:11:46 +0200 (CEST) Date: Sun, 5 Jun 2016 15:11:46 +0200 From: Niklaas Baudet von Gersdorff To: freebsd-stable@freebsd.org Subject: Re: mariadb/percona cluster choices Message-ID: <20160605131146.GA18691@box-hlm-03.niklaas.eu> Mail-Followup-To: freebsd-stable@freebsd.org References: <801a2f92-291d-462f-f260-a7a993918d56@ish.com.au> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jun 2016 13:11:53 -0000 --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ganbold Tsagaankhuu [2016-06-05 21:29 +0900] : > I have tried Galera with MariaDB couple of months ago: >=20 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208109 >=20 > Please let me know how it works if you try. I just wanted to mention that I stumbled upon the same bug: https://lists.launchpad.net/maria-discuss/msg03615.html Niklaas --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXVCUJAAoJEG2fODeJrIU/jV0P/ilxWxghF6BH5Ed7io5AKkW+ VDqY8h1V0RftRf30eNLJq1lHuWhbcBCgbEXuR76yrn2pLjt+y1dgqDv46061+Ufv HkdYpOLivTaK5W/4/Gvb/F25F1HBpf5bOtC/rb4Uqf1diN4UhKCT0/nZ7CMVSCd4 bO1xVzBfKE18XAhxo6254P7dYcZVI4y0UAHCjLN9sIK9drSdtsxKcg51sRvrlMAF miMgorgG8uOxyYlIZl6zIWYe/9WpnydV5XuZDTpio90Jr4wcXeIzHM3XbhXHJ21s 5j2vGjPXwPmLuQie6/OF+gbHH7UnDJopj6FjINy0fxh1DKrktXutV2tJDck/ElWs JpHEC+6ezyQQ3zxMznnCQ4v4JpjYwXHVzJd1DtXq464VLrge96sGj3ktSbgnM6rS RZSRDV9c99nTrCPtUXKDSEtFBhzbNrcXohF0xcxIfQ4NVOhev3RIluW0faWUen/I fHSm2KZokWCFRc0Ws/REqdJqUUDEV+0lVbxLrK1H79QhLybtRMy3C+znrd8HX/Kl ZeXcElzjxqqZ0jVZx3CyhkLW/WEtNBjlCQebWoh0an/jnMLaW7rxNNUSpy+xWk3Q RHD15ydbr3/3TUTTUGrF0NKGLsRrzJdymbMjbl6HMcXVHC/7lpQA3B9RoDJUQuC2 uE9aZAJJc2bJAVXb+hH4 =531O -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- From owner-freebsd-stable@freebsd.org Mon Jun 6 11:12:01 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86CCDB6D476 for ; Mon, 6 Jun 2016 11:12:01 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: from box-hlm-03.niklaas.eu (box-hlm-03.niklaas.eu [IPv6:2a02:2770:6:0:21a:4aff:feaa:e902]) by mx1.freebsd.org (Postfix) with ESMTP id 4D1B91F25 for ; Mon, 6 Jun 2016 11:12:01 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: by box-hlm-03.niklaas.eu (Postfix, from userid 1001) id 2A345387DF2; Mon, 6 Jun 2016 13:11:59 +0200 (CEST) Date: Mon, 6 Jun 2016 13:11:59 +0200 From: Niklaas Baudet von Gersdorff To: freebsd-stable@freebsd.org Subject: Re: mariadb/percona cluster choices Message-ID: <20160606111159.GB37483@box-hlm-03.niklaas.eu> Mail-Followup-To: freebsd-stable@freebsd.org References: <801a2f92-291d-462f-f260-a7a993918d56@ish.com.au> <20160605131146.GA18691@box-hlm-03.niklaas.eu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="w7PDEPdKQumQfZlR" Content-Disposition: inline In-Reply-To: <20160605131146.GA18691@box-hlm-03.niklaas.eu> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 11:12:01 -0000 --w7PDEPdKQumQfZlR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Niklaas Baudet von Gersdorff [2016-06-05 15:11 +0200] : > Ganbold Tsagaankhuu [2016-06-05 21:29 +0900] : >=20 > > I have tried Galera with MariaDB couple of months ago: > >=20 > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208109 > >=20 > > Please let me know how it works if you try. >=20 > I just wanted to mention that I stumbled upon the same bug: >=20 > https://lists.launchpad.net/maria-discuss/msg03615.html Anyway, as the others I am quite interested in alternatives. Maybe someone was able to configure Percona successfully..? Niklaas --w7PDEPdKQumQfZlR Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXVVp4AAoJEG2fODeJrIU/OosP/0CX0KPRtXLXBD+o5HfaDF3z xsvbOF66veP7r6o0OY3GZDCbBU/PQ4IfYmbcI9qP9bR82WxySfp9oNUBXMohldkl 6bjs+tdn7ry0B9TbceOlynURZU+ImggiO0mfhqINfh5rXTA4YoQoedVEBKR3a/v6 18LhASad/ggp/3YKnmufl07BMvGpbwl4FC28/LQaLLNQVd9OtxtWKmvSucZt/Muj DQBHlHAwG1mmp3YMLAj5sl2h8F7CkbTNtgbLZLHFYMuyR7StrmgJGj+6SGF4uC44 U/kgqQ8sP/fbjydfzC6BGa3b498nNaBi7V38c6f4zaFR2THGWFS1B+YCAGMAozTy sr6hGChLjj+2OcPucditmyetAn1XCmnZXhv/I8789vOQhW4im5Nw4OsKeZsSC/mG RvU/SEw8Hy/O/PEvg3yZbZ4BPxcVmj6aGb3sGHDNZOR3SkiagJBX9ANh7mXT3mQX nLY9WA6sIzm73Ps69BqOBuyKoXd1PPeJmlLXmlsOkwLruBIfV2+ExSv488n5MK+j uCx+T+jjXFMmCJkBWk/5JPPgnTIS4ItfMpX9AKfdizLD0d/tNjBuVhsc/3RwiLk6 kPiZqT3PyIxlaCes+CDXKUOngUOHABe80Hz8Aq+SK+fY4NvhSLdA842MpXfMtkms 8t8UrA4LANmNfAj2a6Yz =3KxG -----END PGP SIGNATURE----- --w7PDEPdKQumQfZlR-- From owner-freebsd-stable@freebsd.org Mon Jun 6 13:33:20 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18DF3B6B4D9 for ; Mon, 6 Jun 2016 13:33:20 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 075A01E2A for ; Mon, 6 Jun 2016 13:33:20 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: by mailman.ysv.freebsd.org (Postfix) id 06ACDB6B4D8; Mon, 6 Jun 2016 13:33:20 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0657AB6B4D7 for ; Mon, 6 Jun 2016 13:33:20 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id D94DA1E29 for ; Mon, 6 Jun 2016 13:33:19 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from lowell-desk.lan (router.lan [172.30.250.2]) by be-well.ilk.org (Postfix) with ESMTP id 4E3CB33C22; Mon, 6 Jun 2016 09:33:03 -0400 (EDT) Received: by lowell-desk.lan (Postfix, from userid 1147) id F315239828; Mon, 6 Jun 2016 09:33:02 -0400 (EDT) From: Lowell Gilbert To: Slawa Olhovchenkov To: stable@freebsd.org Subject: Re: unbound and ntp issuse References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> Reply-To: stable@freebsd.org Date: Mon, 06 Jun 2016 09:33:02 -0400 In-Reply-To: <20160603191523.GE75630@zxy.spb.ru> (Slawa Olhovchenkov's message of "Fri, 3 Jun 2016 22:15:24 +0300") Message-ID: <44y46ie92p.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 13:33:20 -0000 Slawa Olhovchenkov writes: > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert wrote: > >> Slawa Olhovchenkov writes: >> >> > Default install with local_unbound and ntpd can't be functional with >> > incorrect date/time in BIOS: >> > >> > Unbound requred correct time for DNSSEC check and refuseing queries >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to prime >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") >> > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf -- only >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- can't >> > resolve (see above, about DNSKEY). >> >> I can't see how this would happen. DNSSEC doesn't seem to be required in >> a regular install as far as I can see. Certainly I don't have any > > I don't know reasson for enforcing DNSSEC in regular install. > I am just select `local_unbound` at setup time and enter `127.0.0.1` as > nameserver address. That's not enough to configure unbound as a fully recursive DNS server. If your system gets its address through DHCP, it is probably getting DNS server addresses as well, and would work fine *without* your configuring any of the DNS state. >> problem on any of my systems, and I've never configured an anchor on the >> internal systems. >> >> > IMHO, ntp.conf need to include some numeric IP of public ntp servers. >> >> Ouch; that's a terrible idea, for several different reasons. > > What else? All the normal reasons that hard-coding IP addresses is a bad idea; they can change, you're encouraging a lot of people to use the same ones, etc. From owner-freebsd-stable@freebsd.org Mon Jun 6 14:15:30 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2540B6D187 for ; Mon, 6 Jun 2016 14:15:30 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id B0EF218DF for ; Mon, 6 Jun 2016 14:15:30 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id B02F2B6D186; Mon, 6 Jun 2016 14:15:30 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFD0BB6D184 for ; Mon, 6 Jun 2016 14:15:30 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7343518DE for ; Mon, 6 Jun 2016 14:15:30 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1b9uv4-000PkJ-I8 for stable@freebsd.org; Mon, 06 Jun 2016 16:50:18 +0300 Date: Mon, 6 Jun 2016 16:50:18 +0300 From: Slawa Olhovchenkov To: stable@freebsd.org Subject: Re: unbound and ntp issuse Message-ID: <20160606135018.GL75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44y46ie92p.fsf@lowell-desk.lan> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 14:15:30 -0000 On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: > Slawa Olhovchenkov writes: > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert wrote: > > > >> Slawa Olhovchenkov writes: > >> > >> > Default install with local_unbound and ntpd can't be functional with > >> > incorrect date/time in BIOS: > >> > > >> > Unbound requred correct time for DNSSEC check and refuseing queries > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to prime > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") > >> > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf -- only > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- can't > >> > resolve (see above, about DNSKEY). > >> > >> I can't see how this would happen. DNSSEC doesn't seem to be required in > >> a regular install as far as I can see. Certainly I don't have any > > > > I don't know reasson for enforcing DNSSEC in regular install. > > I am just select `local_unbound` at setup time and enter `127.0.0.1` as > > nameserver address. > > That's not enough to configure unbound as a fully recursive DNS > server. What I am missing? Need to fix unbound setup scripts? bsdinstall scripts? As I see unbound setup scripts detects 127.0.0.1 in resolv.conf and configured unbound as fully recursive DNS server. > If your system gets its address through DHCP, it is probably > getting DNS server addresses as well, and would work fine *without* your > configuring any of the DNS state. I am have static address and don't getting DNS server address. > >> problem on any of my systems, and I've never configured an anchor on the > >> internal systems. > >> > >> > IMHO, ntp.conf need to include some numeric IP of public ntp servers. > >> > >> Ouch; that's a terrible idea, for several different reasons. > > > > What else? > > All the normal reasons that hard-coding IP addresses is a bad idea; they > can change, you're encouraging a lot of people to use the same ones, etc. And how to resolve this issuse: - default install with unbound as recursive DNS server (by default enforcing DNSSEC) - ntp time synchronisation - stale CMOS time (2008 year) From owner-freebsd-stable@freebsd.org Mon Jun 6 14:27:52 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66F4AB6D53E for ; Mon, 6 Jun 2016 14:27:52 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: from box-hlm-03.niklaas.eu (box-hlm-03.niklaas.eu [84.22.113.24]) by mx1.freebsd.org (Postfix) with ESMTP id 35789120C for ; Mon, 6 Jun 2016 14:27:51 +0000 (UTC) (envelope-from stdin@niklaas.eu) Received: by box-hlm-03.niklaas.eu (Postfix, from userid 1001) id 07CC0387DF2; Mon, 6 Jun 2016 16:27:44 +0200 (CEST) Date: Mon, 6 Jun 2016 16:27:43 +0200 From: Niklaas Baudet von Gersdorff To: freebsd-stable@freebsd.org Subject: Re: mariadb/percona cluster choices Message-ID: <20160606142743.GC37483@box-hlm-03.niklaas.eu> Mail-Followup-To: freebsd-stable@freebsd.org References: <801a2f92-291d-462f-f260-a7a993918d56@ish.com.au> <20160605131146.GA18691@box-hlm-03.niklaas.eu> <20160606111159.GB37483@box-hlm-03.niklaas.eu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="veXX9dWIonWZEC6h" Content-Disposition: inline In-Reply-To: <20160606111159.GB37483@box-hlm-03.niklaas.eu> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 14:27:52 -0000 --veXX9dWIonWZEC6h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Niklaas Baudet von Gersdorff [2016-06-06 13:11 +0200] : > Anyway, as the others I am quite interested in alternatives. Maybe > someone was able to configure Percona successfully..? FWIW, databases/percona56-server does not have built-in wsrep support. I just figured that out. Niklaas --veXX9dWIonWZEC6h Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXVYhaAAoJEG2fODeJrIU/xyYQAJ8csD5w/dDdXLjVDaSvvZOo 8d+vdF5O1lZnmiPjk070OrBd+fPsat+CZ1FxiYllF4tAsTVpnTQgoWTY+Sll7fkR xOpxJOT9WXnmLQcI5RFVWNlaYX5/c03IDY4/oUsrRniQCyj2MOmFB1TBx5Bdss1H 7MrQbIMv7oVATBxdI+Sq7BLzT3uvCLnco5Lr+asqr8zGibJw8JbNFunhBk2KAk63 GjLNXb7AUFjA+HbI1pA9EaLwDZvooV9KQs1YmBS4IV0shjBJhQfNhsb/MWE98xaA HzIe4idD6FxzpMkOyXC45N1J5ypnFSoEwssx8wlSBJInkNKOMFbpcB7iLm8OKcVR Kr0GuYcw9SUkYLxhgL/GS6OvLKdk2qAM2x55UaOn11mmVLuU8uOyppMDhj59IKsn vweZMZvlrecDsYz1Pn9yDhMg90r1g4XJflGEmkYbW0oiP/J0HKx3Y/mo8aFLVE2D SpnJ/z1M8HBq5H4KdEDOh7FcXDrLUKjRx686PTT1ticcnRcpxwhdjzpdwCACpXAD rD2H+fx/40Ffrs6Vb6L83KcNLMiu+IXLn7wJpW07ljjJJXtoGxi2mCYFbSAP3dRg PHkt4ubmviV9f2d5dFY7pECaojKh4A7lDNkyqJ8TkbJ7e1qZauyhw7w9XIbfbYQ7 VArOa1IVExz36F8p3gfC =HEpJ -----END PGP SIGNATURE----- --veXX9dWIonWZEC6h-- From owner-freebsd-stable@freebsd.org Mon Jun 6 19:59:51 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A8FBB6D35B for ; Mon, 6 Jun 2016 19:59:51 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 596EB1439 for ; Mon, 6 Jun 2016 19:59:51 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 55010B6D35A; Mon, 6 Jun 2016 19:59:51 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52600B6D358 for ; Mon, 6 Jun 2016 19:59:51 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BAFEF1438 for ; Mon, 6 Jun 2016 19:59:50 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: by mail-lf0-x22c.google.com with SMTP id s186so36778901lfs.1 for ; Mon, 06 Jun 2016 12:59:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=6KTFH8GN4dmDmQ4kmJgy7NoqCIBPAqdmKOXaC35Ggww=; b=BaR3c7lUKitdqn7L79uosjL1EbE9cNVzpZEjdDY9Y+GHVecG3uzAFn/eZ/UvaFLN0G 8q7WBd7tiJodmo8f1BhAbC2Infq9plKCxXKJhTAj3LzWN9tiZQlHrRH31SOKN6qiT0Nj 4eZCjPiLHTcRAqamHyz8dD34a/sw4+0sKma3PCSCfNCtL5bztDCbpy2M6NT+mXPeU6TB GbEV46iWaoejY6a8mrESVS+jM0pYLjn78K74QG3W7SHNvZDPasFdx8503rcXUOakmZTM rmBixZGgnN+HJ/qu0yngAb1dt0MHlyyazthfyZuh/TXGlSLnn5jxXe5+dIGIf+j18lVD 8FCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=6KTFH8GN4dmDmQ4kmJgy7NoqCIBPAqdmKOXaC35Ggww=; b=Udw9dbSE+KooDabHPoKFQ8eGU75hwvh0JIMiTZMbLDP+Kk6Ahwt/qDC1LlL4rlyylU P6dMB0NeW81H+Sql1OtYJf8aeJmNLYWtHMICtU2m960hiBy3n1mH7MLimrm2OfIwwGpK H7uxIHtJfuieK0OmU4N6ICGs0R3hD1BslWw2XL6ZUsO0jDzfJv85KL7cj1pma95204qV pWJdYZGjfM2qZGkEvonm2w6twgJNGOLojskoqkc65fDWd0UIZpImC3SD2NZH9rrldgtG r7zduXzf2LGDrmxaNIMtmINFh0UilQ/N03JxR7JBRL95WeH51sd9YsnHN5nY1z4pb5wr OzXA== X-Gm-Message-State: ALyK8tL1vinpaxO0EvqWAQIFMIv6bqaPbcpas0uf6GyDT0ZdzSfTfddbumjkENHQ9a3mbMJBE2keKUyWD9QOyA== MIME-Version: 1.0 X-Received: by 10.25.159.70 with SMTP id i67mr1550109lfe.225.1465243188856; Mon, 06 Jun 2016 12:59:48 -0700 (PDT) Received: by 10.25.144.2 with HTTP; Mon, 6 Jun 2016 12:59:48 -0700 (PDT) Received: by 10.25.144.2 with HTTP; Mon, 6 Jun 2016 12:59:48 -0700 (PDT) In-Reply-To: <20160603201056.GA85345@server.rulingia.com> References: <20160601132300.GA75625@zxy.spb.ru> <574FDC63.6090100@norma.perm.ru> <20160602194856.GA84753@server.rulingia.com> <57519E77.7060507@grosbein.net> <20160603201056.GA85345@server.rulingia.com> Date: Mon, 6 Jun 2016 22:59:48 +0300 Message-ID: Subject: Re: HAST, zfs and local mirroring From: Sami Halabi To: Peter Jeremy Cc: stable@freebsd.org, Eugene Grosbein Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 19:59:51 -0000 hi, another suggestion would be using mirrored zfsOnRoot on each host (out of the 2 local disks) and then use zrep to sync the pools. use with combination of carp to active/standby cluster. Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 3 =D7=91=D7=99=D7=95=D7=A0=D7=99 2016 = 11:11 PM,=E2=80=8F "Peter Jeremy" =D7=9B=D7=AA=D7=91: > On 2016-Jun-03 22:12:55 +0700, Eugene Grosbein wrote= : > >> all your media content is valid. I've also had bad experiences with > >> gmirror volumes silently getting out of sync on a crash. > > > > > >gmirror or (gmirror+gjournal) ones? > > Plain gmirror. > > -- > Peter Jeremy > From owner-freebsd-stable@freebsd.org Tue Jun 7 08:00:32 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6630FB6E79E for ; Tue, 7 Jun 2016 08:00:32 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 463DA1047 for ; Tue, 7 Jun 2016 08:00:32 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 45902B6E79D; Tue, 7 Jun 2016 08:00:32 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 45351B6E79C for ; Tue, 7 Jun 2016 08:00:32 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C5AA31046 for ; Tue, 7 Jun 2016 08:00:31 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x229.google.com with SMTP id v199so6733704wmv.0 for ; Tue, 07 Jun 2016 01:00:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=T5W+/4DBxFyHy3K/RyFfMSbeTsfrl7AY+Bi2x3yRBL0=; b=My6bMOB2/ONLAK7XQSl+6Ze43twM7xvQZYgMXK4cUhttkx0LoBvBKzqLoN937eEh4f f26QJ8UEUGWYZUqR5bzuNF3pGX80u1T8RlsIrDmNGZ7tvgDcUGrxPux21nkH8NXyS10g yFq3YYR2Bu5Ts/WBVKynPbXcBA7YLNUFK3f0tNGXmeiFClmR0wxiTH0wxBbjy2/Eu0Jy 5CQjBs3JRF8eoya1k8w2ImCWpSm8v9tvcE7/LbLbQwHCDjogOvaJ8zymf2Bnrcf2lTIT Z+E2io1RhVQ2YMAOCZNnGd7qyIVwwe4ZVR6zuP9mBXMzuDPAvJO5nS+9XUP0cL44Ug2R m81g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=T5W+/4DBxFyHy3K/RyFfMSbeTsfrl7AY+Bi2x3yRBL0=; b=Hu4y570tYFUroUj5GMhUNlKyT+cVtB6i+LWZF2eCM7JLqn468OeK8KWgEOreYGIFTy W6YcWBKFjzEZ+W5x1bU8O8/HB6zOOjn+K0ql2dqoHBaWzOWCJ0n6B0WyFXJzyvS9IT3H Is/v2MbhvhMfsG1X0r1o/Gy970LoXO3ujn3X3gaOZrAo3VZtHNgia80bNLeL0oPkodCy xnrgal+1Bh420eRKo04nSqRi4xkV435UTEj4CHppWOFTR0Ipq/PxKGCzIPY07aPlknfO SQTlft0vDgVbdou2XYhfxBEkc26t0QinhcdVeM5ZCiAJK9XccXQ07UbjvD6PckxJbnh3 6oPQ== X-Gm-Message-State: ALyK8tIw2/JnaPE+psXa0FyqpAAdhBkk7BgGXB1jnV2pbRliZlM4xP9APgGL/Q4r0mnldp0bYMDmhmGMJmw3gQ== X-Received: by 10.28.174.141 with SMTP id x135mr1325621wme.48.1465286430226; Tue, 07 Jun 2016 01:00:30 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Tue, 7 Jun 2016 01:00:29 -0700 (PDT) In-Reply-To: <20160606135018.GL75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> From: krad Date: Tue, 7 Jun 2016 09:00:29 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 08:00:32 -0000 Well there is a deadlock situation there so you have to relax one of the conditions, for one time at least. Your best bet is to do a manual ntpdate against a fixed ip of known goodness. If you have a lot of machines you need to do this on, use ansible or similar to do the heavy lifting for you. Ansible is best in my opinion if you dont have anything setup as its quick to get going. It does require python on the target machines so you would need to install that first. Something like the following should get it working (as you dont have dns on the target machine, package fetches wont work, so i would tunnel a squid proxy and let that handle all the internet stuff. add something like the following to your ssh_config Host * RemoteForward 31280 squid_server:3128 then run some stuff like this (after installing ansible on your desktop/bastion host) ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 http_proxy= http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root -i -kS --ask-su-pass ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES http_proxy= http://127.0.0.1:31280 pkg install python' -u root -i -kS --ask-su-pass ansible -m shell -a "ntpdate " -kS --ask-su-pass -i from here on you should be able to start unbound and then ntpd eg ansible -m service -a "name=local_unbound state=restarted" -kS --ask-su-pass -i ansible -m service -a "name=ntpd state=restarted" -kS --ask-su-pass -i wrote: > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: > > > Slawa Olhovchenkov writes: > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert wrote: > > > > > >> Slawa Olhovchenkov writes: > > >> > > >> > Default install with local_unbound and ntpd can't be functional with > > >> > incorrect date/time in BIOS: > > >> > > > >> > Unbound requred correct time for DNSSEC check and refuseing queries > > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to prime > > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") > > >> > > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf -- only > > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- can't > > >> > resolve (see above, about DNSKEY). > > >> > > >> I can't see how this would happen. DNSSEC doesn't seem to be required > in > > >> a regular install as far as I can see. Certainly I don't have any > > > > > > I don't know reasson for enforcing DNSSEC in regular install. > > > I am just select `local_unbound` at setup time and enter `127.0.0.1` as > > > nameserver address. > > > > That's not enough to configure unbound as a fully recursive DNS > > server. > > What I am missing? > Need to fix unbound setup scripts? bsdinstall scripts? > As I see unbound setup scripts detects 127.0.0.1 in resolv.conf and > configured unbound as fully recursive DNS server. > > > If your system gets its address through DHCP, it is probably > > getting DNS server addresses as well, and would work fine *without* your > > configuring any of the DNS state. > > I am have static address and don't getting DNS server address. > > > >> problem on any of my systems, and I've never configured an anchor on > the > > >> internal systems. > > >> > > >> > IMHO, ntp.conf need to include some numeric IP of public ntp > servers. > > >> > > >> Ouch; that's a terrible idea, for several different reasons. > > > > > > What else? > > > > All the normal reasons that hard-coding IP addresses is a bad idea; they > > can change, you're encouraging a lot of people to use the same ones, etc. > > And how to resolve this issuse: > > - default install with unbound as recursive DNS server (by default > enforcing DNSSEC) > - ntp time synchronisation > - stale CMOS time (2008 year) > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > From owner-freebsd-stable@freebsd.org Tue Jun 7 08:47:36 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FA92B6A19C for ; Tue, 7 Jun 2016 08:47:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 0CFCE19FC for ; Tue, 7 Jun 2016 08:47:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 0C59EB6A19B; Tue, 7 Jun 2016 08:47:36 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C013B6A19A for ; Tue, 7 Jun 2016 08:47:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C433C19FB for ; Tue, 7 Jun 2016 08:47:35 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bACfd-0001LN-5f; Tue, 07 Jun 2016 11:47:33 +0300 Date: Tue, 7 Jun 2016 11:47:33 +0300 From: Slawa Olhovchenkov To: krad Cc: "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160607084733.GM75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 08:47:36 -0000 On Tue, Jun 07, 2016 at 09:00:29AM +0100, krad wrote: > Well there is a deadlock situation there so you have to relax one of the > conditions, for one time at least. > > Your best bet is to do a manual ntpdate against a fixed ip of known > goodness. If you have a lot of machines you need to do this on, use ansible > or similar to do the heavy lifting for you. Ansible is best in my opinion > if you dont have anything setup as its quick to get going. It does require > python on the target machines so you would need to install that first. > Something like the following should get it working (as you dont have dns on > the target machine, package fetches wont work, so i would tunnel a squid > proxy and let that handle all the internet stuff. > > add something like the following to your ssh_config > > Host * > RemoteForward 31280 squid_server:3128 > > then run some stuff like this (after installing ansible on your > desktop/bastion host) > > ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 http_proxy= > http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root -i > -kS --ask-su-pass > > ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES http_proxy= > http://127.0.0.1:31280 pkg install python' -u root -i > -kS --ask-su-pass > > ansible -m shell -a "ntpdate " -kS --ask-su-pass -i > > > from here on you should be able to start unbound and then ntpd eg > > ansible -m service -a "name=local_unbound state=restarted" > -kS --ask-su-pass -i > ansible -m service -a "name=ntpd state=restarted" -kS --ask-su-pass -i > > Alternatively you could just relax your dnssec rules on first boot to give > ntp a chance. Probably much easier 8) How I am do it? I am don't touch dnssec rules and don't know unbound. May be this is posible by startup scripts? Also, some platforms lack of CMOS time, RPi, for example. > Also make sure you are using the '-g' flag on ntpd Yes, I am add `ntpd_sync_on_start=yes` to rc.conf. I am suggest do it by checkbox in bsdinstall. > On 6 June 2016 at 14:50, Slawa Olhovchenkov wrote: > > > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: > > > > > Slawa Olhovchenkov writes: > > > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert wrote: > > > > > > > >> Slawa Olhovchenkov writes: > > > >> > > > >> > Default install with local_unbound and ntpd can't be functional with > > > >> > incorrect date/time in BIOS: > > > >> > > > > >> > Unbound requred correct time for DNSSEC check and refuseing queries > > > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to prime > > > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") > > > >> > > > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf -- only > > > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- can't > > > >> > resolve (see above, about DNSKEY). > > > >> > > > >> I can't see how this would happen. DNSSEC doesn't seem to be required > > in > > > >> a regular install as far as I can see. Certainly I don't have any > > > > > > > > I don't know reasson for enforcing DNSSEC in regular install. > > > > I am just select `local_unbound` at setup time and enter `127.0.0.1` as > > > > nameserver address. > > > > > > That's not enough to configure unbound as a fully recursive DNS > > > server. > > > > What I am missing? > > Need to fix unbound setup scripts? bsdinstall scripts? > > As I see unbound setup scripts detects 127.0.0.1 in resolv.conf and > > configured unbound as fully recursive DNS server. > > > > > If your system gets its address through DHCP, it is probably > > > getting DNS server addresses as well, and would work fine *without* your > > > configuring any of the DNS state. > > > > I am have static address and don't getting DNS server address. > > > > > >> problem on any of my systems, and I've never configured an anchor on > > the > > > >> internal systems. > > > >> > > > >> > IMHO, ntp.conf need to include some numeric IP of public ntp > > servers. > > > >> > > > >> Ouch; that's a terrible idea, for several different reasons. > > > > > > > > What else? > > > > > > All the normal reasons that hard-coding IP addresses is a bad idea; they > > > can change, you're encouraging a lot of people to use the same ones, etc. > > > > And how to resolve this issuse: > > > > - default install with unbound as recursive DNS server (by default > > enforcing DNSSEC) > > - ntp time synchronisation > > - stale CMOS time (2008 year) > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > From owner-freebsd-stable@freebsd.org Tue Jun 7 10:36:02 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 263AEB6D6CB for ; Tue, 7 Jun 2016 10:36:02 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 0567A1175 for ; Tue, 7 Jun 2016 10:36:02 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 01008B6D6CA; Tue, 7 Jun 2016 10:36:02 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F267BB6D6C8 for ; Tue, 7 Jun 2016 10:36:01 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6FE131174 for ; Tue, 7 Jun 2016 10:36:01 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x233.google.com with SMTP id m124so107969387wme.1 for ; Tue, 07 Jun 2016 03:36:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=RHrTd+hHImzI9IK/KTHPqLViWevIMj0cn1qTE4MyWIE=; b=JV9Gih/5hf3H+d8Q6QTSU5bCKhA4Wnd0XRBl34s12G3PgqP7D6YCV6JqmM/vNlmB2E fmLkGlWjmHwEsl717av3sviWmqrWd4g8ezHrNX9YryRtu95pAN0+emsU5wW/M/49TmFX e+6JWiq/6a0qoQ7gMtb9zPwSOgz8NA+hRyzJ1cO4nmKRHWu+Aqj59+XXOY4ujq3OWD1b EugWArRwgWBrF9zgC5ta0B+iISZHWcBatgNcOy0QbJIPlf+zv5d6e/9Kbmjas8bqhv3W Pux9k/CyHOeDR2RbzwizTX2KnlyJ1QukPqnnIA7LtACt0PxiC1f65zJvhzATshPZmFQ9 u0ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=RHrTd+hHImzI9IK/KTHPqLViWevIMj0cn1qTE4MyWIE=; b=JfPC2hedlQuCFIp/SK/uv9w1nOfiOVCXALGOldHj3h1MhdpCP6KMYm4eYpdf8Af1Bt UP8p7T3SUsX8zdAtCEzLWbzfszbMxMu2o4i60Ko0EE6sGt3ThKsXsIhjLu+0Cn9hAI2h GhUQtNkfHViOA4Xjj8kHvrTPmLpjAGMS3BmElWcCGpKGzPIkxfPXHWc2S9U03iumpq4w x3bh9FqQof4y7Fa1zgRJ0nyjOU9Vu+EqhtvnF8E2K+gxvAnJG6vCpmWGrtHygIFkVLBF Ty9FEGo+VoRvPlSSuGPoqqrs0KRsQ1kx9CIEXZ3mtzhwpV50H5It4CCdCSIHT+eVDAmD itLQ== X-Gm-Message-State: ALyK8tJjdR0J0TRNx4FFPewRrK1oviyokAsIeTz3SJ+sbvpbJ0zaoyWl4yrbFHdPiXmBkzAX3OVdroAcF5vwJA== X-Received: by 10.194.74.104 with SMTP id s8mr9260657wjv.20.1465295759813; Tue, 07 Jun 2016 03:35:59 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Tue, 7 Jun 2016 03:35:59 -0700 (PDT) In-Reply-To: <20160607084733.GM75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> From: krad Date: Tue, 7 Jun 2016 11:35:59 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 10:36:02 -0000 Like i said you could configure ntpdate as well as ntpd, but give it a known good ip. It will only run once at boot, and ntpd will start after so that can use the nice pool names. A slightly better way maybe to give ntpdate a server hostname like ntp-server and populated the hosts file with one of the ips from pool.ntp.org. You could then have a periodic script to check and update the ip in the hosts every day, so it works over a reboot. The ip would obviously have to have an initial seed value, but you could work this out progmatically at system configuration time with tools like ansible. On 7 June 2016 at 09:47, Slawa Olhovchenkov wrote: > On Tue, Jun 07, 2016 at 09:00:29AM +0100, krad wrote: > > > Well there is a deadlock situation there so you have to relax one of the > > conditions, for one time at least. > > > > Your best bet is to do a manual ntpdate against a fixed ip of known > > goodness. If you have a lot of machines you need to do this on, use > ansible > > or similar to do the heavy lifting for you. Ansible is best in my opinion > > if you dont have anything setup as its quick to get going. It does > require > > python on the target machines so you would need to install that first. > > Something like the following should get it working (as you dont have dns > on > > the target machine, package fetches wont work, so i would tunnel a squid > > proxy and let that handle all the internet stuff. > > > > add something like the following to your ssh_config > > > > Host * > > RemoteForward 31280 squid_server:3128 > > > > then run some stuff like this (after installing ansible on your > > desktop/bastion host) > > > > ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 http_proxy= > > http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root -i > > -kS --ask-su-pass > > > > ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES http_proxy= > > http://127.0.0.1:31280 pkg install python' -u root -i > > -kS --ask-su-pass > > > > ansible -m shell -a "ntpdate " -kS --ask-su-pass -i > > > > > > from here on you should be able to start unbound and then ntpd eg > > > > ansible -m service -a "name=local_unbound state=restarted" > > -kS --ask-su-pass -i > > ansible -m service -a "name=ntpd state=restarted" -kS --ask-su-pass -i > > > > > Alternatively you could just relax your dnssec rules on first boot to > give > > ntp a chance. Probably much easier 8) > > How I am do it? I am don't touch dnssec rules and don't know unbound. > May be this is posible by startup scripts? > Also, some platforms lack of CMOS time, RPi, for example. > > > Also make sure you are using the '-g' flag on ntpd > > Yes, I am add `ntpd_sync_on_start=yes` to rc.conf. > I am suggest do it by checkbox in bsdinstall. > > > > On 6 June 2016 at 14:50, Slawa Olhovchenkov wrote: > > > > > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: > > > > > > > Slawa Olhovchenkov writes: > > > > > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert wrote: > > > > > > > > > >> Slawa Olhovchenkov writes: > > > > >> > > > > >> > Default install with local_unbound and ntpd can't be functional > with > > > > >> > incorrect date/time in BIOS: > > > > >> > > > > > >> > Unbound requred correct time for DNSSEC check and refuseing > queries > > > > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to > prime > > > > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") > > > > >> > > > > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf -- > only > > > > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- can't > > > > >> > resolve (see above, about DNSKEY). > > > > >> > > > > >> I can't see how this would happen. DNSSEC doesn't seem to be > required > > > in > > > > >> a regular install as far as I can see. Certainly I don't have any > > > > > > > > > > I don't know reasson for enforcing DNSSEC in regular install. > > > > > I am just select `local_unbound` at setup time and enter > `127.0.0.1` as > > > > > nameserver address. > > > > > > > > That's not enough to configure unbound as a fully recursive DNS > > > > server. > > > > > > What I am missing? > > > Need to fix unbound setup scripts? bsdinstall scripts? > > > As I see unbound setup scripts detects 127.0.0.1 in resolv.conf and > > > configured unbound as fully recursive DNS server. > > > > > > > If your system gets its address through DHCP, it is probably > > > > getting DNS server addresses as well, and would work fine *without* > your > > > > configuring any of the DNS state. > > > > > > I am have static address and don't getting DNS server address. > > > > > > > >> problem on any of my systems, and I've never configured an anchor > on > > > the > > > > >> internal systems. > > > > >> > > > > >> > IMHO, ntp.conf need to include some numeric IP of public ntp > > > servers. > > > > >> > > > > >> Ouch; that's a terrible idea, for several different reasons. > > > > > > > > > > What else? > > > > > > > > All the normal reasons that hard-coding IP addresses is a bad idea; > they > > > > can change, you're encouraging a lot of people to use the same ones, > etc. > > > > > > And how to resolve this issuse: > > > > > > - default install with unbound as recursive DNS server (by default > > > enforcing DNSSEC) > > > - ntp time synchronisation > > > - stale CMOS time (2008 year) > > > _______________________________________________ > > > freebsd-stable@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > To unsubscribe, send any mail to " > freebsd-stable-unsubscribe@freebsd.org" > > > > From owner-freebsd-stable@freebsd.org Tue Jun 7 10:43:38 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A28D4B6D95E for ; Tue, 7 Jun 2016 10:43:38 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 8E8D9171E for ; Tue, 7 Jun 2016 10:43:38 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 8A06FB6D95D; Tue, 7 Jun 2016 10:43:38 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87723B6D95B for ; Tue, 7 Jun 2016 10:43:38 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3A724171D for ; Tue, 7 Jun 2016 10:43:38 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAETv-0004IY-DZ; Tue, 07 Jun 2016 13:43:35 +0300 Date: Tue, 7 Jun 2016 13:43:35 +0300 From: Slawa Olhovchenkov To: krad Cc: "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160607104335.GN75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 10:43:38 -0000 On Tue, Jun 07, 2016 at 11:35:59AM +0100, krad wrote: > Like i said you could configure ntpdate as well as ntpd, but give it a > known good ip. It will only run once at boot, and ntpd will start after so > that can use the nice pool names. > > A slightly better way maybe to give ntpdate a server hostname like > ntp-server and populated the hosts file with one of the ips from > pool.ntp.org. You could then have a periodic script to check and update the > ip in the hosts every day, so it works over a reboot. The ip would > obviously have to have an initial seed value, but you could work this out > progmatically at system configuration time with tools like ansible. What purpose don't do it by standart scripts from base systems? Enforcing DNSSEC must be prevent this strange works on all systems lack CMOS time. I am not expert in sh scripting for this automation. > On 7 June 2016 at 09:47, Slawa Olhovchenkov wrote: > > > On Tue, Jun 07, 2016 at 09:00:29AM +0100, krad wrote: > > > > > Well there is a deadlock situation there so you have to relax one of the > > > conditions, for one time at least. > > > > > > Your best bet is to do a manual ntpdate against a fixed ip of known > > > goodness. If you have a lot of machines you need to do this on, use > > ansible > > > or similar to do the heavy lifting for you. Ansible is best in my opinion > > > if you dont have anything setup as its quick to get going. It does > > require > > > python on the target machines so you would need to install that first. > > > Something like the following should get it working (as you dont have dns > > on > > > the target machine, package fetches wont work, so i would tunnel a squid > > > proxy and let that handle all the internet stuff. > > > > > > add something like the following to your ssh_config > > > > > > Host * > > > RemoteForward 31280 squid_server:3128 > > > > > > then run some stuff like this (after installing ansible on your > > > desktop/bastion host) > > > > > > ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 http_proxy= > > > http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root -i > > > -kS --ask-su-pass > > > > > > ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES http_proxy= > > > http://127.0.0.1:31280 pkg install python' -u root -i > > > -kS --ask-su-pass > > > > > > ansible -m shell -a "ntpdate " -kS --ask-su-pass -i > > > > > > > > > from here on you should be able to start unbound and then ntpd eg > > > > > > ansible -m service -a "name=local_unbound state=restarted" > > > -kS --ask-su-pass -i > > > ansible -m service -a "name=ntpd state=restarted" -kS --ask-su-pass -i > > > > > > > > Alternatively you could just relax your dnssec rules on first boot to > > give > > > ntp a chance. Probably much easier 8) > > > > How I am do it? I am don't touch dnssec rules and don't know unbound. > > May be this is posible by startup scripts? > > Also, some platforms lack of CMOS time, RPi, for example. > > > > > Also make sure you are using the '-g' flag on ntpd > > > > Yes, I am add `ntpd_sync_on_start=yes` to rc.conf. > > I am suggest do it by checkbox in bsdinstall. > > > > > > > On 6 June 2016 at 14:50, Slawa Olhovchenkov wrote: > > > > > > > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert wrote: > > > > > > > > > > > >> Slawa Olhovchenkov writes: > > > > > >> > > > > > >> > Default install with local_unbound and ntpd can't be functional > > with > > > > > >> > incorrect date/time in BIOS: > > > > > >> > > > > > > >> > Unbound requred correct time for DNSSEC check and refuseing > > queries > > > > > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to > > prime > > > > > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") > > > > > >> > > > > > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf -- > > only > > > > > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- can't > > > > > >> > resolve (see above, about DNSKEY). > > > > > >> > > > > > >> I can't see how this would happen. DNSSEC doesn't seem to be > > required > > > > in > > > > > >> a regular install as far as I can see. Certainly I don't have any > > > > > > > > > > > > I don't know reasson for enforcing DNSSEC in regular install. > > > > > > I am just select `local_unbound` at setup time and enter > > `127.0.0.1` as > > > > > > nameserver address. > > > > > > > > > > That's not enough to configure unbound as a fully recursive DNS > > > > > server. > > > > > > > > What I am missing? > > > > Need to fix unbound setup scripts? bsdinstall scripts? > > > > As I see unbound setup scripts detects 127.0.0.1 in resolv.conf and > > > > configured unbound as fully recursive DNS server. > > > > > > > > > If your system gets its address through DHCP, it is probably > > > > > getting DNS server addresses as well, and would work fine *without* > > your > > > > > configuring any of the DNS state. > > > > > > > > I am have static address and don't getting DNS server address. > > > > > > > > > >> problem on any of my systems, and I've never configured an anchor > > on > > > > the > > > > > >> internal systems. > > > > > >> > > > > > >> > IMHO, ntp.conf need to include some numeric IP of public ntp > > > > servers. > > > > > >> > > > > > >> Ouch; that's a terrible idea, for several different reasons. > > > > > > > > > > > > What else? > > > > > > > > > > All the normal reasons that hard-coding IP addresses is a bad idea; > > they > > > > > can change, you're encouraging a lot of people to use the same ones, > > etc. > > > > > > > > And how to resolve this issuse: > > > > > > > > - default install with unbound as recursive DNS server (by default > > > > enforcing DNSSEC) > > > > - ntp time synchronisation > > > > - stale CMOS time (2008 year) > > > > _______________________________________________ > > > > freebsd-stable@freebsd.org mailing list > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > To unsubscribe, send any mail to " > > freebsd-stable-unsubscribe@freebsd.org" > > > > > > From owner-freebsd-stable@freebsd.org Tue Jun 7 11:09:07 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B775B6D21E for ; Tue, 7 Jun 2016 11:09:07 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 293B91328 for ; Tue, 7 Jun 2016 11:09:07 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 24B8EB6D21C; Tue, 7 Jun 2016 11:09:07 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24544B6D21B for ; Tue, 7 Jun 2016 11:09:07 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A0E1C1327 for ; Tue, 7 Jun 2016 11:09:06 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x22d.google.com with SMTP id v199so14070340wmv.0 for ; Tue, 07 Jun 2016 04:09:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=dPJZxnU34HFYlk2StpBObYsYOwyPdaYQ5GskqLLH890=; b=WFkLhRcSWC2ONALLQm0t4lgGbB1XwnP+8Uz/kFJ+wZvo5P5vDvXddVRlLkq4HvvZjW UOiEHqalxcvpQIIwVNRFCxIneCdIk7CIQgSXuAqHhHCyrfdYBUTqE2mWsHn+hwRE+PwG yOa6Y2nuWqXxZThtoVHouVTbg38bTCc5tl4tE3tf529xgu3GSXY7xfbys9UfG4+/ojHD HZfY2I/rZ2mUMryqKJ4JCRCSX7cZlPZ7CL1UMhZbPZREeGnL6H1V3B/2h2bJ/59nYNkY 99yT/sBDfgvz5uhTT3/hnnOzBUWT2qJ40Qvl86lIXTvggVJiQJGBxJbE2he/8XQ/eqKf /e+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=dPJZxnU34HFYlk2StpBObYsYOwyPdaYQ5GskqLLH890=; b=GbR7ADtsvp5MfzX+AkTTyf7mTAzlWtWiKxATA2DBV8PzxQUitwPhm9gceLx5MtOtWu g2B7NWgRVjBbD797KJij6mNH/FOHE6+vkXC5IL7eXVi/989phd0A/4OfDSNkbm9U0Zbb ywK0cAivzORNRQrQ1Dc9fVXjkllkQv51swn2RWHsk074vNFknRTSxfwQk4dabTa+HH7Y KZmi8fumYL10belwscUm/a8ruNEfVrupUplnodieKyGVdTnupHiOA5WUPchIOOmH5nzK vNjHPwAHCTE94SaPFAPtE7NnesHquQljZgyJK08R+ElPdHWh+esGJdCDpsrP6njeg7hF 4VLw== X-Gm-Message-State: ALyK8tLo7NCsgu2ZweGjkSgT/phSRC22si6tEN8OKsre320Xj1FSHI6OrM7fW2nKCVlV2Ft5pwcPs+nNOnm47A== X-Received: by 10.194.115.39 with SMTP id jl7mr22646824wjb.81.1465297744217; Tue, 07 Jun 2016 04:09:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Tue, 7 Jun 2016 04:09:03 -0700 (PDT) In-Reply-To: <20160607104335.GN75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> <20160607104335.GN75630@zxy.spb.ru> From: krad Date: Tue, 7 Jun 2016 12:09:03 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 11:09:07 -0000 something as simple as this thrown in /etc/periodic/daily/ would probably do it. #!/bin/sh ip=`dig pool.ntp.org +short | head -1' cp /etc/hosts /etc/hosts.old && sed -e "s/.*ntp-server/$ip ntp-server/" /etc/hosts.old > /etc/hosts with these lines in rc.conf ntpdate_enable=yes ntpdate_servers="ntp-server" On 7 June 2016 at 11:43, Slawa Olhovchenkov wrote: > On Tue, Jun 07, 2016 at 11:35:59AM +0100, krad wrote: > > > Like i said you could configure ntpdate as well as ntpd, but give it a > > known good ip. It will only run once at boot, and ntpd will start after > so > > that can use the nice pool names. > > > > A slightly better way maybe to give ntpdate a server hostname like > > ntp-server and populated the hosts file with one of the ips from > > pool.ntp.org. You could then have a periodic script to check and update > the > > ip in the hosts every day, so it works over a reboot. The ip would > > obviously have to have an initial seed value, but you could work this out > > progmatically at system configuration time with tools like ansible. > > What purpose don't do it by standart scripts from base systems? > Enforcing DNSSEC must be prevent this strange works on all systems > lack CMOS time. > > I am not expert in sh scripting for this automation. > > > On 7 June 2016 at 09:47, Slawa Olhovchenkov wrote: > > > > > On Tue, Jun 07, 2016 at 09:00:29AM +0100, krad wrote: > > > > > > > Well there is a deadlock situation there so you have to relax one of > the > > > > conditions, for one time at least. > > > > > > > > Your best bet is to do a manual ntpdate against a fixed ip of known > > > > goodness. If you have a lot of machines you need to do this on, use > > > ansible > > > > or similar to do the heavy lifting for you. Ansible is best in my > opinion > > > > if you dont have anything setup as its quick to get going. It does > > > require > > > > python on the target machines so you would need to install that > first. > > > > Something like the following should get it working (as you dont have > dns > > > on > > > > the target machine, package fetches wont work, so i would tunnel a > squid > > > > proxy and let that handle all the internet stuff. > > > > > > > > add something like the following to your ssh_config > > > > > > > > Host * > > > > RemoteForward 31280 squid_server:3128 > > > > > > > > then run some stuff like this (after installing ansible on your > > > > desktop/bastion host) > > > > > > > > ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 http_proxy= > > > > http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root -i > > > > -kS --ask-su-pass > > > > > > > > ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES http_proxy= > > > > http://127.0.0.1:31280 pkg install python' -u root -i > > > > > -kS --ask-su-pass > > > > > > > > ansible -m shell -a "ntpdate " -kS > --ask-su-pass -i > > > > > > > > > > > > from here on you should be able to start unbound and then ntpd eg > > > > > > > > ansible -m service -a "name=local_unbound state=restarted" > > > > -kS --ask-su-pass -i > > > > ansible -m service -a "name=ntpd state=restarted" -kS --ask-su-pass > -i > > > > > > > > > > > Alternatively you could just relax your dnssec rules on first boot to > > > give > > > > ntp a chance. Probably much easier 8) > > > > > > How I am do it? I am don't touch dnssec rules and don't know unbound. > > > May be this is posible by startup scripts? > > > Also, some platforms lack of CMOS time, RPi, for example. > > > > > > > Also make sure you are using the '-g' flag on ntpd > > > > > > Yes, I am add `ntpd_sync_on_start=yes` to rc.conf. > > > I am suggest do it by checkbox in bsdinstall. > > > > > > > > > > On 6 June 2016 at 14:50, Slawa Olhovchenkov wrote: > > > > > > > > > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: > > > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > > > > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert wrote: > > > > > > > > > > > > > >> Slawa Olhovchenkov writes: > > > > > > >> > > > > > > >> > Default install with local_unbound and ntpd can't be > functional > > > with > > > > > > >> > incorrect date/time in BIOS: > > > > > > >> > > > > > > > >> > Unbound requred correct time for DNSSEC check and refuseing > > > queries > > > > > > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to > > > prime > > > > > > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") > > > > > > >> > > > > > > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf -- > > > only > > > > > > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- > can't > > > > > > >> > resolve (see above, about DNSKEY). > > > > > > >> > > > > > > >> I can't see how this would happen. DNSSEC doesn't seem to be > > > required > > > > > in > > > > > > >> a regular install as far as I can see. Certainly I don't have > any > > > > > > > > > > > > > > I don't know reasson for enforcing DNSSEC in regular install. > > > > > > > I am just select `local_unbound` at setup time and enter > > > `127.0.0.1` as > > > > > > > nameserver address. > > > > > > > > > > > > That's not enough to configure unbound as a fully recursive DNS > > > > > > server. > > > > > > > > > > What I am missing? > > > > > Need to fix unbound setup scripts? bsdinstall scripts? > > > > > As I see unbound setup scripts detects 127.0.0.1 in resolv.conf and > > > > > configured unbound as fully recursive DNS server. > > > > > > > > > > > If your system gets its address through DHCP, it is probably > > > > > > getting DNS server addresses as well, and would work fine > *without* > > > your > > > > > > configuring any of the DNS state. > > > > > > > > > > I am have static address and don't getting DNS server address. > > > > > > > > > > > >> problem on any of my systems, and I've never configured an > anchor > > > on > > > > > the > > > > > > >> internal systems. > > > > > > >> > > > > > > >> > IMHO, ntp.conf need to include some numeric IP of public ntp > > > > > servers. > > > > > > >> > > > > > > >> Ouch; that's a terrible idea, for several different reasons. > > > > > > > > > > > > > > What else? > > > > > > > > > > > > All the normal reasons that hard-coding IP addresses is a bad > idea; > > > they > > > > > > can change, you're encouraging a lot of people to use the same > ones, > > > etc. > > > > > > > > > > And how to resolve this issuse: > > > > > > > > > > - default install with unbound as recursive DNS server (by default > > > > > enforcing DNSSEC) > > > > > - ntp time synchronisation > > > > > - stale CMOS time (2008 year) > > > > > _______________________________________________ > > > > > freebsd-stable@freebsd.org mailing list > > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > > To unsubscribe, send any mail to " > > > freebsd-stable-unsubscribe@freebsd.org" > > > > > > > > > From owner-freebsd-stable@freebsd.org Tue Jun 7 11:10:09 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF9B3B6D329 for ; Tue, 7 Jun 2016 11:10:09 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id ACA831689 for ; Tue, 7 Jun 2016 11:10:09 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id ABF25B6D328; Tue, 7 Jun 2016 11:10:09 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB8AAB6D327 for ; Tue, 7 Jun 2016 11:10:09 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 32D3D1687 for ; Tue, 7 Jun 2016 11:10:09 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x235.google.com with SMTP id m124so109194191wme.1 for ; Tue, 07 Jun 2016 04:10:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rf8fCQnseONlmshwgUZIpiniIqZogs3zfuP3FaoNRH0=; b=oWqtVFnjSyeT1ZXMDTTYlAF0QZtVs+2lXjYsgkmaCuUlSvZX4HcC0LzOSQ9SMvXSEf CGiVVcHhDw4hEhuz/5wT5TyqgIXRAB8BNjrRSrZDq3FyLikM81XSOIK4jaxccg4LRxjV +8fMmeGwPdRzQvHZ1D2+IlnnUMSyBFhstlEsHXys/9YcNnfF7NBRJHJrT+rEp+lCI3vG F9XbBx8cxFQ+azimNQw0T53iQkCmKH2YTXJDcK+PQYmCut593EXK3EdQcBx30Pijij8z sgjVEo53iZjwP4SkgdzGj1nUllXZmpcpM2sNlktJd6peaiunmlNKdQrZ0krPbdPC0dnF iH7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rf8fCQnseONlmshwgUZIpiniIqZogs3zfuP3FaoNRH0=; b=mMx+k7AZNmTkXKBupnzDJShzu5nYzsUpg2nIHiubHJXh/T2nkX4Vc+jP65faAhPf1B 5lYeSI8u1YqGwr+VRhjQtKyeB1ESNPAt5CQsfkNXKa0k3qY4XQFVVE6KOQDiVR+IxRKA yvQfTb4W/I45LciKZPuzwKt1O32L6plBp8SGeBEnhjDGrJAcq1V10iSfv/ChGT/kDLxU /6Q39qRzVLxm4RghH/AL629sBDzOOaX9Dy2Rgkn+ueO/fudBN7hqkt6u7tQ/0mVc32xL RShvHbcwI/w+hJ6BLYOJMBSPb/zq3GOaw9+uztZaD/6DYpkH3l1JUg5EKkLaksb46rAs Y6bg== X-Gm-Message-State: ALyK8tKjHNaqbt8j5n1zqVw44ru5Rt7UAq9ttI7KUXhrEm4xcXcQ15VA5ZkbRTVqJdPmIw3oO0luxIGVsKqysw== X-Received: by 10.28.5.147 with SMTP id 141mr2276397wmf.48.1465297807606; Tue, 07 Jun 2016 04:10:07 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Tue, 7 Jun 2016 04:10:06 -0700 (PDT) In-Reply-To: References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> <20160607104335.GN75630@zxy.spb.ru> From: krad Date: Tue, 7 Jun 2016 12:10:06 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 11:10:09 -0000 whops that should be ntpdate_hosts not servers On 7 June 2016 at 12:09, krad wrote: > something as simple as this thrown in /etc/periodic/daily/ would probably > do it. > > #!/bin/sh > ip=`dig pool.ntp.org +short | head -1' > cp /etc/hosts /etc/hosts.old && > sed -e "s/.*ntp-server/$ip ntp-server/" /etc/hosts.old > /etc/hosts > > > with these lines in rc.conf > ntpdate_enable=yes > ntpdate_servers="ntp-server" > > > > > > On 7 June 2016 at 11:43, Slawa Olhovchenkov wrote: > >> On Tue, Jun 07, 2016 at 11:35:59AM +0100, krad wrote: >> >> > Like i said you could configure ntpdate as well as ntpd, but give it a >> > known good ip. It will only run once at boot, and ntpd will start after >> so >> > that can use the nice pool names. >> > >> > A slightly better way maybe to give ntpdate a server hostname like >> > ntp-server and populated the hosts file with one of the ips from >> > pool.ntp.org. You could then have a periodic script to check and >> update the >> > ip in the hosts every day, so it works over a reboot. The ip would >> > obviously have to have an initial seed value, but you could work this >> out >> > progmatically at system configuration time with tools like ansible. >> >> What purpose don't do it by standart scripts from base systems? >> Enforcing DNSSEC must be prevent this strange works on all systems >> lack CMOS time. >> >> I am not expert in sh scripting for this automation. >> >> > On 7 June 2016 at 09:47, Slawa Olhovchenkov wrote: >> > >> > > On Tue, Jun 07, 2016 at 09:00:29AM +0100, krad wrote: >> > > >> > > > Well there is a deadlock situation there so you have to relax one >> of the >> > > > conditions, for one time at least. >> > > > >> > > > Your best bet is to do a manual ntpdate against a fixed ip of known >> > > > goodness. If you have a lot of machines you need to do this on, use >> > > ansible >> > > > or similar to do the heavy lifting for you. Ansible is best in my >> opinion >> > > > if you dont have anything setup as its quick to get going. It does >> > > require >> > > > python on the target machines so you would need to install that >> first. >> > > > Something like the following should get it working (as you dont >> have dns >> > > on >> > > > the target machine, package fetches wont work, so i would tunnel a >> squid >> > > > proxy and let that handle all the internet stuff. >> > > > >> > > > add something like the following to your ssh_config >> > > > >> > > > Host * >> > > > RemoteForward 31280 squid_server:3128 >> > > > >> > > > then run some stuff like this (after installing ansible on your >> > > > desktop/bastion host) >> > > > >> > > > ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 http_proxy= >> > > > http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root -i >> > > > -kS --ask-su-pass >> > > > >> > > > ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES http_proxy= >> > > > http://127.0.0.1:31280 pkg install python' -u root -i >> >> > > > -kS --ask-su-pass >> > > > >> > > > ansible -m shell -a "ntpdate " -kS >> --ask-su-pass -i >> > > > >> > > > >> > > > from here on you should be able to start unbound and then ntpd eg >> > > > >> > > > ansible -m service -a "name=local_unbound state=restarted" >> > > > -kS --ask-su-pass -i >> > > > ansible -m service -a "name=ntpd state=restarted" -kS >> --ask-su-pass -i >> > > > > > > > >> > > > Alternatively you could just relax your dnssec rules on first boot >> to >> > > give >> > > > ntp a chance. Probably much easier 8) >> > > >> > > How I am do it? I am don't touch dnssec rules and don't know unbound. >> > > May be this is posible by startup scripts? >> > > Also, some platforms lack of CMOS time, RPi, for example. >> > > >> > > > Also make sure you are using the '-g' flag on ntpd >> > > >> > > Yes, I am add `ntpd_sync_on_start=yes` to rc.conf. >> > > I am suggest do it by checkbox in bsdinstall. >> > > >> > > >> > > > On 6 June 2016 at 14:50, Slawa Olhovchenkov wrote: >> > > > >> > > > > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: >> > > > > >> > > > > > Slawa Olhovchenkov writes: >> > > > > > >> > > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert >> wrote: >> > > > > > > >> > > > > > >> Slawa Olhovchenkov writes: >> > > > > > >> >> > > > > > >> > Default install with local_unbound and ntpd can't be >> functional >> > > with >> > > > > > >> > incorrect date/time in BIOS: >> > > > > > >> > >> > > > > > >> > Unbound requred correct time for DNSSEC check and refuseing >> > > queries >> > > > > > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed >> to >> > > prime >> > > > > > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") >> > > > > > >> > >> > > > > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf >> -- >> > > only >> > > > > > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- >> can't >> > > > > > >> > resolve (see above, about DNSKEY). >> > > > > > >> >> > > > > > >> I can't see how this would happen. DNSSEC doesn't seem to be >> > > required >> > > > > in >> > > > > > >> a regular install as far as I can see. Certainly I don't >> have any >> > > > > > > >> > > > > > > I don't know reasson for enforcing DNSSEC in regular install. >> > > > > > > I am just select `local_unbound` at setup time and enter >> > > `127.0.0.1` as >> > > > > > > nameserver address. >> > > > > > >> > > > > > That's not enough to configure unbound as a fully recursive DNS >> > > > > > server. >> > > > > >> > > > > What I am missing? >> > > > > Need to fix unbound setup scripts? bsdinstall scripts? >> > > > > As I see unbound setup scripts detects 127.0.0.1 in resolv.conf >> and >> > > > > configured unbound as fully recursive DNS server. >> > > > > >> > > > > > If your system gets its address through DHCP, it is probably >> > > > > > getting DNS server addresses as well, and would work fine >> *without* >> > > your >> > > > > > configuring any of the DNS state. >> > > > > >> > > > > I am have static address and don't getting DNS server address. >> > > > > >> > > > > > >> problem on any of my systems, and I've never configured an >> anchor >> > > on >> > > > > the >> > > > > > >> internal systems. >> > > > > > >> >> > > > > > >> > IMHO, ntp.conf need to include some numeric IP of public >> ntp >> > > > > servers. >> > > > > > >> >> > > > > > >> Ouch; that's a terrible idea, for several different reasons. >> > > > > > > >> > > > > > > What else? >> > > > > > >> > > > > > All the normal reasons that hard-coding IP addresses is a bad >> idea; >> > > they >> > > > > > can change, you're encouraging a lot of people to use the same >> ones, >> > > etc. >> > > > > >> > > > > And how to resolve this issuse: >> > > > > >> > > > > - default install with unbound as recursive DNS server (by default >> > > > > enforcing DNSSEC) >> > > > > - ntp time synchronisation >> > > > > - stale CMOS time (2008 year) >> > > > > _______________________________________________ >> > > > > freebsd-stable@freebsd.org mailing list >> > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable >> > > > > To unsubscribe, send any mail to " >> > > freebsd-stable-unsubscribe@freebsd.org" >> > > > > >> > > >> > > From owner-freebsd-stable@freebsd.org Tue Jun 7 13:29:43 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 869F1B6E218 for ; Tue, 7 Jun 2016 13:29:43 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6E1E110B9 for ; Tue, 7 Jun 2016 13:29:43 +0000 (UTC) (envelope-from ian@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 6D7FFB6E216; Tue, 7 Jun 2016 13:29:43 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D258B6E215 for ; Tue, 7 Jun 2016 13:29:43 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound1b.ore.mailhop.org (outbound1b.ore.mailhop.org [54.200.247.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4312010B8 for ; Tue, 7 Jun 2016 13:29:42 +0000 (UTC) (envelope-from ian@freebsd.org) X-MHO-User: e709fde5-2cb3-11e6-a0ff-e511cd071b9b X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 73.34.117.227 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [73.34.117.227]) by outbound1.ore.mailhop.org (Halon Mail Gateway) with ESMTPSA; Tue, 7 Jun 2016 13:29:46 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.14.9) with ESMTP id u57DTWiB001105; Tue, 7 Jun 2016 07:29:33 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1465306172.1188.24.camel@freebsd.org> Subject: Re: unbound and ntp issuse From: Ian Lepore To: krad , Slawa Olhovchenkov Cc: "stable@freebsd.org" Date: Tue, 07 Jun 2016 07:29:32 -0600 In-Reply-To: References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> <20160607104335.GN75630@zxy.spb.ru> Content-Type: text/plain; charset="us-ascii" X-Mailer: Evolution 3.16.5 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 13:29:43 -0000 On Tue, 2016-06-07 at 12:10 +0100, krad wrote: > whops that should be > > ntpdate_hosts not servers > These suggestions are essentially insane because they're ignoring the basic fact that the freebsd installer creates a non-working system. If unbound requires DNSSEC, and DNSSEC requires good time, and good time requires hostname resolution, then that circular dependency is a problem that the freebsd project needs to fix, not something to be hacked around by each individual sysadmin. It is a bit disturbing to me that the project members who created this situation have been silent in the face of *months* of reporting of it by several different users. -- Ian > > On 7 June 2016 at 12:09, krad wrote: > > > something as simple as this thrown in /etc/periodic/daily/ would > > probably > > do it. > > > > #!/bin/sh > > ip=`dig pool.ntp.org +short | head -1' > > cp /etc/hosts /etc/hosts.old && > > sed -e "s/.*ntp-server/$ip ntp-server/" /etc/hosts.old > > > /etc/hosts > > > > > > with these lines in rc.conf > > ntpdate_enable=yes > > ntpdate_servers="ntp-server" > > > > > > > > > > > > On 7 June 2016 at 11:43, Slawa Olhovchenkov wrote: > > > > > On Tue, Jun 07, 2016 at 11:35:59AM +0100, krad wrote: > > > > > > > Like i said you could configure ntpdate as well as ntpd, but > > > > give it a > > > > known good ip. It will only run once at boot, and ntpd will > > > > start after > > > so > > > > that can use the nice pool names. > > > > > > > > A slightly better way maybe to give ntpdate a server hostname > > > > like > > > > ntp-server and populated the hosts file with one of the ips > > > > from > > > > pool.ntp.org. You could then have a periodic script to check > > > > and > > > update the > > > > ip in the hosts every day, so it works over a reboot. The ip > > > > would > > > > obviously have to have an initial seed value, but you could > > > > work this > > > out > > > > progmatically at system configuration time with tools like > > > > ansible. > > > > > > What purpose don't do it by standart scripts from base systems? > > > Enforcing DNSSEC must be prevent this strange works on all > > > systems > > > lack CMOS time. > > > > > > I am not expert in sh scripting for this automation. > > > > > > > On 7 June 2016 at 09:47, Slawa Olhovchenkov > > > > wrote: > > > > > > > > > On Tue, Jun 07, 2016 at 09:00:29AM +0100, krad wrote: > > > > > > > > > > > Well there is a deadlock situation there so you have to > > > > > > relax one > > > of the > > > > > > conditions, for one time at least. > > > > > > > > > > > > Your best bet is to do a manual ntpdate against a fixed ip > > > > > > of known > > > > > > goodness. If you have a lot of machines you need to do this > > > > > > on, use > > > > > ansible > > > > > > or similar to do the heavy lifting for you. Ansible is best > > > > > > in my > > > opinion > > > > > > if you dont have anything setup as its quick to get going. > > > > > > It does > > > > > require > > > > > > python on the target machines so you would need to install > > > > > > that > > > first. > > > > > > Something like the following should get it working (as you > > > > > > dont > > > have dns > > > > > on > > > > > > the target machine, package fetches wont work, so i would > > > > > > tunnel a > > > squid > > > > > > proxy and let that handle all the internet stuff. > > > > > > > > > > > > add something like the following to your ssh_config > > > > > > > > > > > > Host * > > > > > > RemoteForward 31280 squid_server:3128 > > > > > > > > > > > > then run some stuff like this (after installing ansible on > > > > > > your > > > > > > desktop/bastion host) > > > > > > > > > > > > ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 > > > > > > http_proxy= > > > > > > http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root > > > > > > -i > > > > > > -kS --ask-su-pass > > > > > > > > > > > > ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES > > > > > > http_proxy= > > > > > > http://127.0.0.1:31280 pkg install python' -u root -i > > > > > > > > > -kS --ask-su-pass > > > > > > > > > > > > ansible -m shell -a "ntpdate " -kS > > > --ask-su-pass -i > > > > > > > > > > > > > > > > > > from here on you should be able to start unbound and then > > > > > > ntpd eg > > > > > > > > > > > > ansible -m service -a "name=local_unbound state=restarted" > > > > > > -kS --ask-su-pass -i > > > > > > ansible -m service -a "name=ntpd state=restarted" -kS > > > --ask-su-pass -i > > > > > > > > > > > > > > > > > Alternatively you could just relax your dnssec rules on > > > > > > first boot > > > to > > > > > give > > > > > > ntp a chance. Probably much easier 8) > > > > > > > > > > How I am do it? I am don't touch dnssec rules and don't know > > > > > unbound. > > > > > May be this is posible by startup scripts? > > > > > Also, some platforms lack of CMOS time, RPi, for example. > > > > > > > > > > > Also make sure you are using the '-g' flag on ntpd > > > > > > > > > > Yes, I am add `ntpd_sync_on_start=yes` to rc.conf. > > > > > I am suggest do it by checkbox in bsdinstall. > > > > > > > > > > > > > > > > On 6 June 2016 at 14:50, Slawa Olhovchenkov > > > > > > wrote: > > > > > > > > > > > > > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert > > > > > > > wrote: > > > > > > > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > > > > > > > > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell > > > > > > > > > Gilbert > > > wrote: > > > > > > > > > > > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > > > > > > > > > > > > > > > > Default install with local_unbound and ntpd can't > > > > > > > > > > > be > > > functional > > > > > with > > > > > > > > > > > incorrect date/time in BIOS: > > > > > > > > > > > > > > > > > > > > > > Unbound requred correct time for DNSSEC check and > > > > > > > > > > > refuseing > > > > > queries > > > > > > > > > > > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] > > > > > > > > > > > info: failed > > > to > > > > > prime > > > > > > > > > > > trust anchor -- DNSKEY rrset is not secure . > > > > > > > > > > > DNSKEY IN") > > > > > > > > > > > > > > > > > > > > > > ntpd don't have any numeric IP of ntp servers in > > > > > > > > > > > ntp.conf > > > -- > > > > > only > > > > > > > > > > > symbolic names like 0.freebsd.pool.ntp.org, as > > > > > > > > > > > result -- > > > can't > > > > > > > > > > > resolve (see above, about DNSKEY). > > > > > > > > > > > > > > > > > > > > I can't see how this would happen. DNSSEC doesn't > > > > > > > > > > seem to be > > > > > required > > > > > > > in > > > > > > > > > > a regular install as far as I can see. Certainly I > > > > > > > > > > don't > > > have any > > > > > > > > > > > > > > > > > > I don't know reasson for enforcing DNSSEC in regular > > > > > > > > > install. > > > > > > > > > I am just select `local_unbound` at setup time and > > > > > > > > > enter > > > > > `127.0.0.1` as > > > > > > > > > nameserver address. > > > > > > > > > > > > > > > > That's not enough to configure unbound as a fully > > > > > > > > recursive DNS > > > > > > > > server. > > > > > > > > > > > > > > What I am missing? > > > > > > > Need to fix unbound setup scripts? bsdinstall scripts? > > > > > > > As I see unbound setup scripts detects 127.0.0.1 in > > > > > > > resolv.conf > > > and > > > > > > > configured unbound as fully recursive DNS server. > > > > > > > > > > > > > > > If your system gets its address through DHCP, it is > > > > > > > > probably > > > > > > > > getting DNS server addresses as well, and would work > > > > > > > > fine > > > *without* > > > > > your > > > > > > > > configuring any of the DNS state. > > > > > > > > > > > > > > I am have static address and don't getting DNS server > > > > > > > address. > > > > > > > > > > > > > > > > > problem on any of my systems, and I've never > > > > > > > > > > configured an > > > anchor > > > > > on > > > > > > > the > > > > > > > > > > internal systems. > > > > > > > > > > > > > > > > > > > > > IMHO, ntp.conf need to include some numeric IP of > > > > > > > > > > > public > > > ntp > > > > > > > servers. > > > > > > > > > > > > > > > > > > > > Ouch; that's a terrible idea, for several different > > > > > > > > > > reasons. > > > > > > > > > > > > > > > > > > What else? > > > > > > > > > > > > > > > > All the normal reasons that hard-coding IP addresses is > > > > > > > > a bad > > > idea; > > > > > they > > > > > > > > can change, you're encouraging a lot of people to use > > > > > > > > the same > > > ones, > > > > > etc. > > > > > > > > > > > > > > And how to resolve this issuse: > > > > > > > > > > > > > > - default install with unbound as recursive DNS server > > > > > > > (by default > > > > > > > enforcing DNSSEC) > > > > > > > - ntp time synchronisation > > > > > > > - stale CMOS time (2008 year) > > > > > > > _______________________________________________ > > > > > > > freebsd-stable@freebsd.org mailing list > > > > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > > > > To unsubscribe, send any mail to " > > > > > freebsd-stable-unsubscribe@freebsd.org" > > > > > > > > > > > > > > > > > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to " > freebsd-stable-unsubscribe@freebsd.org" From owner-freebsd-stable@freebsd.org Tue Jun 7 13:32:40 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B9012B6E505 for ; Tue, 7 Jun 2016 13:32:40 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id A4F4E1775 for ; Tue, 7 Jun 2016 13:32:40 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id A062AB6E504; Tue, 7 Jun 2016 13:32:40 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0054B6E503 for ; Tue, 7 Jun 2016 13:32:40 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 635031773; Tue, 7 Jun 2016 13:32:40 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAH7W-0008LO-FK; Tue, 07 Jun 2016 16:32:38 +0300 Date: Tue, 7 Jun 2016 16:32:38 +0300 From: Slawa Olhovchenkov To: Ian Lepore Cc: krad , "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160607133238.GO75630@zxy.spb.ru> References: <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> <20160607104335.GN75630@zxy.spb.ru> <1465306172.1188.24.camel@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1465306172.1188.24.camel@freebsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 13:32:40 -0000 On Tue, Jun 07, 2016 at 07:29:32AM -0600, Ian Lepore wrote: > On Tue, 2016-06-07 at 12:10 +0100, krad wrote: > > whops that should be > > > > ntpdate_hosts not servers > > > > These suggestions are essentially insane because they're ignoring the > basic fact that the freebsd installer creates a non-working system. If > unbound requires DNSSEC, and DNSSEC requires good time, and good time > requires hostname resolution, then that circular dependency is a > problem that the freebsd project needs to fix, not something to be > hacked around by each individual sysadmin. Exactly! This is may point! > It is a bit disturbing to me that the project members who created this > situation have been silent in the face of *months* of reporting of it > by several different users. From owner-freebsd-stable@freebsd.org Tue Jun 7 14:00:13 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA0D2B6EC91 for ; Tue, 7 Jun 2016 14:00:13 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id C80C31A00 for ; Tue, 7 Jun 2016 14:00:13 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id C3AFBB6EC90; Tue, 7 Jun 2016 14:00:13 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C34A8B6EC8F for ; Tue, 7 Jun 2016 14:00:13 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6BA7119FE; Tue, 7 Jun 2016 14:00:13 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x22e.google.com with SMTP id k204so70632996wmk.0; Tue, 07 Jun 2016 07:00:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=o/M5ht4a67L8/xYNneaZ26heiuR+pdaHSf4M+RB6fSo=; b=y5qTo5esrHzQTSXjSfNLAKsVAJPOwHHE/mmtAwf9N9ViOOs8n8HfBUX5b4z/43PfQ4 IzbviEn0pi+SjfIZet66BWYQZjZEEzrYdRHBRhDWm4iZxMbSKofRvbC//GqjvGZgwq2z nr/68OEkzwj/B0FvE81yBPHoug0013jSYWtT4evUshkXnH3qiCn+9Fzb31uPrkE2O0SV TlmNEB8M2wgE09zQJWMx/Pp9fprfK/oTf1uYDyZwHo8i0/D/jCWDbUkGEYyVCFs9L7dW cCBZ1MqIhylaJcZbuICLJcFFHz+BoYcBFmqUIQhRXBZuW4w1MZEMFp4HrCo0sJGcqt7S 1Qpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=o/M5ht4a67L8/xYNneaZ26heiuR+pdaHSf4M+RB6fSo=; b=HEdsvt6hpK163oPC/nGGXRGk3EO5jqHgxXxndaThFJxjSVPNBgqWOko5dJu9WvacmS cVBlD1Uuj0oQF1ZOB4c3Y9Nfj+fsiOrYDlzT6HKpO8Sl1iQF7Mzd84Ou8Jt2yTOTgKSw h869Bq2QrBOnWgescshIR5iEYginCpIociuV7XFoDqPDMOCq9bVR6acEOzR+h9zYbuW4 g1Sf1PV5lFq05Y4lGYE0dCabL9b7K+vvKWzolxXFaE150rtnnLaqLh+hwT4NPqYCjqzN hYkW6E7sMo6d4rJ/g0Vvzuv+HO4kA25ac+WFGfPw0uXb9c4wFDFJLAF4Pk4kfDy+xknp hmwA== X-Gm-Message-State: ALyK8tKvS6YkYCr1oICqKSsQGHlDhp/fE+6oCNoVS6Z6mg5N/WhLOUfBK7ZN95j1pk/YWCASZmECs4LJ0lFcig== X-Received: by 10.194.115.39 with SMTP id jl7mr23502166wjb.81.1465308011968; Tue, 07 Jun 2016 07:00:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Tue, 7 Jun 2016 07:00:11 -0700 (PDT) In-Reply-To: <20160607133238.GO75630@zxy.spb.ru> References: <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> <20160607104335.GN75630@zxy.spb.ru> <1465306172.1188.24.camel@freebsd.org> <20160607133238.GO75630@zxy.spb.ru> From: krad Date: Tue, 7 Jun 2016 15:00:11 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: Ian Lepore , "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 14:00:14 -0000 it's a non solvable problem though as its a deadlock. You have to remove one of the criteria in order to fix the issue automatically. On 7 June 2016 at 14:32, Slawa Olhovchenkov wrote: > On Tue, Jun 07, 2016 at 07:29:32AM -0600, Ian Lepore wrote: > > > On Tue, 2016-06-07 at 12:10 +0100, krad wrote: > > > whops that should be > > > > > > ntpdate_hosts not servers > > > > > > > These suggestions are essentially insane because they're ignoring the > > basic fact that the freebsd installer creates a non-working system. If > > unbound requires DNSSEC, and DNSSEC requires good time, and good time > > requires hostname resolution, then that circular dependency is a > > problem that the freebsd project needs to fix, not something to be > > hacked around by each individual sysadmin. > > Exactly! This is may point! > > > It is a bit disturbing to me that the project members who created this > > situation have been silent in the face of *months* of reporting of it > > by several different users. > From owner-freebsd-stable@freebsd.org Tue Jun 7 14:06:12 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 24F95B6EE45 for ; Tue, 7 Jun 2016 14:06:12 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 029C11DE7 for ; Tue, 7 Jun 2016 14:06:12 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 01F5FB6EE44; Tue, 7 Jun 2016 14:06:12 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 01991B6EE43 for ; Tue, 7 Jun 2016 14:06:12 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8B7ED1DE6; Tue, 7 Jun 2016 14:06:11 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x22f.google.com with SMTP id r5so9258035wmr.0; Tue, 07 Jun 2016 07:06:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lzf0DOerhwZ8eecRJBbL7pvVcXXTPFrLE1J2zn9FxfA=; b=0JadDkN1WXkIFwS9BfDJgag3IIAd2hAMsRkZlJ6kivLsnCHe3MG4jUl7cDQxYptO24 ZFNuWjhTO2TdJnrlou58HothsocIAXiASTHSPupPP1sv/AQrZqek66oiHDtblhWyMjAr c1OYmAilQWRNcy2qjildxBaCEU3XW0WPhAhjqaubT6HJDEi8K9xToQyKWBhXeYgLceA4 IPf+dKw6RF2TxrC5pzcD2CQa7kXtQpcqHb8O67gWg5zMs/UKD1c/G1tQ+3Zq/IbtPIWh 2nK/eB6YYz6YQXOTRJspvJ9+HdguAgBbyva/7KxOmMAIqc3lfPpTRQ7WBhyHM5I3qbX4 oF2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lzf0DOerhwZ8eecRJBbL7pvVcXXTPFrLE1J2zn9FxfA=; b=QcTsNGKRNke+6Lq9UQvqBVKClTNQCzqJzaYueDijucvUe5eSaxlIC7YmWqYZEV7AJg qZLhI5UEgAZNfxN10OCjc0yQNfX0oHx7Y1nU28O6CIDFG9J5dLRdLLqmzIBqdf/oDco5 NRBqwAw8dakiODvUA3fx2WKHOeq7nCfbed+yuDHSHqYwOm6dJSpksYrZSudbzSBvHxL8 SZ3hId0qTCF2WUPNhbNXbNOQ3cU3/eMpnUdte85B4xkMiZUQuhcYYt7e3ODxsD1hNzMW vfGpgN/qXwisfBe92N4DBo/oyjiENe80S9mPY7ww6BIvYMe0b4T3RmY8E3qHMO/T0Xs3 xPmQ== X-Gm-Message-State: ALyK8tIqvybsyyZCruVf+CHuGc9fpSpWPz0Ih6bakX1CXLvik3Itvw3xXNqSIHc2fIgFUsYjK3qMPhIYNf8fRA== X-Received: by 10.194.74.104 with SMTP id s8mr10234713wjv.20.1465308370067; Tue, 07 Jun 2016 07:06:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Tue, 7 Jun 2016 07:06:09 -0700 (PDT) In-Reply-To: References: <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> <20160607104335.GN75630@zxy.spb.ru> <1465306172.1188.24.camel@freebsd.org> <20160607133238.GO75630@zxy.spb.ru> From: krad Date: Tue, 7 Jun 2016 15:06:09 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: Ian Lepore , "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 14:06:12 -0000 running this at boot time may help as well unbound-control set_option val-permissive-mode: yes then after ntpd has started up run this unbound-control set_option val-permissive-mode: no Yes work around's, but work around's work by definition. On 7 June 2016 at 15:00, krad wrote: > it's a non solvable problem though as its a deadlock. You have to remove > one of the criteria in order to fix the issue automatically. > > On 7 June 2016 at 14:32, Slawa Olhovchenkov wrote: > >> On Tue, Jun 07, 2016 at 07:29:32AM -0600, Ian Lepore wrote: >> >> > On Tue, 2016-06-07 at 12:10 +0100, krad wrote: >> > > whops that should be >> > > >> > > ntpdate_hosts not servers >> > > >> > >> > These suggestions are essentially insane because they're ignoring the >> > basic fact that the freebsd installer creates a non-working system. If >> > unbound requires DNSSEC, and DNSSEC requires good time, and good time >> > requires hostname resolution, then that circular dependency is a >> > problem that the freebsd project needs to fix, not something to be >> > hacked around by each individual sysadmin. >> >> Exactly! This is may point! >> >> > It is a bit disturbing to me that the project members who created this >> > situation have been silent in the face of *months* of reporting of it >> > by several different users. >> > > From owner-freebsd-stable@freebsd.org Tue Jun 7 15:03:42 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15424B6DE80 for ; Tue, 7 Jun 2016 15:03:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 00B02127C for ; Tue, 7 Jun 2016 15:03:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id F09E5B6DE7D; Tue, 7 Jun 2016 15:03:41 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE184B6DE7A for ; Tue, 7 Jun 2016 15:03:41 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A3EB6127A for ; Tue, 7 Jun 2016 15:03:41 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAIXT-000Abj-Hy; Tue, 07 Jun 2016 18:03:31 +0300 Date: Tue, 7 Jun 2016 18:03:31 +0300 From: Slawa Olhovchenkov To: Ronald Klop Cc: krad , "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160607150331.GQ75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> <20160607104335.GN75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 15:03:42 -0000 On Tue, Jun 07, 2016 at 04:56:47PM +0200, Ronald Klop wrote: > On Tue, 07 Jun 2016 12:43:35 +0200, Slawa Olhovchenkov > wrote: > > > On Tue, Jun 07, 2016 at 11:35:59AM +0100, krad wrote: > > > >> Like i said you could configure ntpdate as well as ntpd, but give it a > >> known good ip. It will only run once at boot, and ntpd will start after > >> so > >> that can use the nice pool names. > >> > >> A slightly better way maybe to give ntpdate a server hostname like > >> ntp-server and populated the hosts file with one of the ips from > >> pool.ntp.org. You could then have a periodic script to check and update > >> the > >> ip in the hosts every day, so it works over a reboot. The ip would > >> obviously have to have an initial seed value, but you could work this > >> out > >> progmatically at system configuration time with tools like ansible. > > > > What purpose don't do it by standart scripts from base systems? > > Enforcing DNSSEC must be prevent this strange works on all systems > > lack CMOS time. > > > If the system lacks CMOS time it is hard to fix this problem. It is not > only about NTP+DNSSEC, but also about the lack of timekeeping. This > timekeeping problem can be solved by using a local ntp-server. That would > break the deadlock of NTP+DNSSEC. ntpd_sync_on_start=yes unbound start in relaxed mode until time sinced after ntp synced unbound switcheed to DNSSEC mode. ntp re-resolved ntp server addrees What wrong with this? Some software need modification, yes. This is price for DNSSEC enforcing. Many systems don't have CMOS by design. > > I am not expert in sh scripting for this automation. > > > >> On 7 June 2016 at 09:47, Slawa Olhovchenkov wrote: > >> > >> > On Tue, Jun 07, 2016 at 09:00:29AM +0100, krad wrote: > >> > > >> > > Well there is a deadlock situation there so you have to relax one > >> of the > >> > > conditions, for one time at least. > >> > > > >> > > Your best bet is to do a manual ntpdate against a fixed ip of known > >> > > goodness. If you have a lot of machines you need to do this on, use > >> > ansible > >> > > or similar to do the heavy lifting for you. Ansible is best in my > >> opinion > >> > > if you dont have anything setup as its quick to get going. It does > >> > require > >> > > python on the target machines so you would need to install that > >> first. > >> > > Something like the following should get it working (as you dont > >> have dns > >> > on > >> > > the target machine, package fetches wont work, so i would tunnel a > >> squid > >> > > proxy and let that handle all the internet stuff. > >> > > > >> > > add something like the following to your ssh_config > >> > > > >> > > Host * > >> > > RemoteForward 31280 squid_server:3128 > >> > > > >> > > then run some stuff like this (after installing ansible on your > >> > > desktop/bastion host) > >> > > > >> > > ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 http_proxy= > >> > > http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root -i > >> > > -kS --ask-su-pass > >> > > > >> > > ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES http_proxy= > >> > > http://127.0.0.1:31280 pkg install python' -u root -i > >> > >> > > -kS --ask-su-pass > >> > > > >> > > ansible -m shell -a "ntpdate " -kS > >> --ask-su-pass -i > >> > > > >> > > > >> > > from here on you should be able to start unbound and then ntpd eg > >> > > > >> > > ansible -m service -a "name=local_unbound state=restarted" > >> > > -kS --ask-su-pass -i > >> > > ansible -m service -a "name=ntpd state=restarted" -kS > >> --ask-su-pass -i > >> > > >> > > > >> > > Alternatively you could just relax your dnssec rules on first boot > >> to > >> > give > >> > > ntp a chance. Probably much easier 8) > >> > > >> > How I am do it? I am don't touch dnssec rules and don't know unbound. > >> > May be this is posible by startup scripts? > >> > Also, some platforms lack of CMOS time, RPi, for example. > >> > > >> > > Also make sure you are using the '-g' flag on ntpd > >> > > >> > Yes, I am add `ntpd_sync_on_start=yes` to rc.conf. > >> > I am suggest do it by checkbox in bsdinstall. > >> > > >> > > >> > > On 6 June 2016 at 14:50, Slawa Olhovchenkov wrote: > >> > > > >> > > > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: > >> > > > > >> > > > > Slawa Olhovchenkov writes: > >> > > > > > >> > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert > >> wrote: > >> > > > > > > >> > > > > >> Slawa Olhovchenkov writes: > >> > > > > >> > >> > > > > >> > Default install with local_unbound and ntpd can't be > >> functional > >> > with > >> > > > > >> > incorrect date/time in BIOS: > >> > > > > >> > > >> > > > > >> > Unbound requred correct time for DNSSEC check and refuseing > >> > queries > >> > > > > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed > >> to > >> > prime > >> > > > > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") > >> > > > > >> > > >> > > > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf > >> -- > >> > only > >> > > > > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- > >> can't > >> > > > > >> > resolve (see above, about DNSKEY). > >> > > > > >> > >> > > > > >> I can't see how this would happen. DNSSEC doesn't seem to be > >> > required > >> > > > in > >> > > > > >> a regular install as far as I can see. Certainly I don't > >> have any > >> > > > > > > >> > > > > > I don't know reasson for enforcing DNSSEC in regular install. > >> > > > > > I am just select `local_unbound` at setup time and enter > >> > `127.0.0.1` as > >> > > > > > nameserver address. > >> > > > > > >> > > > > That's not enough to configure unbound as a fully recursive DNS > >> > > > > server. > >> > > > > >> > > > What I am missing? > >> > > > Need to fix unbound setup scripts? bsdinstall scripts? > >> > > > As I see unbound setup scripts detects 127.0.0.1 in resolv.conf > >> and > >> > > > configured unbound as fully recursive DNS server. > >> > > > > >> > > > > If your system gets its address through DHCP, it is probably > >> > > > > getting DNS server addresses as well, and would work fine > >> *without* > >> > your > >> > > > > configuring any of the DNS state. > >> > > > > >> > > > I am have static address and don't getting DNS server address. > >> > > > > >> > > > > >> problem on any of my systems, and I've never configured an > >> anchor > >> > on > >> > > > the > >> > > > > >> internal systems. > >> > > > > >> > >> > > > > >> > IMHO, ntp.conf need to include some numeric IP of public > >> ntp > >> > > > servers. > >> > > > > >> > >> > > > > >> Ouch; that's a terrible idea, for several different reasons. > >> > > > > > > >> > > > > > What else? > >> > > > > > >> > > > > All the normal reasons that hard-coding IP addresses is a bad > >> idea; > >> > they > >> > > > > can change, you're encouraging a lot of people to use the same > >> ones, > >> > etc. > >> > > > > >> > > > And how to resolve this issuse: > >> > > > > >> > > > - default install with unbound as recursive DNS server (by default > >> > > > enforcing DNSSEC) > >> > > > - ntp time synchronisation > >> > > > - stale CMOS time (2008 year) > >> > > > _______________________________________________ > >> > > > freebsd-stable@freebsd.org mailing list > >> > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > >> > > > To unsubscribe, send any mail to " > >> > freebsd-stable-unsubscribe@freebsd.org" > >> > > > > >> > > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" From owner-freebsd-stable@freebsd.org Tue Jun 7 15:12:29 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A261B6E183 for ; Tue, 7 Jun 2016 15:12:29 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 533F71BBB for ; Tue, 7 Jun 2016 15:12:29 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: by mailman.ysv.freebsd.org (Postfix) id 524F3B6E182; Tue, 7 Jun 2016 15:12:29 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51F15B6E180 for ; Tue, 7 Jun 2016 15:12:29 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.81]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 14BF81BB9 for ; Tue, 7 Jun 2016 15:12:28 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp.greenhost.nl ([213.108.104.138]) by smarthost1.greenhost.nl with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1bAIQy-0003qV-Gw; Tue, 07 Jun 2016 16:56:49 +0200 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: krad , "Slawa Olhovchenkov" Cc: "stable@freebsd.org" Subject: Re: unbound and ntp issuse References: <20160602122727.GB75625@zxy.spb.ru> <44lh2mi0k5.fsf@lowell-desk.lan> <20160603191523.GE75630@zxy.spb.ru> <44y46ie92p.fsf@lowell-desk.lan> <20160606135018.GL75630@zxy.spb.ru> <20160607084733.GM75630@zxy.spb.ru> <20160607104335.GN75630@zxy.spb.ru> Date: Tue, 07 Jun 2016 16:56:47 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Ronald Klop" Message-ID: In-Reply-To: <20160607104335.GN75630@zxy.spb.ru> User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1 X-Virus-Scanned: by clamav at smarthost1.samage.net X-Spam-Level: / X-Spam-Score: -0.2 X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED, BAYES_50, WEIRD_PORT autolearn=disabled version=3.4.0 X-Scan-Signature: e9a84aa9e78a9fca71d8c64e7b6f4e6e X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2016 15:12:29 -0000 On Tue, 07 Jun 2016 12:43:35 +0200, Slawa Olhovchenkov wrote: > On Tue, Jun 07, 2016 at 11:35:59AM +0100, krad wrote: > >> Like i said you could configure ntpdate as well as ntpd, but give it a >> known good ip. It will only run once at boot, and ntpd will start after >> so >> that can use the nice pool names. >> >> A slightly better way maybe to give ntpdate a server hostname like >> ntp-server and populated the hosts file with one of the ips from >> pool.ntp.org. You could then have a periodic script to check and update >> the >> ip in the hosts every day, so it works over a reboot. The ip would >> obviously have to have an initial seed value, but you could work this >> out >> progmatically at system configuration time with tools like ansible. > > What purpose don't do it by standart scripts from base systems? > Enforcing DNSSEC must be prevent this strange works on all systems > lack CMOS time. If the system lacks CMOS time it is hard to fix this problem. It is not only about NTP+DNSSEC, but also about the lack of timekeeping. This timekeeping problem can be solved by using a local ntp-server. That would break the deadlock of NTP+DNSSEC. Ronald. > I am not expert in sh scripting for this automation. > >> On 7 June 2016 at 09:47, Slawa Olhovchenkov wrote: >> >> > On Tue, Jun 07, 2016 at 09:00:29AM +0100, krad wrote: >> > >> > > Well there is a deadlock situation there so you have to relax one >> of the >> > > conditions, for one time at least. >> > > >> > > Your best bet is to do a manual ntpdate against a fixed ip of known >> > > goodness. If you have a lot of machines you need to do this on, use >> > ansible >> > > or similar to do the heavy lifting for you. Ansible is best in my >> opinion >> > > if you dont have anything setup as its quick to get going. It does >> > require >> > > python on the target machines so you would need to install that >> first. >> > > Something like the following should get it working (as you dont >> have dns >> > on >> > > the target machine, package fetches wont work, so i would tunnel a >> squid >> > > proxy and let that handle all the internet stuff. >> > > >> > > add something like the following to your ssh_config >> > > >> > > Host * >> > > RemoteForward 31280 squid_server:3128 >> > > >> > > then run some stuff like this (after installing ansible on your >> > > desktop/bastion host) >> > > >> > > ansible -b -m raw -a '/usr/bin/env ASSUME_ALWAYS_YES=1 http_proxy= >> > > http://127.0.0.1:31280 /usr/sbin/pkg bootstrap -f' -u root -i >> > > -kS --ask-su-pass >> > > >> > > ansible -b -m raw -a 'env ASSUME_ALWAYS_YES=YES http_proxy= >> > > http://127.0.0.1:31280 pkg install python' -u root -i >> >> > > -kS --ask-su-pass >> > > >> > > ansible -m shell -a "ntpdate " -kS >> --ask-su-pass -i >> > > >> > > >> > > from here on you should be able to start unbound and then ntpd eg >> > > >> > > ansible -m service -a "name=local_unbound state=restarted" >> > > -kS --ask-su-pass -i >> > > ansible -m service -a "name=ntpd state=restarted" -kS >> --ask-su-pass -i >> > > > > > >> > > Alternatively you could just relax your dnssec rules on first boot >> to >> > give >> > > ntp a chance. Probably much easier 8) >> > >> > How I am do it? I am don't touch dnssec rules and don't know unbound. >> > May be this is posible by startup scripts? >> > Also, some platforms lack of CMOS time, RPi, for example. >> > >> > > Also make sure you are using the '-g' flag on ntpd >> > >> > Yes, I am add `ntpd_sync_on_start=yes` to rc.conf. >> > I am suggest do it by checkbox in bsdinstall. >> > >> > >> > > On 6 June 2016 at 14:50, Slawa Olhovchenkov wrote: >> > > >> > > > On Mon, Jun 06, 2016 at 09:33:02AM -0400, Lowell Gilbert wrote: >> > > > >> > > > > Slawa Olhovchenkov writes: >> > > > > >> > > > > > On Fri, Jun 03, 2016 at 02:34:18PM -0400, Lowell Gilbert >> wrote: >> > > > > > >> > > > > >> Slawa Olhovchenkov writes: >> > > > > >> >> > > > > >> > Default install with local_unbound and ntpd can't be >> functional >> > with >> > > > > >> > incorrect date/time in BIOS: >> > > > > >> > >> > > > > >> > Unbound requred correct time for DNSSEC check and refuseing >> > queries >> > > > > >> > ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed >> to >> > prime >> > > > > >> > trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") >> > > > > >> > >> > > > > >> > ntpd don't have any numeric IP of ntp servers in ntp.conf >> -- >> > only >> > > > > >> > symbolic names like 0.freebsd.pool.ntp.org, as result -- >> can't >> > > > > >> > resolve (see above, about DNSKEY). >> > > > > >> >> > > > > >> I can't see how this would happen. DNSSEC doesn't seem to be >> > required >> > > > in >> > > > > >> a regular install as far as I can see. Certainly I don't >> have any >> > > > > > >> > > > > > I don't know reasson for enforcing DNSSEC in regular install. >> > > > > > I am just select `local_unbound` at setup time and enter >> > `127.0.0.1` as >> > > > > > nameserver address. >> > > > > >> > > > > That's not enough to configure unbound as a fully recursive DNS >> > > > > server. >> > > > >> > > > What I am missing? >> > > > Need to fix unbound setup scripts? bsdinstall scripts? >> > > > As I see unbound setup scripts detects 127.0.0.1 in resolv.conf >> and >> > > > configured unbound as fully recursive DNS server. >> > > > >> > > > > If your system gets its address through DHCP, it is probably >> > > > > getting DNS server addresses as well, and would work fine >> *without* >> > your >> > > > > configuring any of the DNS state. >> > > > >> > > > I am have static address and don't getting DNS server address. >> > > > >> > > > > >> problem on any of my systems, and I've never configured an >> anchor >> > on >> > > > the >> > > > > >> internal systems. >> > > > > >> >> > > > > >> > IMHO, ntp.conf need to include some numeric IP of public >> ntp >> > > > servers. >> > > > > >> >> > > > > >> Ouch; that's a terrible idea, for several different reasons. >> > > > > > >> > > > > > What else? >> > > > > >> > > > > All the normal reasons that hard-coding IP addresses is a bad >> idea; >> > they >> > > > > can change, you're encouraging a lot of people to use the same >> ones, >> > etc. >> > > > >> > > > And how to resolve this issuse: >> > > > >> > > > - default install with unbound as recursive DNS server (by default >> > > > enforcing DNSSEC) >> > > > - ntp time synchronisation >> > > > - stale CMOS time (2008 year) >> > > > _______________________________________________ >> > > > freebsd-stable@freebsd.org mailing list >> > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable >> > > > To unsubscribe, send any mail to " >> > freebsd-stable-unsubscribe@freebsd.org" >> > > > >> > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" From owner-freebsd-stable@freebsd.org Wed Jun 8 00:29:36 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F081EB6F0B0 for ; Wed, 8 Jun 2016 00:29:36 +0000 (UTC) (envelope-from des@des.no) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id DD49917C8 for ; Wed, 8 Jun 2016 00:29:36 +0000 (UTC) (envelope-from des@des.no) Received: by mailman.ysv.freebsd.org (Postfix) id D889CB6F0AF; Wed, 8 Jun 2016 00:29:36 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D8140B6F0AE; Wed, 8 Jun 2016 00:29:36 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id A3C8A17C7; Wed, 8 Jun 2016 00:29:36 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 555A16501; Wed, 8 Jun 2016 00:29:29 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 4CB3062383; Wed, 8 Jun 2016 02:29:29 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Slawa Olhovchenkov Cc: stable@freebsd.org, freebsd-security@freebsd.org Subject: Re: unbound and ntp issuse References: <20160602122727.GB75625@zxy.spb.ru> Date: Wed, 08 Jun 2016 02:29:29 +0200 In-Reply-To: <20160602122727.GB75625@zxy.spb.ru> (Slawa Olhovchenkov's message of "Thu, 2 Jun 2016 15:27:27 +0300") Message-ID: <86pors7cba.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 00:29:37 -0000 Slawa Olhovchenkov writes: > IMHO, ntp.conf need to include some numeric IP of public ntp servers. https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-stable@freebsd.org Wed Jun 8 09:49:02 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4733B6FADE for ; Wed, 8 Jun 2016 09:49:02 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D3BA814B3 for ; Wed, 8 Jun 2016 09:49:02 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id D31AAB6FADD; Wed, 8 Jun 2016 09:49:02 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2A54B6FADC; Wed, 8 Jun 2016 09:49:02 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 984B114B1; Wed, 8 Jun 2016 09:49:02 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAa6d-000CqF-S6; Wed, 08 Jun 2016 12:48:59 +0300 Date: Wed, 8 Jun 2016 12:48:59 +0300 From: Slawa Olhovchenkov To: Dag-Erling =?utf-8?B?U23DuHJncmF2?= Cc: freebsd-security@freebsd.org, stable@freebsd.org Subject: Re: unbound and ntp issuse Message-ID: <20160608094859.GH75625@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <86pors7cba.fsf@desk.des.no> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 09:49:03 -0000 On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote: > Slawa Olhovchenkov writes: > > IMHO, ntp.conf need to include some numeric IP of public ntp servers. > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link What you suggestion? From owner-freebsd-stable@freebsd.org Wed Jun 8 10:43:33 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C6B7B6FAB0 for ; Wed, 8 Jun 2016 10:43:33 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id ED2871B1D for ; Wed, 8 Jun 2016 10:43:32 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: by mailman.ysv.freebsd.org (Postfix) id E8CAEB6FAAE; Wed, 8 Jun 2016 10:43:32 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5D0FB6FAAD; Wed, 8 Jun 2016 10:43:32 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from elf.hq.norma.perm.ru (unknown [IPv6:2a00:7540:1::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.norma.perm.ru", Issuer "Vivat-Trade UNIX Root CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 453EF1B1C; Wed, 8 Jun 2016 10:43:32 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from bsdrookie.norma.com. (pc846408.norma.com [IPv6:fd00::73d] (may be forged)) by elf.hq.norma.perm.ru (8.15.2/8.15.2) with ESMTPS id u58AhR55024539 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 8 Jun 2016 15:43:28 +0500 (YEKT) (envelope-from emz@norma.perm.ru) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=norma.perm.ru; s=key; t=1465382609; bh=UxHrrexhPG3Bdz7REQ2ENRhK/MRSTg8WvFItPi/zFLQ=; h=To:Cc:From:Subject:Date; b=c2a+D+dv3X+PDhkML6rD3yW9+NBLSOAfAi9ekGGyrqPY9HQHEXqQl9fXh37yqaPOC K3VKoa63hm6UwtoaxXjVTvaBE4JIdCXJfsqjDNWkwG+WEZ3urJAuqn1UemUUY0JHgO zDIIibTPyt89nXkdq+RtUO1HgkjioJ8NLDp8IoBk= To: stable@freebsd.org Cc: freebsd-net@freebsd.org From: "Eugene M. Zheganin" Subject: cannot delete on-interface route in FIB Message-ID: <5757F6CF.7070807@norma.perm.ru> Date: Wed, 8 Jun 2016 15:43:27 +0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 10:43:33 -0000 Hi. (first part of the message is describing why I need this, so impatient people can proceed to th 'setfib 2 route delete' part directly). I have a FreeBSD router connected to the ISP network, which is organized according to the rfc3069 (you know, when all of the clients think they have /24. but in reality they have /32 and a central router is proxy-arping requests). This router is handling two organizations LANs, and it has two Internet links connected, I'm using FIB 0 for the first organization, and FIB 2 for second. To be specific: 46.146.220.88/24 - main router IP, gateway is 46.146.220.254, interface vlan2 46.146.206.94/24 - second router IP, gateway is 46.146.206.254, interface vlan4 Both 46.146.220.24 and .206.254 are the same ISP router. I also have the application server on IP 46.146.220.92, which FIB 0 thinks is on-interface. Now the tricky part: When FIB 0 need to communicate with 46.146.220.92, it does so from it's address 46.146.220.88, since it thinks it's directly reachable. But when requesting MAC from 46.146.220.88 it receives the ISP router MAC, so it does so via ISP router. This part is fine. Now the troubled part: When FIB 2 needs to communicate with 46.146.220.92, it thinks.... yeah, that it's directly reachable from vlan2. When it initiates the session, it takes 46.146.220.88 as source interface and everything is fine (again). But when the client in the LAN initiates the exchange, the packet IP src is translated to the 46.146.206.94 address, and the route still points to the vlan2 interface. So, network stack sends the packet with IP src of 46.146.206.94 via vlan2, and the ISP router seems to dislike such packets. Two workarounds come to mind: - translating the packets from internal LAN destined to specific address of 46.146.220.92 to appropriate address of vlan2 - deleting the on-interface route from FIB 2. I have chosen the second (more obvious to me) but then I discovered that I cannot do this: # setfib 2 route delete 46.146.220.0/24 route: writing to routing socket: Address already in use delete net 46.146.220.0 fib 2: gateway uses the same route why ? Finally I added the host route to 46.146.220.92 in FIB 2 pointing to the appropriate (46.146.206.254) gateway and got my connectivity, but I still don't understand why the deletion of on-interface route is impossible. After all, it's the second FIB, and I don;t understand whet gateway the error is talking about. I tried this without having the default gateway in FIB 2, same result. Thanks. Eugene. From owner-freebsd-stable@freebsd.org Wed Jun 8 14:37:46 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3813B6F860 for ; Wed, 8 Jun 2016 14:37:46 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 863741D4B for ; Wed, 8 Jun 2016 14:37:46 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 8599CB6F85E; Wed, 8 Jun 2016 14:37:46 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8518DB6F85D; Wed, 8 Jun 2016 14:37:46 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 51D121D49; Wed, 8 Jun 2016 14:37:46 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-oi0-x22b.google.com with SMTP id s139so15670434oie.2; Wed, 08 Jun 2016 07:37:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=kx8024szjNrS7tCJ4/F+vrEEUPc/ClJvq2uXaP8PDZI=; b=XQGO3rCoupJdh2O5Ebc4/xQQvFG4SjaTwrSzGA8y57PQoFe8I2eeTMTSPJgxzQEp5i FauNKw8ThgzvQnkuBIvUxA7aRbJ3irKmJoBdx/uPDFB8KlhQexNMDgmXX0eBXC1sZxA5 rvKVge7tnK8ZfWDkGyd3IhPKAMOIGcoJFbszDMiNMYQzvkDFuvVWjn3COEa0nO3np5Kc jvSe+eqoiMewRaNDBagt1IGD9Xz7ECsU3hlqPDOiXCN4XeMJN61P0n5SAvaRxWvIG0cH 6N2hyRa0T36eNuxYK2dYXDFd9tMQRg0Qd/zt66h09PNQJcbyaw9tTSnWgXfh78yHmU5y OhQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=kx8024szjNrS7tCJ4/F+vrEEUPc/ClJvq2uXaP8PDZI=; b=a8G5oA2CatO4ijk6/BGhQUha2V3WWhR1WZICi0t+Ju73/2hvyvliXkXy/i9qWAXvg/ jDo/kRk/zmJGJmzvnJtfTWBtgC16cEd5FMlCQ1ZFXGG/Lf1vqI2weporncl5EJynTtvp foB/CBeV/7nnRSKOQKab1Ch0RfMHOkkIEk3nrs8Z+QpG9KJgRdafTAtbN6LWmNEkpRz4 GZPC8CdqhNqHsLWBWLQ9VFTC5aIXi60AM7zlGIMFJkmFEne5fNxcjgeFwZNnlskVdc28 H62cQQzg10oCGUJ4OXydJS+DE1OvwLUHLPYjaWM1qaBfRBbUtcxny8FlvuUVd4NSBsXa cC9Q== X-Gm-Message-State: ALyK8tLIRPAgt/GCcCYqOkqriCAINwhJCekiuB0EohRKMnPafAdXVY3bO6eeZJZJKUsGk9kCaOK+d+gg21BmCg== X-Received: by 10.202.86.82 with SMTP id k79mr3192755oib.105.1465396665299; Wed, 08 Jun 2016 07:37:45 -0700 (PDT) MIME-Version: 1.0 Sender: asomers@gmail.com Received: by 10.202.4.200 with HTTP; Wed, 8 Jun 2016 07:37:44 -0700 (PDT) In-Reply-To: <5757F6CF.7070807@norma.perm.ru> References: <5757F6CF.7070807@norma.perm.ru> From: Alan Somers Date: Wed, 8 Jun 2016 08:37:44 -0600 X-Google-Sender-Auth: g00HKOfA7lKA_G3yfG2GSuLrJbQ Message-ID: Subject: Re: cannot delete on-interface route in FIB To: "Eugene M. Zheganin" Cc: FreeBSD Stable ML , FreeBSD Net Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 14:37:46 -0000 On Wed, Jun 8, 2016 at 4:43 AM, Eugene M. Zheganin wrote: > Hi. > > (first part of the message is describing why I need this, so impatient > people can proceed to th 'setfib 2 route delete' part directly). > > I have a FreeBSD router connected to the ISP network, which is organized > according to the rfc3069 (you know, when all of the clients think they > have /24. but in reality they have /32 and a central router is > proxy-arping requests). This router is handling two organizations LANs, > and it has two Internet links connected, I'm using FIB 0 for the first > organization, and FIB 2 for second. To be specific: > > 46.146.220.88/24 - main router IP, gateway is 46.146.220.254, interface > vlan2 > 46.146.206.94/24 - second router IP, gateway is 46.146.206.254, > interface vlan4 > > Both 46.146.220.24 and .206.254 are the same ISP router. > > I also have the application server on IP 46.146.220.92, which FIB 0 > thinks is on-interface. Now the tricky part: > > When FIB 0 need to communicate with 46.146.220.92, it does so from it's > address 46.146.220.88, since it thinks it's directly reachable. But when > requesting MAC from 46.146.220.88 it receives the ISP router MAC, so it > does so via ISP router. This part is fine. > > Now the troubled part: > > When FIB 2 needs to communicate with 46.146.220.92, it thinks.... yeah, > that it's directly reachable from vlan2. When it initiates the session, > it takes 46.146.220.88 as source interface and everything is fine > (again). But when the client in the LAN initiates the exchange, the > packet IP src is translated to the 46.146.206.94 address, and the route > still points to the vlan2 interface. So, network stack sends the packet > with IP src of 46.146.206.94 via vlan2, and the ISP router seems to > dislike such packets. Two workarounds come to mind: > > - translating the packets from internal LAN destined to specific address > of 46.146.220.92 to appropriate address of vlan2 > - deleting the on-interface route from FIB 2. > > I have chosen the second (more obvious to me) but then I discovered that > I cannot do this: > > # setfib 2 route delete 46.146.220.0/24 > route: writing to routing socket: Address already in use > delete net 46.146.220.0 fib 2: gateway uses the same route > > why ? > > Finally I added the host route to 46.146.220.92 in FIB 2 pointing to the > appropriate (46.146.206.254) gateway and got my connectivity, but I > still don't understand why the deletion of on-interface route is > impossible. After all, it's the second FIB, and I don;t understand whet > gateway the error is talking about. I tried this without having the > default gateway in FIB 2, same result. > > Thanks. > Eugene. What is the value of "sysctl net.add_addr_allfibs"? In your case, it sounds like you want to set it to 0. From owner-freebsd-stable@freebsd.org Wed Jun 8 15:34:57 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00479B6F91D for ; Wed, 8 Jun 2016 15:34:57 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id DF0951985 for ; Wed, 8 Jun 2016 15:34:56 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: by mailman.ysv.freebsd.org (Postfix) id DE659B6F91C; Wed, 8 Jun 2016 15:34:56 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DDE96B6F91B; Wed, 8 Jun 2016 15:34:56 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from elf.hq.norma.perm.ru (unknown [IPv6:2a00:7540:1::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.norma.perm.ru", Issuer "Vivat-Trade UNIX Root CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 549C31983; Wed, 8 Jun 2016 15:34:56 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from [192.168.243.2] ([192.168.243.2]) (authenticated bits=0) by elf.hq.norma.perm.ru (8.15.2/8.15.2) with ESMTPSA id u58FYqhs049168 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 8 Jun 2016 20:34:53 +0500 (YEKT) (envelope-from emz@norma.perm.ru) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=norma.perm.ru; s=key; t=1465400093; bh=F8NHx4kf9SJSqevewiqrJTA/XvzS+l/vdetCfNC4bUs=; h=Subject:References:Cc:To:From:Date:In-Reply-To; b=iVgJBRk81/yK1XfdnJaJ0Pv6gYuyFjumTHefXgiqK6rPvhu+X4UAjrJgXxQFEvHh5 tuSVXoX6J/7VvPqQqlmhJe4ZXJ7ta7mTuVoadztggwwh50wwlAraH8ZL9hmxvhwh+y y2Z0zuB0AuPpt8N5oIVWKlQEtYU3ooWbeQPLSxpY= Subject: Re: cannot delete on-interface route in FIB References: <5757F6CF.7070807@norma.perm.ru> Cc: FreeBSD Net To: FreeBSD Stable ML From: "Eugene M. Zheganin" Message-ID: Date: Wed, 8 Jun 2016 20:34:57 +0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 15:34:57 -0000 Hi. On 08.06.2016 19:37, Alan Somers wrote: > What is the value of "sysctl net.add_addr_allfibs"? In your case, it > sounds like you want to set it to 0. Thanks a lot, looks like it, will try. Eugene. From owner-freebsd-stable@freebsd.org Wed Jun 8 19:18:38 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3CD8FB70090 for ; Wed, 8 Jun 2016 19:18:38 +0000 (UTC) (envelope-from jenkins-admin@FreeBSD.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id 31BD51227; Wed, 8 Jun 2016 19:18:38 +0000 (UTC) (envelope-from jenkins-admin@FreeBSD.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id 6C3571E30; Wed, 8 Jun 2016 19:18:38 +0000 (UTC) Date: Wed, 8 Jun 2016 19:18:36 +0000 (GMT) From: jenkins-admin@FreeBSD.org To: ngie@FreeBSD.org, jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org Message-ID: <1817953327.48.1465413518451.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: FreeBSD_stable_9 - Build #1142 - Failure MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_stable_9 X-Jenkins-Result: FAILURE Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 19:18:38 -0000 FreeBSD_stable_9 - Build #1142 - Failure: Build information: https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1142/ Full change log: https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1142/chan= ges Full build log: https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1142/conso= le Change summaries: 301688 by ngie: MFstable/10 r301687: MFC r300624: Fix up r300385 I accidentally glossed over the fact that tmp is manipulated via strchr, so if we tried to free `tmp` after r300385, it would have crashed. Create a separate pointer (tmp2) to track the original allocation of `tmp`, and free `tmp2` if `p->nc_lookups` can't be malloced CID: 1356026 301686 by ngie: MFstable/10 r301684: MFC r300385: Don't leak `tmp` if `p->nc_lookups` can't be malloced 301685 by ngie: MFstable/10 r301682: MFC r300386: Don't leak `handle` if svc_tp_create(..) succeeds and allocating a new struct xlist object fails CID: 978277 301681 by ngie: MFstable/10 r301680: MFC r300625: Remove unnecessary memset(.., 0, ..)'s The mem_alloc macro calls calloc (userspace) / malloc(.., M_WAITOK|M_ZERO) under the covers, so zeroing out memory is already handled by the underlyin= g calls 301676 by ngie: MFstable/10 r301675: MFC r300714: The readme provides a high-level overview of how to upgrade top(1). Reviewed By: ngie 301674 by ngie: MFstable/10 r301673: MFC r299699: Remove NO_WERROR from libbsnmp/Makefile.inc This has been compiling without warnings with clang/gcc for a while now Tested with: clang 3.8.0, gcc 4.2.x, gcc 5.x 301672 by ngie: MFstable/10 r301671: MFC r299815: Remove NO_WERROR.clang from this Makefile This compiles with clang without warnings 301670 by ngie: MFstable/10 r301669: MFC r299806: Bump WARNS to 6 301668 by ngie: MFstable/10 r301667: MFC r299834: Fix .Dd Today is the 14th, not the 10th of May 301664 by ngie: MFstable/10 r301663: MFC r294507,r294567,r299466: r294507 (by harti): Fill the ifAlias leaf of the ifXTable with the interface description if there is one available and it fits into the maximum size (64 characters)= . r294567 (by bz): Change the variable to a #define in order to make gcc happy which otherwise will complain about "variably modified 'alias' at file scope". Unbreaks the build on gcc platforms. r299466 (by cem): bsnmpd: Fix size of trapsink::comm to match other community arrays This fixes a number of possible strcpy() buffer overruns between the variou= s community strings in trap.c. CIDs:=09=091006820, 1006821, 1006822 301662 by ngie: MFstable/10 r301661: MFC r256678,r256680,r260986,r272878,r286402: r256678 (by syrinx): Fix SNMP Error response PDUs and properly encode them when using v3 auth/en= cryption. r256680 (by syrinx): Fix the -Wconversion warnings produced when compiling the SNMP agent. r260986 (by harti): Fix a problem with OBJECT IDENTIFIER encoding: need to check the second subid to be less than 40, not the first when the first subid is 0 or 1. r272878 (by syrinx): Fix a bug in decoding string indexes in snmp_target(3), thus causing bsnmpd(1) to not send v3 notifications properly; while here add two missing return statements which could lead to abort() in case of a rollback r286402 (by araujo): Fix variable 'old' is used uninitialized whenever '&&' condition is false. Spotted by clang. 301659 by ngie: MFstable/10 r301657: MFC r299701: Move _bsnmptools_debug extern from bsnmpmap.c to bsnmptools.h It was used in bsnmpmap.c but was stored in bsnmptools.c; moving the extern to the header allows us to cover all of our bases for the variable, and all= ows _bsnmptools_debug to be used in the future elsewhere -- not just bsnmpmap.c= . 301654 by ngie: MFstable/10 r301653: MFC r299810: Correct function names that failed in error messages It should be calloc/strdup, not malloc 301652 by ngie: MFstable/10 r300475: MFC r299710,r299711,r299763,r299783,r299811: r299710: Staticize global variables only used in bsnmpimport.c to fix -Wmissing-variable-declarations warnings r299711: Fold two malloc + memset(.., 0, ..) calls into equivalent calloc calls r299763: Mute -Wstrlcpy-strlcat-size warning by using nitems with the size of the bu= ffer This is a no-op as the malloc above set the size of the buffer to the size = used below, but this keeps things consistent in case the malloc call changes som= ehow. r299783: Convert tok from enum tok to int32_t in function calls get_token(..) returns int32_t, not enum tok, and in many cases tests for it= ems not in enum tok (e.g. '('). Make the typing consistent with get_token, whic= h includes a domino effect of changing enum tok to int32_t. r299811: Use strdup instead of malloc + strlcpy Fix error messages on failure for calloc/strdup 301650 by ngie: MFstable/10 r301636: MFC r300867,r300932,r300934,r300941,r300972,r300973: r300867: Only expose `hint_uaddr` in the ND_DEBUG case This fixes a -Wunused-but-set-variable warning with gcc r300932: Catch malloc(3) errors and socket(2) errors - malloc failing will result in a delayed segfault - socket failing will result in delayed failures with setsockopt Exit in the event that either of these high-level conditions are met. CID: 976288, 976321, 976858 r300934: Plug leak with ifp by calling freeifaddrs after calling getifaddrs Obtained from: NetBSD v1.18 r300941: Don't leak res in network_init(..) Call freeaddrinfo on it after it's been used CID: 1225050 r300972 (by markj): Fix rpcbind init after r300941. - getaddrinfo() sets res =3D NULL on failure and freeaddrinfo() always dereferences its argument, so we should only free the address list after a successful call. - Address a second potential leak caused by getaddrinfo(AF_INET6) overwriting the address list returned by getaddrinfo(AF_INET). X-MFC-With:=09r300941 r300973: Follow up to r300932 In the event MK_INET6 !=3D no in userspace, but is disabled in the kernel, or if there aren't any IPv6 addresses configured in userspace (for lo0 and all physical interfaces), rpcbind would terminate immediately instead of silently failing on Skip over the IPv6 block to its respective cleanup with freeifaddrs if creating the socket failed instead of terminating rpcbind immediately 301649 by ngie: MFstable/10 r301648: MFC r300947: Staticize variables only used in rpcbind.c This is some low hanging fruit necessary for making this WARNS?=3D 6 clean 301647 by ngie: MFstable/10 r301646: MFC r300945: Remove unnecessary caller_uaddr !=3D NULL test before calling free on it 301645 by ngie: MFstable/10 r301644: MFC r300942: Remove a useless if (x !=3D NULL) check before calling free on allocated_ua= ddr 301643 by ngie: MFC r300932,r300934,r300941,r300972,r300973: r300932: Catch malloc(3) errors and socket(2) errors - malloc failing will result in a delayed segfault - socket failing will result in delayed failures with setsockopt Exit in the event that either of these high-level conditions are met. CID: 976288, 976321, 976858 r300934: Plug leak with ifp by calling freeifaddrs after calling getifaddrs Obtained from: NetBSD v1.18 r300941: Don't leak res in network_init(..) Call freeaddrinfo on it after it's been used CID: 1225050 r300972 (by markj): Fix rpcbind init after r300941. - getaddrinfo() sets res =3D NULL on failure and freeaddrinfo() always dereferences its argument, so we should only free the address list after a successful call. - Address a second potential leak caused by getaddrinfo(AF_INET6) overwriting the address list returned by getaddrinfo(AF_INET). X-MFC-With:=09r300941 r300973: Follow up to r300932 In the event MK_INET6 !=3D no in userspace, but is disabled in the kernel, or if there aren't any IPv6 addresses configured in userspace (for lo0 and all physical interfaces), rpcbind would terminate immediately instead of silently failing on Skip over the IPv6 block to its respective cleanup with freeifaddrs if creating the socket failed instead of terminating rpcbind immediately 301642 by ngie: MFstable/10 r296994: r296994 (by asomers): MFC r293229, r293833 to usr.sbin/rpcbind r293833 | asomers | 2016-01-13 10:33:50 -0700 (Wed, 13 Jan 2016) | 16 lines Fix Coverity warnings regarding r293229 rpcbind/check_bound.c Fix CID1347798, a memory leak in mergeaddr. rpcbind/tests/addrmerge_test.c Fix CID1347800 through CID1347803, memory leaks in ATF tests. They are harmless because each ATF test case runs in its own process, bu= t they are trivial to fix. Fix a few other leaks that Coverity didn'= t detect, too. r293229 | asomers | 2016-01-05 17:00:11 -0700 (Tue, 05 Jan 2016) | 36 lines "source routing" in rpcbind Fix a bug in rpcbind for multihomed hosts. If the server had interfaces on two separate subnets, and a client on the first subnet contacted rpcbind at the address on the second subnet, rpcbind would advertise addresses on the first subnet. This is a bug, because it should prefer to advertise the address where it was contacted. The requested service might be firewalled off from the address on the first subnet, for example. usr.sbin/rpcbind/check_bound.c If the address on which a request was received is known, pass that to addrmerge as the clnt_uaddr parameter. That is what addrmerge's comment indicates the parameter is supposed to mean. The previous behavior is that clnt_uaddr would contain the address from which th= e client sent the request. usr.sbin/rpcbind/util.c Modify addrmerge to prefer to use an IP that is equal to clnt_uaddr= , if one is found. Refactor the relevant portion of the function for clarity, and to reduce the number of ifdefs. etc/mtree/BSD.tests.dist usr.sbin/rpcbind/tests/Makefile usr.sbin/rpcbind/tests/addrmerge_test.c Add unit tests for usr.sbin/rpcbind/util.c:addrmerge. usr.sbin/rpcbind/check_bound.c usr.sbin/rpcbind/rpcbind.h usr.sbin/rpcbind/util.c Constify some function arguments The end of the build log: [...truncated 56830 lines...] cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xinstall/../../contrib/mtr= ee -I/builds/FreeBSD_stable_9/usr.bin/xinstall/../../lib/libnetbsd -std=3Dg= nu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -= Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-ari= th -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-par= ameter -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant= -decls -Wold-style-definition -Wno-pointer-sign -c /builds/FreeBSD_stable_9= /usr.bin/xinstall/xinstall.c -o xinstall.o =3D=3D=3D> usr.bin/xlint (all) =3D=3D=3D> usr.bin/xlint/lint1 (all) cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/mem1.c -o mem1.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /common/put.c -o put.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/xargs/strnsubst.c -o strnsubst.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/../common/mem.c -o = mem.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/xargs/xargs.1 > xargs.1.gz cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -o x= args xargs.o strnsubst.o=20 cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/err.c -o err.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /common/screen.c -o screen.o =3D=3D=3D> usr.bin/xstr (all) cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/xstr/xstr.c -o xstr.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/main1.c -o main1.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /common/search.c -o search.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/decl.c -o decl.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xinstall/../../contrib/mtr= ee -I/builds/FreeBSD_stable_9/usr.bin/xinstall/../../lib/libnetbsd -std=3Dg= nu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -= Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-ari= th -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-par= ameter -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant= -decls -Wold-style-definition -Wno-pointer-sign -c /builds/FreeBSD_stable_9= /usr.bin/xinstall/../../contrib/mtree/getid.c -o getid.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/xstr/xstr.1 > xstr.1.gz cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -o x= str xstr.o=20 cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /common/seq.c -o seq.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /common/recover.c -o recover.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/xinstall/install.1 > install.1.gz cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xinstall/../../contrib/mtr= ee -I/builds/FreeBSD_stable_9/usr.bin/xinstall/../../lib/libnetbsd -std=3Dg= nu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -= Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-ari= th -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-par= ameter -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant= -decls -Wold-style-definition -Wno-pointer-sign -o xinstall xinstall.o get= id.o -lmd cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /common/util.c -o util.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/init.c -o init.o =3D=3D=3D> usr.bin/xz (all) cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/args.c -o args.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex.c -o ex.o =3D=3D=3D> usr.bin/xzdec (all) cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xzdec/../= ../lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xzdec/../../contrib/xz/s= rc/common -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -W= no-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-protot= ypes -Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBS= D_stable_9/usr.bin/xzdec/../../contrib/xz/src/xzdec/xzdec.c -o xzdec.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/coder.c -o coder.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xzdec/../= ../lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xzdec/../../contrib/xz/s= rc/common -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -W= no-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-protot= ypes -Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBS= D_stable_9/usr.bin/xzdec/../../contrib/xz/src/common/tuklib_progname.c -o t= uklib_progname.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xzdec/../= ../lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xzdec/../../contrib/xz/s= rc/common -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -W= no-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-protot= ypes -Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBS= D_stable_9/usr.bin/xzdec/../../contrib/xz/src/common/tuklib_exit.c -o tukli= b_exit.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/xzdec/../../contrib/xz/src/xzdec/= xzdec.1 > xzdec.1.gz cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xzdec/../= ../lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xzdec/../../contrib/xz/s= rc/common -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -W= no-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-protot= ypes -Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -o xzdec xzdec.o= tuklib_progname.o tuklib_exit.o -llzma cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/file_io.c -o file_io.o =3D=3D=3D> usr.bin/yacc (all) cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/closure.c -o closure.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/emit.c -o emit.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/error.c -o error.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/emit1.c -o emit1.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/hardware.c -o hardware.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/list.c -o list.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/lalr.c -o lalr.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/../common/inittyp.c= -o inittyp.o sh /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/makeman /builds/FreeBSD_sta= ble_9/obj/builds/FreeBSD_stable_9/tmp/usr/libexec/lint1 -m >lint.7 cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c cgram.c -o cgram.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_abbrev.c -o ex_abbrev.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/lr0.c -o lr0.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/main.c -o main.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_append.c -o ex_append.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_args.c -o ex_args.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/message.c -o message.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/main.c -o main.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/tree.c -o tree.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_argv.c -o ex_argv.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/mkpar.c -o mkpar.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/options.c -o options.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/output.c -o output.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/signals.c -o signals.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/suffix.c -o suffix.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_at.c -o ex_at.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/xz/util.c -o util.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_bang.c -o ex_bang.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_cd.c -o ex_cd.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/common/tuklib_open_stdxxx.c -o tuklib_= open_stdxxx.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_cmd.c -o ex_cmd.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/common/tuklib_progname.c -o tuklib_pro= gname.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/common/tuklib_exit.c -o tuklib_exit.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_cscope.c -o ex_cscope.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/common/tuklib_cpucores.c -o tuklib_cpu= cores.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/common/tuklib_mbstr_width.c -o tuklib_= mbstr_width.o cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_stab= le_9/usr.bin/xz/../../contrib/xz/src/common/tuklib_mbstr_fw.c -o tuklib_mbs= tr_fw.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/xz/xz.1 >= xz.1.gz cc -O2 -pipe -DHAVE_CONFIG_H -I/builds/FreeBSD_stable_9/usr.bin/xz/../../= lib/liblzma -I/builds/FreeBSD_stable_9/usr.bin/xz/../../contrib/xz/src/com= mon -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-for= mat-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -= Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -o xz args.o coder.o f= ile_io.o hardware.o list.o main.o message.o options.o signals.o suffix.o ut= il.o tuklib_open_stdxxx.o tuklib_progname.o tuklib_exit.o tuklib_cpucores.o= tuklib_mbstr_width.o tuklib_mbstr_fw.o -llzma cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_delete.c -o ex_delete.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/reader.c -o reader.o =3D=3D=3D> usr.bin/yes (all) cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yes/yes.c -o yes.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/yes/yes.1 > yes.1.gz cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -o y= es yes.o=20 cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_display.c -o ex_display.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_edit.c -o ex_edit.o =3D=3D=3D> usr.bin/ypcat (all) cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_equal.c -o ex_equal.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint1/func.c -o func.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/Fr= eeBSD_stable_9/usr.bin/ypcat/ypcat.c -o ypcat.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_file.c -o ex_file.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_filter.c -o ex_filter.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/ypcat/ypcat.1 > ypcat.1.gz cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -o ypcat ypc= at.o=20 cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_global.c -o ex_global.o =3D=3D=3D> usr.bin/ypmatch (all) cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -c /builds/Fr= eeBSD_stable_9/usr.bin/ypmatch/ypmatch.c -o ypmatch.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_init.c -o ex_init.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -c scan.c -o scan.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/ypmatch/ypmatch.1 > ypmatch.1.gz cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wno-uninitialized -Wno-pointer-sign -o ypmatch y= pmatch.o=20 gzip -cn lint.7 > lint.7.gz cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/skeleton.c -o skeleton.o =3D=3D=3D> usr.bin/ypwhich (all) cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_join.c -o ex_join.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -c /builds/FreeBSD_s= table_9/usr.bin/ypwhich/ypwhich.c -o ypwhich.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_map.c -o ex_map.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/ypwhich/ypwhich.1 > ypwhich.1.gz cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -o ypwhich ypwhich.= o=20 cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_mark.c -o ex_mark.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/symtab.c -o symtab.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_mkexrc.c -o ex_mkexrc.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/verbose.c -o verbose.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_move.c -o ex_move.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_open.c -o ex_open.o cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -c /b= uilds/FreeBSD_stable_9/usr.bin/yacc/warshall.c -o warshall.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_preserve.c -o ex_preserve.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/yacc/yacc.1 > yacc.1.gz gzip -cn /builds/FreeBSD_stable_9/usr.bin/yacc/yyfix.1 > yyfix.1.gz cc -O2 -pipe -std=3Dgnu99 -fstack-protector -Wsystem-headers -Werror -Wal= l -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-pr= ototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch= -Wshadow -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wnest= ed-externs -Wredundant-decls -Wold-style-definition -Wno-pointer-sign -o y= acc closure.o error.o lalr.o lr0.o main.o mkpar.o output.o reader.o skeleto= n.o symtab.o verbose.o warshall.o=20 cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_print.c -o ex_print.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_put.c -o ex_put.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_quit.c -o ex_quit.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_read.c -o ex_read.o cc -O2 -pipe -I. -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint1 -I/builds/= FreeBSD_stable_9/usr.bin/xlint/lint1/../arch/amd64 -I/builds/FreeBSD_stable= _9/usr.bin/xlint/lint1/../common -std=3Dgnu99 -fstack-protector -Wno-point= er-sign -o lint1 cgram.o scan.o mem1.o mem.o err.o main1.o decl.o tree.o f= unc.o init.o emit.o emit1.o inittyp.o -ll -lm cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_screen.c -o ex_screen.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_script.c -o ex_script.o =3D=3D=3D> usr.bin/xlint/lint2 (all) cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_set.c -o ex_set.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/main2.c -o mai= n2.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_shell.c -o ex_shell.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/hash.c -o hash= .o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_shift.c -o ex_shift.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/read.c -o read= .o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_source.c -o ex_source.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../common/mem.= c -o mem.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/mem2.c -o mem2= .o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_stop.c -o ex_stop.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/chk.c -o chk.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_subst.c -o ex_subst.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/msg.c -o msg.o /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/ex/ex_subst.c: In fun= ction 's': /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/ex/ex_subst.c:421: wa= rning: comparison is always false due to limited range of data type /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/ex/ex_subst.c:423: wa= rning: comparison is always false due to limited range of data type cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1/emit.= c -o emit.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/emit2.c -o emi= t2.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_tag.c -o ex_tag.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_txt.c -o ex_txt.o /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/ex/ex_txt.c: In funct= ion 'ex_txt': /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/ex/ex_txt.c:109: warn= ing: implicit declaration of function 'v_txt_auto' cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../common/init= typ.c -o inittyp.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_undo.c -o ex_undo.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/lint2/../lint1 -I/bu= ilds/FreeBSD_stable_9/usr.bin/xlint/lint2/../arch/amd64 -I/builds/FreeBSD_s= table_9/usr.bin/xlint/lint2/../common -std=3Dgnu99 -fstack-protector -Wno-= pointer-sign -o lint2 main2.o hash.o read.o mem.o mem2.o chk.o msg.o emit.= o emit2.o inittyp.o=20 cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_usage.c -o ex_usage.o =3D=3D=3D> usr.bin/xlint/xlint (all) cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_util.c -o ex_util.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../lint1 -DPRE= FIX=3D\"\" -I/builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../arch/amd64 -I/= builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../common -std=3Dgnu99 -fstack= -protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-pa= rameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-t= ype -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast= -align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-= style-definition -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlin= t/xlint/xlint.c -o xlint.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../lint1 -DPRE= FIX=3D\"\" -I/builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../arch/amd64 -I/= builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../common -std=3Dgnu99 -fstack= -protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-pa= rameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-t= ype -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast= -align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-= style-definition -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/xlin= t/xlint/../common/mem.c -o mem.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/xlint/xlint/lint.1 > lint.1.gz cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_version.c -o ex_version.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_visual.c -o ex_visual.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_write.c -o ex_write.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_yank.c -o ex_yank.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_z.c -o ex_z.o cc -O2 -pipe -I/builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../lint1 -DPRE= FIX=3D\"\" -I/builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../arch/amd64 -I/= builds/FreeBSD_stable_9/usr.bin/xlint/xlint/../common -std=3Dgnu99 -fstack= -protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wno-unused-pa= rameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-t= ype -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast= -align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-= style-definition -Wno-pointer-sign -o xlint xlint.o mem.o=20 cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_tcl.c -o ex_tcl.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /ex/ex_perl.c -o ex_perl.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/getc.c -o getc.o =3D=3D=3D> usr.bin/xlint/llib (all) cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_at.c -o v_at.o lint -cghapbx -Cposix /builds/FreeBSD_stable_9/usr.bin/xlint/llib/llib-lpos= ix /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/getc.c: In functio= n 'cs_init': /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/getc.c:52: warning= : passing argument 3 of 'db_eget' from incompatible pointer type llib-lposix: /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/getc.c: In functio= n 'cs_prev': /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/getc.c:182: warnin= g: passing argument 4 of 'db_get' from incompatible pointer type lint -cghapbx -Cstdc /builds/FreeBSD_stable_9/usr.bin/xlint/llib/llib-lstdc llib-lstdc: _types.h(62): warning: struct __timer never defined [233] _types.h(63): warning: struct __mq never defined [233] stdio.h(142): warning: struct pthread_mutex never defined [233] stdio.h(143): warning: struct pthread never defined [233] Lint pass2: cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_ch.c -o v_ch.o _types.h(62): warning: struct __timer never defined [233] _types.h(63): warning: struct __mq never defined [233] _pthreadtypes.h(44): warning: struct pthread never defined [233] _pthreadtypes.h(45): warning: struct pthread_attr never defined [233] _pthreadtypes.h(46): warning: struct pthread_cond never defined [233] _pthreadtypes.h(47): warning: struct pthread_cond_attr never defined [233] _pthreadtypes.h(48): warning: struct pthread_mutex never defined [233] _pthreadtypes.h(49): warning: struct pthread_mutex_attr never defined [233] _pthreadtypes.h(51): warning: struct pthread_rwlock never defined [233] _pthreadtypes.h(52): warning: struct pthread_rwlockattr never defined [233] _pthreadtypes.h(53): warning: struct pthread_barrier never defined [233] _pthreadtypes.h(54): warning: struct pthread_barrier_attr never defined [23= 3] _pthreadtypes.h(55): warning: struct pthread_spinlock never defined [233] _pthreadtypes.h(78): warning: struct pthread_barrierattr never defined [233= ] signal.h(294): warning: struct __siginfo never defined [233] Lint pass2: uname multiply defined =09llib-lposix?(42) :: llib-lposix(303) cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_cmd.c -o v_cmd.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_delete.c -o v_delete.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_ex.c -o v_ex.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_increment.c -o v_increment.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_init.c -o v_init.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_itxt.c -o v_itxt.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_left.c -o v_left.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_mark.c -o v_mark.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_match.c -o v_match.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_paragraph.c -o v_paragraph.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_put.c -o v_put.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_redraw.c -o v_redraw.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_replace.c -o v_replace.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_right.c -o v_right.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_screen.c -o v_screen.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_scroll.c -o v_scroll.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_search.c -o v_search.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_section.c -o v_section.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_sentence.c -o v_sentence.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_status.c -o v_status.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_txt.c -o v_txt.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_ulcase.c -o v_ulcase.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_undo.c -o v_undo.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_util.c -o v_util.o /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/v_txt.c: In functi= on 'txt_fc_col': /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/v_txt.c:2247: warn= ing: comparison of distinct pointer types lacks a cast /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/v_txt.c:2265: warn= ing: comparison of distinct pointer types lacks a cast /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/v_ulcase.c: In fun= ction 'v_mulcase': /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/vi/v_ulcase.c:119: wa= rning: passing argument 4 of 'db_get' from incompatible pointer type cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_word.c -o v_word.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_xchar.c -o v_xchar.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_yank.c -o v_yank.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_z.c -o v_z.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/v_zexit.c -o v_zexit.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/vi.c -o vi.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/vs_line.c -o vs_line.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/vs_msg.c -o vs_msg.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/vs_refresh.c -o vs_refresh.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/vs_relative.c -o vs_relative.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/vs_smap.c -o vs_smap.o cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -c /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi= /vi/vs_split.c -o vs_split.o gzip -cn /builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi/docs/USD.doc= /vi.man/vi.1 > vi.1.gz cc -O2 -pipe -DGTAGS -DSYSV_CURSES -I/builds/FreeBSD_stable_9/usr.bin/vi -= I/builds/FreeBSD_stable_9/usr.bin/vi/../../contrib/nvi -I/builds/FreeBSD_st= able_9/usr.bin/vi/../../contrib/nvi/include -std=3Dgnu99 -fstack-protector= -Wno-pointer-sign -o nvi cl_bsd.o cl_funcs.o cl_main.o cl_read.o cl_scree= n.o cl_term.o cut.o delete.o exf.o key.o line.o log.o main.o mark.o msg.o o= ptions.o options_f.o put.o screen.o search.o seq.o recover.o util.o ex.o ex= _abbrev.o ex_append.o ex_args.o ex_argv.o ex_at.o ex_bang.o ex_cd.o ex_cmd.= o ex_cscope.o ex_delete.o ex_display.o ex_edit.o ex_equal.o ex_file.o ex_fi= lter.o ex_global.o ex_init.o ex_join.o ex_map.o ex_mark.o ex_mkexrc.o ex_mo= ve.o ex_open.o ex_preserve.o ex_print.o ex_put.o ex_quit.o ex_read.o ex_scr= een.o ex_script.o ex_set.o ex_shell.o ex_shift.o ex_source.o ex_stop.o ex_s= ubst.o ex_tag.o ex_txt.o ex_undo.o ex_usage.o ex_util.o ex_version.o ex_vis= ual.o ex_write.o ex_yank.o ex_z.o ex_tcl.o ex_perl.o getc.o v_at.o v_ch.o v= _cmd.o v_delete.o v_ex.o v_increment.o v_init.o v_itxt.o v_left.o v_mark.o = v_match.o v_paragraph.o v_put.o v_redraw.o v_replace.o v_right.o v_screen.o= v_scroll.o v_search.o v_section.o v_sentence.o v_status.o v_txt.o v_ulcase= .o v_undo.o v_util.o v_word.o v_xchar.o v_yank.o v_z.o v_zexit.o vi.o vs_li= ne.o vs_msg.o vs_refresh.o vs_relative.o vs_smap.o vs_split.o -lncurses 1 error *** [everything] Error code 2 1 error *** [buildworld] Error code 2 1 error Build step 'Execute shell' marked build as failure Email was triggered for: Failure - Any Sending email for trigger: Failure - Any From owner-freebsd-stable@freebsd.org Wed Jun 8 19:32:21 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 112AAB7088B for ; Wed, 8 Jun 2016 19:32:21 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: from mail-io0-x242.google.com (mail-io0-x242.google.com [IPv6:2607:f8b0:4001:c06::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CC9CB11A0; Wed, 8 Jun 2016 19:32:20 +0000 (UTC) (envelope-from yaneurabeya@gmail.com) Received: by mail-io0-x242.google.com with SMTP id 5so2515294ioy.0; Wed, 08 Jun 2016 12:32:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=k4gzdc0H0ToXT9MmiUc8l5dNkGL/FOzmYLKLwixpUnU=; b=nvNSkqD8XUEf/JPGX3LIZo0TjHL0IWUa7eDWKNoJ19I8aT7jct1KyDn69b4Q8S95FK 0psVqxLKOOO97NutD32ABrxhCcR220oMP3YtNAx87u4V7fqI+yMukLohR0LC4E1nuG95 9QQUxaGdjIh5VZUHEqWjn0qUJAnxPb/HATL70ghDvmh2IH6T9NBlNwVTkU8OIRhWH0CM fDOyd610uOcIMP4uDgl4/TPxnnsxYgXJngVypVbavk/iGwSx3uL6WBcCwrgTyGo8rdxF w8JOi8e/VgGurO3AZUUAwPP+CneZN9dCoqL6hyJ5KF1DT2LDNrc/qLC9DSjEsa5/LRBM zLhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=k4gzdc0H0ToXT9MmiUc8l5dNkGL/FOzmYLKLwixpUnU=; b=jdd675WQrh30KZii2qyk1uZ6NjSHGuNvXMChnKSB15lAJjlsOwHYcuuz6jXG04k6kc ZczXKYvANT2lp8KlDQUEd/A+j0gGFK2xIBsuUKcXowpe0pgdJdzPA3YW0vIO+smLY0X0 HRa87b+IEnfj6a9jNzUd7qN/x/GMVY4x/qXvbDGXP1uo3aFofw08ZmsLkkL1ksV7wLux tse83vLSA1PsZsbdEXF1SvP8VcabENleID126SpNksoThpNfwXGsXLAMgOzXA/KsKsdj Oa9ped7/LQs/m3O9FyVEUxOjfKqQuwK3hDWLyhOOqdZZ5gbYfX/xVto04lQd0sReTsDb 7TFg== X-Gm-Message-State: ALyK8tKnADx4GxK32HoyT0UMENzBYd7P/rQW3FbgrgpOMoCNRoFfvynctX0y3P2Jn52qdg== X-Received: by 10.107.41.19 with SMTP id p19mr11218477iop.30.1465414340050; Wed, 08 Jun 2016 12:32:20 -0700 (PDT) Received: from [10.65.210.108] ([137.122.64.8]) by smtp.gmail.com with ESMTPSA id e126sm1438197ith.21.2016.06.08.12.32.18 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 08 Jun 2016 12:32:19 -0700 (PDT) Subject: Re: FreeBSD_stable_9 - Build #1142 - Failure Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Content-Type: multipart/signed; boundary="Apple-Mail=_9BDA0B6D-93F0-4FFA-A738-464F3DB72F68"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail 2.6b2 From: "Ngie Cooper (yaneurabeya)" In-Reply-To: <1817953327.48.1465413518451.JavaMail.jenkins@jenkins-9.freebsd.org> Date: Wed, 8 Jun 2016 15:32:17 -0400 Cc: Garrett Cooper , freebsd-stable@FreeBSD.org Message-Id: <86360996-66C7-402B-90F6-E90F66F5C3EA@gmail.com> References: <1817953327.48.1465413518451.JavaMail.jenkins@jenkins-9.freebsd.org> To: jenkins-admin@freebsd.org X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 19:32:21 -0000 --Apple-Mail=_9BDA0B6D-93F0-4FFA-A738-464F3DB72F68 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Jun 8, 2016, at 15:18, jenkins-admin@freebsd.org wrote: >=20 > FreeBSD_stable_9 - Build #1142 - Failure: >=20 > Build information: = https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1142/ > Full change log: = https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1142/changes > Full build log: = https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1142/console >=20 > Change summaries: >=20 > 301688 by ngie: > MFstable/10 r301687: >=20 > MFC r300624: >=20 > Fix up r300385 >=20 > I accidentally glossed over the fact that tmp is manipulated via = strchr, so > if we tried to free `tmp` after r300385, it would have crashed. >=20 > Create a separate pointer (tmp2) to track the original allocation of = `tmp`, > and free `tmp2` if `p->nc_lookups` can't be malloced >=20 > CID: 1356026 >=20 > 301686 by ngie: > MFstable/10 r301684: >=20 > MFC r300385: >=20 > Don't leak `tmp` if `p->nc_lookups` can't be malloced >=20 > 301685 by ngie: > MFstable/10 r301682: >=20 > MFC r300386: >=20 > Don't leak `handle` if svc_tp_create(..) succeeds and allocating a new > struct xlist object fails >=20 > CID: 978277 >=20 > 301681 by ngie: > MFstable/10 r301680: >=20 > MFC r300625: >=20 > Remove unnecessary memset(.., 0, ..)'s >=20 > The mem_alloc macro calls calloc (userspace) / malloc(.., = M_WAITOK|M_ZERO) > under the covers, so zeroing out memory is already handled by the = underlying > calls >=20 > 301676 by ngie: > MFstable/10 r301675: >=20 > MFC r300714: >=20 > The readme provides a high-level overview of how to upgrade top(1). >=20 > Reviewed By: ngie >=20 > 301674 by ngie: > MFstable/10 r301673: >=20 > MFC r299699: >=20 > Remove NO_WERROR from libbsnmp/Makefile.inc >=20 > This has been compiling without warnings with clang/gcc for a while = now >=20 > Tested with: clang 3.8.0, gcc 4.2.x, gcc 5.x >=20 > 301672 by ngie: > MFstable/10 r301671: >=20 > MFC r299815: >=20 > Remove NO_WERROR.clang from this Makefile >=20 > This compiles with clang without warnings >=20 > 301670 by ngie: > MFstable/10 r301669: >=20 > MFC r299806: >=20 > Bump WARNS to 6 >=20 > 301668 by ngie: > MFstable/10 r301667: >=20 > MFC r299834: >=20 > Fix .Dd >=20 > Today is the 14th, not the 10th of May >=20 > 301664 by ngie: > MFstable/10 r301663: >=20 > MFC r294507,r294567,r299466: >=20 > r294507 (by harti): >=20 > Fill the ifAlias leaf of the ifXTable with the interface description > if there is one available and it fits into the maximum size (64 = characters). >=20 > r294567 (by bz): >=20 > Change the variable to a #define in order to make gcc happy which > otherwise will complain about "variably modified 'alias' at file = scope". > Unbreaks the build on gcc platforms. >=20 > r299466 (by cem): >=20 > bsnmpd: Fix size of trapsink::comm to match other community arrays >=20 > This fixes a number of possible strcpy() buffer overruns between the = various > community strings in trap.c. >=20 > CIDs: 1006820, 1006821, 1006822 >=20 > 301662 by ngie: > MFstable/10 r301661: >=20 > MFC r256678,r256680,r260986,r272878,r286402: >=20 > r256678 (by syrinx): >=20 > Fix SNMP Error response PDUs and properly encode them when using v3 = auth/encryption. >=20 > r256680 (by syrinx): >=20 > Fix the -Wconversion warnings produced when compiling the SNMP agent. >=20 > r260986 (by harti): >=20 > Fix a problem with OBJECT IDENTIFIER encoding: need to check the > second subid to be less than 40, not the first when the first > subid is 0 or 1. >=20 > r272878 (by syrinx): >=20 > Fix a bug in decoding string indexes in snmp_target(3), thus causing > bsnmpd(1) to not send v3 notifications properly; while here add two > missing return statements which could lead to abort() in case of a > rollback >=20 > r286402 (by araujo): >=20 > Fix variable 'old' is used uninitialized whenever '&&' condition is = false. > Spotted by clang. >=20 > 301659 by ngie: > MFstable/10 r301657: >=20 > MFC r299701: >=20 > Move _bsnmptools_debug extern from bsnmpmap.c to bsnmptools.h >=20 > It was used in bsnmpmap.c but was stored in bsnmptools.c; moving the = extern > to the header allows us to cover all of our bases for the variable, = and allows > _bsnmptools_debug to be used in the future elsewhere -- not just = bsnmpmap.c. >=20 > 301654 by ngie: > MFstable/10 r301653: >=20 > MFC r299810: >=20 > Correct function names that failed in error messages >=20 > It should be calloc/strdup, not malloc >=20 > 301652 by ngie: > MFstable/10 r300475: >=20 > MFC r299710,r299711,r299763,r299783,r299811: >=20 > r299710: >=20 > Staticize global variables only used in bsnmpimport.c to fix > -Wmissing-variable-declarations warnings >=20 > r299711: >=20 > Fold two malloc + memset(.., 0, ..) calls into equivalent calloc calls >=20 > r299763: >=20 > Mute -Wstrlcpy-strlcat-size warning by using nitems with the size of = the buffer >=20 > This is a no-op as the malloc above set the size of the buffer to the = size used > below, but this keeps things consistent in case the malloc call = changes somehow. >=20 > r299783: >=20 > Convert tok from enum tok to int32_t in function calls >=20 > get_token(..) returns int32_t, not enum tok, and in many cases tests = for items > not in enum tok (e.g. '('). Make the typing consistent with get_token, = which > includes a domino effect of changing enum tok to int32_t. >=20 > r299811: >=20 > Use strdup instead of malloc + strlcpy >=20 > Fix error messages on failure for calloc/strdup >=20 > 301650 by ngie: > MFstable/10 r301636: >=20 > MFC r300867,r300932,r300934,r300941,r300972,r300973: >=20 > r300867: >=20 > Only expose `hint_uaddr` in the ND_DEBUG case >=20 > This fixes a -Wunused-but-set-variable warning with gcc >=20 > r300932: >=20 > Catch malloc(3) errors and socket(2) errors >=20 > - malloc failing will result in a delayed segfault > - socket failing will result in delayed failures with setsockopt >=20 > Exit in the event that either of these high-level conditions are met. >=20 > CID: 976288, 976321, 976858 >=20 > r300934: >=20 > Plug leak with ifp by calling freeifaddrs after calling getifaddrs >=20 > Obtained from: NetBSD v1.18 >=20 > r300941: >=20 > Don't leak res in network_init(..) >=20 > Call freeaddrinfo on it after it's been used >=20 > CID: 1225050 >=20 > r300972 (by markj): >=20 > Fix rpcbind init after r300941. >=20 > - getaddrinfo() sets res =3D NULL on failure and freeaddrinfo() always > dereferences its argument, so we should only free the address list = after > a successful call. > - Address a second potential leak caused by getaddrinfo(AF_INET6) > overwriting the address list returned by getaddrinfo(AF_INET). >=20 > X-MFC-With: r300941 >=20 > r300973: >=20 > Follow up to r300932 >=20 > In the event MK_INET6 !=3D no in userspace, but is disabled in the > kernel, or if there aren't any IPv6 addresses configured in userspace > (for lo0 and all physical interfaces), rpcbind would terminate > immediately instead of silently failing on >=20 > Skip over the IPv6 block to its respective cleanup with freeifaddrs if > creating the socket failed instead of terminating rpcbind immediately >=20 > 301649 by ngie: > MFstable/10 r301648: >=20 > MFC r300947: >=20 > Staticize variables only used in rpcbind.c >=20 > This is some low hanging fruit necessary for making this WARNS?=3D 6 = clean >=20 > 301647 by ngie: > MFstable/10 r301646: >=20 > MFC r300945: >=20 > Remove unnecessary caller_uaddr !=3D NULL test before calling free on = it >=20 > 301645 by ngie: > MFstable/10 r301644: >=20 > MFC r300942: >=20 > Remove a useless if (x !=3D NULL) check before calling free on = allocated_uaddr >=20 > 301643 by ngie: > MFC r300932,r300934,r300941,r300972,r300973: >=20 > r300932: >=20 > Catch malloc(3) errors and socket(2) errors >=20 > - malloc failing will result in a delayed segfault > - socket failing will result in delayed failures with setsockopt >=20 > Exit in the event that either of these high-level conditions are met. >=20 > CID: 976288, 976321, 976858 >=20 > r300934: >=20 > Plug leak with ifp by calling freeifaddrs after calling getifaddrs >=20 > Obtained from: NetBSD v1.18 >=20 > r300941: >=20 > Don't leak res in network_init(..) >=20 > Call freeaddrinfo on it after it's been used >=20 > CID: 1225050 >=20 > r300972 (by markj): >=20 > Fix rpcbind init after r300941. >=20 > - getaddrinfo() sets res =3D NULL on failure and freeaddrinfo() always > dereferences its argument, so we should only free the address list = after > a successful call. > - Address a second potential leak caused by getaddrinfo(AF_INET6) > overwriting the address list returned by getaddrinfo(AF_INET). >=20 > X-MFC-With: r300941 >=20 > r300973: >=20 > Follow up to r300932 >=20 > In the event MK_INET6 !=3D no in userspace, but is disabled in the > kernel, or if there aren't any IPv6 addresses configured in userspace > (for lo0 and all physical interfaces), rpcbind would terminate > immediately instead of silently failing on >=20 > Skip over the IPv6 block to its respective cleanup with freeifaddrs if > creating the socket failed instead of terminating rpcbind immediately >=20 > 301642 by ngie: > MFstable/10 r296994: > r296994 (by asomers): >=20 > MFC r293229, r293833 to usr.sbin/rpcbind >=20 > r293833 | asomers | 2016-01-13 10:33:50 -0700 (Wed, 13 Jan 2016) | 16 = lines >=20 > Fix Coverity warnings regarding r293229 >=20 > rpcbind/check_bound.c > Fix CID1347798, a memory leak in mergeaddr. >=20 > rpcbind/tests/addrmerge_test.c > Fix CID1347800 through CID1347803, memory leaks in ATF tests. = They > are harmless because each ATF test case runs in its own = process, but > they are trivial to fix. Fix a few other leaks that Coverity = didn't > detect, too. >=20 > r293229 | asomers | 2016-01-05 17:00:11 -0700 (Tue, 05 Jan 2016) | 36 = lines >=20 > "source routing" in rpcbind >=20 > Fix a bug in rpcbind for multihomed hosts. If the server had = interfaces on > two separate subnets, and a client on the first subnet contacted = rpcbind at > the address on the second subnet, rpcbind would advertise addresses on = the > first subnet. This is a bug, because it should prefer to advertise the > address where it was contacted. The requested service might be = firewalled > off from the address on the first subnet, for example. >=20 > usr.sbin/rpcbind/check_bound.c > If the address on which a request was received is known, pass = that > to addrmerge as the clnt_uaddr parameter. That is what = addrmerge's > comment indicates the parameter is supposed to mean. The = previous > behavior is that clnt_uaddr would contain the address from = which the > client sent the request. >=20 > usr.sbin/rpcbind/util.c > Modify addrmerge to prefer to use an IP that is equal to = clnt_uaddr, > if one is found. Refactor the relevant portion of the function = for > clarity, and to reduce the number of ifdefs. >=20 > etc/mtree/BSD.tests.dist > usr.sbin/rpcbind/tests/Makefile > usr.sbin/rpcbind/tests/addrmerge_test.c > Add unit tests for usr.sbin/rpcbind/util.c:addrmerge. >=20 > usr.sbin/rpcbind/check_bound.c > usr.sbin/rpcbind/rpcbind.h > usr.sbin/rpcbind/util.c > Constify some function arguments My bad =E2=80=94 the compilation error with bsnmp should be fixed by = r301690. Thanks, -Ngie --Apple-Mail=_9BDA0B6D-93F0-4FFA-A738-464F3DB72F68 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXWHLCAAoJEPWDqSZpMIYVCekP/0lzEo898+sWIGwYcTAyyIkn olwk89vVN9wF/TItj5z/O8y3O6kZbhQH7lZNuNOOueQb3ls5js7LGpK5o/A1I/EB x7yQffEf8QEzqvW9fqvwrrfY3sx+KmJhi9SDlPfvAaec+oZN15vE5CPWZAgtEGZH 5rdame1R6G+kRP62ETPz2y0m+Ysz0HH32KonM5tgeIRaDYkBq+sYsJEXB7x5j1a5 QybA+4SgRXit6u76fCmUgX8QYEaLSJ1F/Bmb3ZLfACD8XLmEu4OvZQUImHIz1mzG lY91vwJearUtC9R9/3H5vhtgKYO9Me9WfepfjnazvewM9ittZyLxdldlvP4wUwo6 89jPEXOTnOn5+plynzucPIAc6HG0BsGzK01gotgELEwQCXvuVIIPRHzO0H10Wc4q PpMaJi9uV71kuD6xiHOCK2Az4EcaFe7AtLRQoPyo4moZjtqcN/e7oqeeNB+9vDOC 7AbyKIveWTVK6vwPqYINvSA1puotp5LNOX8MfrZLmzReyjQXehkBH9Inng+yP3JF XHH5BYIXXorMeaftfOQ3F9tq4L7OVQJ9xBrymF3vpKyejmB7vuBnNlRLPhALAMdJ /2M58pHBqp+CwdmhrKzgN7QbcIsR+VVSQeiY9BexLkzmqfiksDlYzeDmA1VJqmLa 2aNfr5T3kQ2evZfvKSD3 =aowv -----END PGP SIGNATURE----- --Apple-Mail=_9BDA0B6D-93F0-4FFA-A738-464F3DB72F68-- From owner-freebsd-stable@freebsd.org Wed Jun 8 22:02:36 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 568BAB70A8B for ; Wed, 8 Jun 2016 22:02:36 +0000 (UTC) (envelope-from mi+oro@aldan.algebra.com) Received: from vms173023pub.verizon.net (vms173023pub.verizon.net [206.46.173.23]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3CCC91B33 for ; Wed, 8 Jun 2016 22:02:35 +0000 (UTC) (envelope-from mi+oro@aldan.algebra.com) Received: from vz-proxy-l005.mx.aol.com ([64.236.82.152]) by vms173023.mailsrvcs.net (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014)) with ESMTPA id <0O8H00JQ613IRQ80@vms173023.mailsrvcs.net> for freebsd-stable@FreeBSD.org; Wed, 08 Jun 2016 16:02:11 -0500 (CDT) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=WpDWSorv c=1 sm=1 tr=0 a=a3t/a0oOYlYu/nGe1mf8ZA==:117 a=pD_ry4oyNxEA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=TWVjGQL9O7it2J5u1S4A:9 a=QEXdDO2ut3YA:10 a=2z9rS1_vppYsJW5t73gA:9 a=2oDY5yJidKnIb6dh:21 a=_W_S_7VecoQA:10 Received: by 100.1.241.90 with SMTP id 7bfd0cea; Wed, 08 Jun 2016 21:02:11 GMT To: freebsd-stable@FreeBSD.org From: "Mikhail T." Subject: Nasty state after running out of swap Message-id: <057d6b66-8051-213f-e716-efada3692bc0@aldan.algebra.com> Date: Wed, 08 Jun 2016 17:02:09 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 22:02:36 -0000 In my absence my desktop managed to run out of memory and had to kill a number of processes: pid 47493 (firefox), uid 105, was killed: out of swap space pid 1665 (thunderbird), uid 105, was killed: out of swap space pid 975 (kdeinit4), uid 105, was killed: out of swap space pid 1344 (mysqld), uid 105, was killed: out of swap space pid 898 (Xorg), uid 0, was killed: out of swap space pid 1430 (pidgin), uid 105, was killed: out of swap space While that's unfortunate in its own right, the current state of the machine is just weird... After the massacre the swap-usage is down to 5% and memory is plentiful. top(1) reports: last pid: 85719; load averages: 0.17, 0.15, 0.11 up 25+21:17:34 16:50:27 123 processes: 1 running, 102 sleeping, 11 stopped, 8 zombie, 1 waiting CPU: 0.1% user, 0.0% nice, 1.8% system, 0.3% interrupt, 97.7% idle Mem: 17M Active, 7276K Inact, 9876M Wired, 10M Cache, 1032M Buf, 28M Free ARC: 1114M Total, 264M MFU, 282M MRU, 69K Anon, 44M Header, 524M Other Swap: 12G Total, 616M Used, 11G Free, 5% Inuse And yet, various commands hang for a while in either pfault or zombie state upon completion. For example, top, when I tried to exit it, hung for about a minute with Ctrl-T reporting: load: 0.13 cmd: top 85718 [pfault] 19.04r 0.00u 0.01s 0% 2532k Why would a machine with so much free memory continue to act this way? Is it yet to recover from the "out of swap" situation? I'm sure, a reboot will fix everything, but I expected FreeBSD to be better than that... Running 10.3-stable from April 18 here. Thanks! -mi From owner-freebsd-stable@freebsd.org Wed Jun 8 22:24:47 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFDA4B70F51 for ; Wed, 8 Jun 2016 22:24:47 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qg0-x22a.google.com (mail-qg0-x22a.google.com [IPv6:2607:f8b0:400d:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D4FB14B7 for ; Wed, 8 Jun 2016 22:24:47 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-qg0-x22a.google.com with SMTP id p34so11783223qgp.1 for ; Wed, 08 Jun 2016 15:24:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=SkLg11DNoDNf5rgpFcsrXhfmHEpDgbENQI9/LdqmwyA=; b=prKpN/lt5rwqvaW+MFBpI96JHgQj2lwTiwNFoF5s2tJf7kES4QUkuMj27lHdP44qz2 S8OtTS/6Lq3Qx2DzrH8tK34j17GRu8U3nfYHLcKxcJ90rLlZaNuDe+6joxdfKAp0eXZO tOteAmmG/DeBVPqsvkqsN9k5wXIODz/2I/k2hWx2dDC8ka5e0HSnHa0D5RQzhD8TcCA7 vh0a4eYCtsWX1HJKNxc6D/HCEM1plk1cL0f7Xsz/yDPVBpAZFSeGckJfvnxsZlujB5b5 jK0cy4ggW8XqPLT8idi9qdvWcMS8c6LjNYdaVvcS4M5HQifMysT4QAofD+H4fwvvTatT H8eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=SkLg11DNoDNf5rgpFcsrXhfmHEpDgbENQI9/LdqmwyA=; b=O18rqkkiHJAZOYVkNO84H88ccGFQLlkXYNYn/V2XJgYh9lPVrTAQYyXVCo9RXyXpa/ w5h9ljo15jGcwH5B1B8Kj9YWvql2QtbHzJ1JaXgmdBtsJxuHajrvXSo1yyHvkSepZYpJ 3VHZBYZ3+NDa1zyc5vmQS8EijzmK85CMol97vVnmLFh2MyQvZNplXJCoMvelcbAjBTgL dmHuN/ycRY5DSYwDJVGRjRkTj3KmnRdLrUGEnssJBUPDoX2QqYhVOLOwoJ4uTeQe8mOk kW8RC0AwbnelFmEBi/1swcy5SJqQiIXbxliYO2K3Ytv0wZd9WVx2Y1J7M9Ddx60afJTa V2Nw== X-Gm-Message-State: ALyK8tL5H1cOdqsG/chiiaNIasiEoO/qtZw2DmVrsyarTJh81BGqL10EIQdDWLEWtW1dFg== X-Received: by 10.141.28.204 with SMTP id f195mr7099191qhe.97.1465424686556; Wed, 08 Jun 2016 15:24:46 -0700 (PDT) Received: from charmander ([137.122.64.52]) by smtp.gmail.com with ESMTPSA id q190sm891517qhb.9.2016.06.08.15.24.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 Jun 2016 15:24:46 -0700 (PDT) Sender: Mark Johnston Date: Wed, 8 Jun 2016 15:24:40 -0700 From: Mark Johnston To: "Mikhail T." Cc: freebsd-stable@FreeBSD.org Subject: Re: Nasty state after running out of swap Message-ID: <20160608222440.GA28489@charmander> References: <057d6b66-8051-213f-e716-efada3692bc0@aldan.algebra.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <057d6b66-8051-213f-e716-efada3692bc0@aldan.algebra.com> User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 22:24:47 -0000 On Wed, Jun 08, 2016 at 05:02:09PM -0400, Mikhail T. wrote: > In my absence my desktop managed to run out of memory and had to kill a > number of processes: > > pid 47493 (firefox), uid 105, was killed: out of swap space > pid 1665 (thunderbird), uid 105, was killed: out of swap space > pid 975 (kdeinit4), uid 105, was killed: out of swap space > pid 1344 (mysqld), uid 105, was killed: out of swap space > pid 898 (Xorg), uid 0, was killed: out of swap space > pid 1430 (pidgin), uid 105, was killed: out of swap space > > While that's unfortunate in its own right, the current state of the > machine is just weird... After the massacre the swap-usage is down to 5% > and memory is plentiful. top(1) reports: > > last pid: 85719; load averages: 0.17, 0.15, 0.11 up > 25+21:17:34 16:50:27 > 123 processes: 1 running, 102 sleeping, 11 stopped, 8 zombie, 1 waiting > CPU: 0.1% user, 0.0% nice, 1.8% system, 0.3% interrupt, 97.7% idle > Mem: 17M Active, 7276K Inact, 9876M Wired, 10M Cache, 1032M Buf, 28M > Free This looks like a memory leak in the kernel. What revision are you running? Can you provide the output of "vmstat -m" and vmstat -z"? > ARC: 1114M Total, 264M MFU, 282M MRU, 69K Anon, 44M Header, 524M Other > Swap: 12G Total, 616M Used, 11G Free, 5% Inuse > > And yet, various commands hang for a while in either pfault or zombie > state upon completion. For example, top, when I tried to exit it, hung > for about a minute with Ctrl-T reporting: > > load: 0.13 cmd: top 85718 [pfault] 19.04r 0.00u 0.01s 0% 2532k > > Why would a machine with so much free memory continue to act this way? The output you pasted shows that there is very little free memory. > Is it yet to recover from the "out of swap" situation? I'm sure, a > reboot will fix everything, but I expected FreeBSD to be better than > that... Running 10.3-stable from April 18 here. Thanks! There was a memory leak in CAM at that point. It's fixed in r299531, but the vmstat output is needed to verify that this is the problem you're hitting. From owner-freebsd-stable@freebsd.org Wed Jun 8 22:34:26 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4BEEB6F2AC for ; Wed, 8 Jun 2016 22:34:26 +0000 (UTC) (envelope-from jenkins-admin@FreeBSD.org) Received: from jenkins-9.freebsd.org (jenkins-9.freebsd.org [8.8.178.209]) by mx1.freebsd.org (Postfix) with ESMTP id 996231EDF; Wed, 8 Jun 2016 22:34:26 +0000 (UTC) (envelope-from jenkins-admin@FreeBSD.org) Received: from jenkins-9.freebsd.org (localhost [127.0.0.1]) by jenkins-9.freebsd.org (Postfix) with ESMTP id DB6FE1E8A; Wed, 8 Jun 2016 22:34:26 +0000 (UTC) Date: Wed, 8 Jun 2016 22:34:24 +0000 (GMT) From: jenkins-admin@FreeBSD.org To: ngie@FreeBSD.org, jenkins-admin@FreeBSD.org, freebsd-stable@FreeBSD.org Message-ID: <659125535.50.1465425266907.JavaMail.jenkins@jenkins-9.freebsd.org> In-Reply-To: <1817953327.48.1465413518451.JavaMail.jenkins@jenkins-9.freebsd.org> References: <1817953327.48.1465413518451.JavaMail.jenkins@jenkins-9.freebsd.org> Subject: FreeBSD_stable_9 - Build #1143 - Fixed MIME-Version: 1.0 X-Jenkins-Job: FreeBSD_stable_9 X-Jenkins-Result: SUCCESS Precedence: bulk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 22:34:26 -0000 FreeBSD_stable_9 - Build #1143 - Fixed: Build information: https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1143/ Full change log: https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1143/changes Full build log: https://jenkins.FreeBSD.org/job/FreeBSD_stable_9/1143/console Change summaries: 301690 by ngie: MFstable/10 r301655: MFC r299766: Fix logically dead code pointed out by clang/Coverity parse_context, parse_user_security: test for validity of results from parse_ascii(..) with by casting to int32_t and comparing to -1; comparing unsigned types to negative values will always be false. CID: 1011432, 1011433 From owner-freebsd-stable@freebsd.org Wed Jun 8 23:02:49 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DAD3B6FBA7 for ; Wed, 8 Jun 2016 23:02:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 0F1941FCD for ; Wed, 8 Jun 2016 23:02:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 0E6D7B6FBA4; Wed, 8 Jun 2016 23:02:49 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 09985B6FBA2; Wed, 8 Jun 2016 23:02:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BAD081FCC; Wed, 8 Jun 2016 23:02:48 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAmUi-000Aax-5i; Thu, 09 Jun 2016 02:02:40 +0300 Date: Thu, 9 Jun 2016 02:02:40 +0300 From: Slawa Olhovchenkov To: stable@freebsd.org, freebsd-net@freebsd.org Subject: ipfw fwd to closed port Message-ID: <20160608230240.GA51364@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2016 23:02:49 -0000 Forwarding by ipfw to closed local port generating RST packet with incorrect checksun. Is this know ussuse? Need open PR? From owner-freebsd-stable@freebsd.org Thu Jun 9 07:39:45 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4DE05AC8915 for ; Thu, 9 Jun 2016 07:39:45 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 2F19B14B1 for ; Thu, 9 Jun 2016 07:39:45 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 2A9F4AC8913; Thu, 9 Jun 2016 07:39:45 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2A204AC8912; Thu, 9 Jun 2016 07:39:45 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C8DD114B0; Thu, 9 Jun 2016 07:39:44 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x233.google.com with SMTP id k204so47530778wmk.0; Thu, 09 Jun 2016 00:39:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lepAbpnwiq21wb4pVS8A1D5U8NZmS8ZYG9hQ9tgnEac=; b=nRQ93FtIbbkEyrHaKGRGkJr3tL+RejsJqk1CFidBIiUGKBNQEpxItpiMyrM39K+fVs Gf6zHmoZgd4b8qjRdn2znKdIRQx3THnkdQNj91+bit3mT87AN7zK8RuwRC0NIEg3Q5Vw dl86egvtX4amPeTgEldDUuv7mBkKTgdpscIkhm5pTv8BTdKNip7+eQctGSeVV1+47nQc BImVx/558Sfaa6PA37gbptbaD3LEUnTp5QVGFqIaFuPbw3mc75aPgPv8/3GUmb/NmC7+ CzR9Sj0cPCL4Sa0L0IHBgfgtoYhnA9qsTxvkaTi7co1C24bXcS2hB4x1P1+7+bQA91yY Ixhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lepAbpnwiq21wb4pVS8A1D5U8NZmS8ZYG9hQ9tgnEac=; b=KcGEAqKSbVUq9OM+QPwElBOQPsU/eNQ29WDyv1lGpB9+KctxN0N+cddMwJsxtrRrAo dwHWTvgYM2pysnDOb2bzybZ5Csb0MrzOZZS9AHaiSTu1A0AalB2UXXUfKIc7UpFBPa++ GE5UmLpB+P+4pIM6pmSSqiyHub8pffEkSIqfTZLp1+9IyIZqfHBxqcEpcrlO+OOgCxDZ dOVV0SPif29aHR9gus/h534wGDm0olpA5xKmSUIWccKPFl8NM6ajXdrzjDZKeghQOj3k UHPIMFFvjgiG+RNuDNP7eYCvm3JPiC+9IDdzvYxt+dNSMRlt1K2kD6HAZ8Zw8vqWnva2 0UZA== X-Gm-Message-State: ALyK8tJL9KthPSnCTZK+XPz3SYYfF0RAUncEsuhtT/SF/+NKKyb5Y5NP23CSTCYUUV0bSK6xKBUxsO3XGXHdUA== X-Received: by 10.28.155.197 with SMTP id d188mr11758249wme.30.1465457983417; Thu, 09 Jun 2016 00:39:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Thu, 9 Jun 2016 00:39:42 -0700 (PDT) In-Reply-To: <20160608094859.GH75625@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> From: krad Date: Thu, 9 Jun 2016 08:39:42 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= , freebsd-security@freebsd.org, "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 07:39:45 -0000 googles will be pretty static, but i would just use them as a one off, ie with ntpdate On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Sm=C3=B8rgrav wrote: > > > Slawa Olhovchenkov writes: > > > IMHO, ntp.conf need to include some numeric IP of public ntp servers. > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > What you suggestion? > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > From owner-freebsd-stable@freebsd.org Thu Jun 9 08:04:44 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53C6AADC9A2 for ; Thu, 9 Jun 2016 08:04:44 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4132216DD for ; Thu, 9 Jun 2016 08:04:44 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 408A4ADC9A1; Thu, 9 Jun 2016 08:04:44 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 401A4ADC9A0; Thu, 9 Jun 2016 08:04:44 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 01AF216DC; Thu, 9 Jun 2016 08:04:44 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAuxE-000O5w-PX; Thu, 09 Jun 2016 11:04:40 +0300 Date: Thu, 9 Jun 2016 11:04:40 +0300 From: Slawa Olhovchenkov To: krad Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , freebsd-security@freebsd.org, "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160609080440.GR75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 08:04:44 -0000 On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote: > googles will be pretty static, but i would just use them as a one off, ie > with ntpdate i am talk about freebsd system/project. > > On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote: > > > > > Slawa Olhovchenkov writes: > > > > IMHO, ntp.conf need to include some numeric IP of public ntp servers. > > > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > > > What you suggestion? > > > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > From owner-freebsd-stable@freebsd.org Thu Jun 9 08:44:26 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5AD29AEE660 for ; Thu, 9 Jun 2016 08:44:26 +0000 (UTC) (envelope-from bounces@mailvm.ru) Received: from mailvm.ru (mailvm.ru [185.144.28.251]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D6CF71B91 for ; Thu, 9 Jun 2016 08:44:25 +0000 (UTC) (envelope-from bounces@mailvm.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mailvm.ru; s=mail; h=Content-Type:MIME-Version:List-Owner:List-Subscribe:List-Unsubscribe:List-Help:Message-ID:Subject:From:To:Date; bh=9n+EUL1oNTKG6vzksEnqDiSLsMDpljFIOAqQNG7Lff8=; b=Cf32bEc1ndG9jPeLLQYrcNhBhbo1f5qunRjbJdp99zwXuAs3I3PVIk1IZNd+XHgrHkBBb/TqzpWbC5HMSuT9YUa7zLSFUeAE4Ab3c2r5VQ7eqvsjPfwdATAfVLlY6Z5Euyn6vlXFsgflel+fATj9CN7nuPfMdu9shLZnJ7veRcc=; Received: by mailvm.ru with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1bAt7Q-0008Pw-U5; Thu, 09 Jun 2016 09:07:04 +0300 Date: Thu, 9 Jun 2016 09:07:04 +0300 To: freebsd-stable@freebsd.org From: =?UTF-8?B?0J7RgNCz0LrQvtC80LjRgtC10YI=?= Subject: =?UTF-8?B?0JjRgdC60LvRjtGH0LjRgtC10LvRjNC90L4g0YXQvtGA0L7RiNC+INC+0YI=?= =?UTF-8?B?0LTQvtGF0L3Rg9GC0Ywg0YLRgNGD0LTQvtCy0YvQvCDQutC+0LvQu9C10Lo=?= =?UTF-8?B?0YLQuNCy0LDQvA==?= Message-ID: X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer) X-phpList-version: 3.2.4 X-MessageID: 62 X-ListMember: freebsd-stable@freebsd.org Precedence: bulk Bounces-To: bounces@mailvm.ru List-Owner: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 08:44:26 -0000 /=D0=9B//=D1=8C=D0=B3=D0=BE=D1=82=D0=BD=D1=8B=D0=B5 =D0=BF=D1=83=D1=82= =D0=B5=D0=B2=D0=BA=D0=B8 =D0=B4=D0=BB=D1=8F =D1=82=D1=80=D1=83=D0=B4=D0= =BE=D0=B2=D1=8B=D1=85 =D0=BA=D0=BE=D0=BB=D0=BB=D0=B5=D0=BA=D1=82=D0=B8=D0=B2=D0=BE=D0=B2, =D0= =BF=D1=80=D0=BE=D1=84=D1=81=D0=BE=D1=8E=D0=B7=D0=BD=D1=8B=D1=85 =D0=B8 = =D0=BE=D0=B1=D1=89=D0=B5=D1=81=D1=82=D0=B2=D0=B5=D0=BD=D0=BD=D1=8B=D1=85 =D0=BE=D1=80=D0=B3=D0=B0=D0=BD=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D0=B9, =D0= =B0 =D1=82=D0=B0=D0=BA=D0=B6=D0=B5 =D0=B2=D1=81=D0=B5=D1=85 =D0=B6=D0=B5= =D0=BB=D0=B0=D1=8E=D1=89=D0=B8=D1=85 =D0=B2 =D1=87=D0=B0=D1=81=D1=82=D0=BD=D1=8B=D0=B5 =D0=BE=D1=82=D0=B5=D0=BB=D0= =B8 =D0=A1=D0=BE=D1=87=D0=B8 =D0=B8 =D0=90=D0=B4=D0=BB=D0=B5=D1=80=D0=B0! / /=D0=A1=D0=A3=D0=9F=D0=95=D0=A0=D0=90=D0=9A=D0=A6=D0=98=D0=AF!!!/ /=D0=94=D0=BE 20 =D0=B8=D1=8E=D0=BD=D1=8F =D1=81=D0=BA=D0=B8=D0=B4=D0=BA= =D0=B8 =D0=BD=D0=B0 =D0=B2=D1=81=D0=B5 =D0=BD=D0=B0=D1=88=D0=B8 =D0=BE= =D1=82=D0=B5=D0=BB=D0=B8:/ *=D0=BD=D0=B0 =D0=B8=D1=8E=D0=BD=D1=8C - 20%, =D0=BD=D0=B0 =D1=81=D0=B5= =D0=BD=D1=82=D1=8F=D0=B1=D1=80=D1=8C - 30%, =D0=BD=D0=B0 =D0=BE=D0=BA=D1= =82=D1=8F=D0=B1=D1=80=D1=8C - 40%* =D0=92=D1=81=D1=8F =D0=B8=D0=BD=D1=84=D0=BE=D1=80=D0=BC=D0=B0=D1=86=D0= =B8=D1=8F =D0=B7=D0=B4=D0=B5=D1=81=D1=8C=0A -- This message was sent to freebsd-stable@freebsd.org by petrov@mailvm.ru To forward this message, please do not use the forward button of your email application, because this message was made specifically for you only. Instead use the forward page=0A in our newsletter system. To change your details and to choose which lists to be subscribed to, visit your personal preferences page=0A or you can opt-out completely=0A from all future mailings. =D0=98=D0=B7=D0=BC=D0=B5=D0=BD=D0=B8=D1=82=D1=8C =D0=BF=D0=B0=D1=80=D0= =B0=D0=BC=D0=B5=D1=82=D1=80=D1=8B =D1=80=D0=B0=D1=81=D1=81=D1=8B=D0=BB= =D0=BA=D0=B8, =D0=B2 =D1=82=D0=BE=D0=BC =D1=87=D0=B8=D1=81=D0=BB=D0=B5 =D0=BE=D1=82=D0=BF=D0=B8=D1=81=D0=B0=D1=82=D1=8C=D1=81=D1=8F =D0=BE=D1= =82 =D1=80=D0=B0=D1=81=D1=81=D1=8B=D0=BB=D0=BE=D0=BA, =D0=92=D1=8B =D0= =BC=D0=BE=D0=B6=D0=B5=D1=82=D0=B5 =D0=BD=D0=B0 =D1=81=D0=B2=D0=BE=D0=B5=D0=B9 =D0=BF=D0=B5=D1=80=D1=81=D0=BE=D0=BD=D0= =B0=D0=BB=D1=8C=D0=BD=D0=BE=D0=B9 =D1=81=D1=82=D1=80=D0=B0=D0=BD=D0=B8= =D1=86=D0=B5 =D0=BD=D0=B0=D1=81=D1=82=D1=80=D0=BE=D0=B5=D0=BA =D0=B8=D0=BB=D0=B8 =D0=92=D1=8B =D0=BC=D0=BE=D0=B6=D0=B5=D1=82=D0=B5 =D0= =BF=D1=80=D0=BE=D1=81=D1=82=D0=BE =D0=BE=D1=82=D0=BF=D0=B8=D1=81=D0=B0= =D1=82=D1=8C=D1=81=D1=8F =D0=BE=D1=82 =D1=8D=D1=82=D0=BE=D0=B9 =D1=80=D0=B0=D1=81=D1=81=D1=8B=D0= =BB=D0=BA=D0=B8. =20 -- powered by phpList, www.phplist.com -- From owner-freebsd-stable@freebsd.org Thu Jun 9 08:45:34 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17328AEE72C for ; Thu, 9 Jun 2016 08:45:34 +0000 (UTC) (envelope-from bounces@mailvm.ru) Received: from mailvm.ru (mailvm.ru [185.144.28.251]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C1C061CD5 for ; Thu, 9 Jun 2016 08:45:33 +0000 (UTC) (envelope-from bounces@mailvm.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mailvm.ru; s=mail; h=Content-Type:MIME-Version:List-Unsubscribe:Message-ID:Subject:From:To:Date; bh=03eTrMlxyhX7DwYOtHQMporBl/S0PAhBeb8XIWaRRAc=; b=GelUG9vnHdMT/aH/71o3l/Z3fsfeM75ASmhPxsZ2q7PKuNtiPQkRFIJfgEeFIbnuVek0aKn1uCuA1dDZnVhhU2FjL52Z17+pEhD3RR/x8vfLm704QXEzHOswL8hagLPMY39IEV0TvUZPMzw7czYVcPb2t3Z5jdXG4EuH2+ZRqpQ=; Received: by mailvm.ru with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1bAvak-0000GW-Oy; Thu, 09 Jun 2016 11:45:30 +0300 Received: from mailvm.ru [185.144.28.251] by mailvm.ru with HTTP; Thu, 09 Jun 2016 11:45:30 +0300 Date: Thu, 9 Jun 2016 11:45:30 +0300 To: freebsd-stable@freebsd.org From: =?UTF-8?B?0J7RgNCz0LrQvtC80LjRgtC10YI=?= Subject: Goodbye from our Newsletter Message-ID: <1584f8aee6f69a73d2ad79daf1185e13@mailvm.ru> X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer) X-phpList-version: 3.2.4 X-MessageID: systemmessage X-ListMember: freebsd-stable@freebsd.org Precedence: bulk Bounces-To: bounces@mailvm.ru MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 08:45:34 -0000 =20 Goodbye from our Newsletter, sorry to see you go. You have been unsubscribed from our newsletters. This is the last email you will receive from us. Our newsletter system,= =0AphpList, will refuse to send you any further messages, without manual intervention= =0Aby our administrator. If there is an error in this information, you can re-subscribe: please go to http://mailvm.ru/lists/?p=3Dsubscribe and follow the steps. Thank you =20 =20 From owner-freebsd-stable@freebsd.org Thu Jun 9 10:08:00 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9FDCEAEF118 for ; Thu, 9 Jun 2016 10:08:00 +0000 (UTC) (envelope-from lists@peter.de.com) Received: from elsa.gfuzz.de (elsa.gfuzz.de [88.198.148.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 65F791A78 for ; Thu, 9 Jun 2016 10:07:59 +0000 (UTC) (envelope-from lists@peter.de.com) Received: from localhost (localhost [127.0.0.1]) by elsa.gfuzz.de (Postfix) with ESMTP id E4D13E0526 for ; Thu, 9 Jun 2016 12:01:49 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at elsa.gfuzz.de Received: from elsa.gfuzz.de ([127.0.0.1]) by localhost (elsa.gfuzz.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nGX4NZEMl_KS for ; Thu, 9 Jun 2016 12:01:49 +0200 (CEST) Received: from mail.opdns.de (ipbcc23bab.dynamic.kabel-deutschland.de [188.194.59.171]) (Authenticated sender: oliver@gfuzz.de) by elsa.gfuzz.de (Postfix) with ESMTPSA id 347B9E0129 for ; Thu, 9 Jun 2016 12:01:49 +0200 (CEST) Date: Thu, 9 Jun 2016 12:01:47 +0200 From: Oliver Peter To: freebsd-stable@freebsd.org Subject: Re: 10.3-STABLE - PF - possible regression in pf.conf set timeout interval Message-ID: <20160609100147.GA19782@mail.opdns.de> References: <62ABBFDC-8662-48E5-A624-EAE609CDCBD0@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: Linux 3.16.0-4-686-pae i686 User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 10:08:00 -0000 On Wed, May 11, 2016 at 09:44:32PM +0200, Damien Fleuriot wrote: > On 11 May 2016 at 21:41, Luiz Otavio O Souza wrote: > > > On Mon, May 9, 2016 at 12:15 PM, Kristof Provost wrote: > > > > > >> On 09 May 2016, at 16:58, Damien Fleuriot wrote: > > >> > > >> Since the upgrade, pf rules won't load anymore at boot time, nor even > > >> manually with pfctl -f /etc/pf.conf : > > >> # pfctl -f /etc/pf.conf > > >> /etc/pf.conf:24: syntax error > > >> pfctl: Syntax error in config file: pf rules not loaded > > >> > > >> The problematic line is : > > >> set timeout interval 10 > > >> > > > I think that was broken by the commit which added ALTQ support for CoDel. > > > > > > It made ?interval? a keyword, and it looks like that breaks things for > > you. > > > > > > I?ve cced loos so he can take a look. > > > > Damien, > > > > I was AFK in the past couple days, I'll look at this tonight. > > > > Luiz > > > > > Cheers Luiz, > > Do tell if I may be of help, got a building box at work I can use just for > that ;) Hi, Is there any news on this? We hit the problem today while applying our pf.conf from a 10.2 machine to a 10.3-STABLE. Took a while to find out what actually happened to pf.conf until a colleage found this thread. Perhaps we should open a bug report for this? Cheers ~ollie -- Oliver PETER oliver@gfuzz.de 0x456D688F From owner-freebsd-stable@freebsd.org Thu Jun 9 13:00:21 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC216B6EA06 for ; Thu, 9 Jun 2016 13:00:21 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id BBA691C3B for ; Thu, 9 Jun 2016 13:00:21 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: by mailman.ysv.freebsd.org (Postfix) id B701FB6EA05; Thu, 9 Jun 2016 13:00:21 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2082B6EA04; Thu, 9 Jun 2016 13:00:21 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6E2011C3A; Thu, 9 Jun 2016 13:00:20 +0000 (UTC) (envelope-from kp@vega.codepro.be) Received: from vega.codepro.be (unknown [172.16.1.3]) by venus.codepro.be (Postfix) with ESMTP id AFF701E46C; Thu, 9 Jun 2016 15:00:17 +0200 (CEST) Received: by vega.codepro.be (Postfix, from userid 1001) id A7C4880AC; Thu, 9 Jun 2016 15:00:17 +0200 (CEST) Date: Thu, 9 Jun 2016 15:00:17 +0200 From: Kristof Provost To: Slawa Olhovchenkov Cc: stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfw fwd to closed port Message-ID: <20160609130017.GA4071@vega.codepro.be> References: <20160608230240.GA51364@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20160608230240.GA51364@zxy.spb.ru> X-Checked-By-NSA: Probably User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 13:00:21 -0000 On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov wrote: > Forwarding by ipfw to closed local port generating RST packet with > incorrect checksun. Is this know ussuse? Need open PR? Where did you capture the packet? If you've captured the packet on the machine that generated it tcpdump may indeed claim that the checksum is wrong, because it's computed by the hardware (so after tcpdump captured it). Regards, Kristof From owner-freebsd-stable@freebsd.org Thu Jun 9 13:06:05 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22BD6B6EEC7 for ; Thu, 9 Jun 2016 13:06:05 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 123DE1B7E for ; Thu, 9 Jun 2016 13:06:05 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 0DE51B6EEC6; Thu, 9 Jun 2016 13:06:05 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D764B6EEC5; Thu, 9 Jun 2016 13:06:05 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C60F71B7C; Thu, 9 Jun 2016 13:06:04 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAzer-0005gL-J2; Thu, 09 Jun 2016 16:06:01 +0300 Date: Thu, 9 Jun 2016 16:06:01 +0300 From: Slawa Olhovchenkov To: Kristof Provost Cc: stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfw fwd to closed port Message-ID: <20160609130601.GS75630@zxy.spb.ru> References: <20160608230240.GA51364@zxy.spb.ru> <20160609130017.GA4071@vega.codepro.be> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160609130017.GA4071@vega.codepro.be> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 13:06:05 -0000 On Thu, Jun 09, 2016 at 03:00:17PM +0200, Kristof Provost wrote: > On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov wrote: > > Forwarding by ipfw to closed local port generating RST packet with > > incorrect checksun. Is this know ussuse? Need open PR? > > Where did you capture the packet? If you've captured the packet on the > machine that generated it tcpdump may indeed claim that the checksum is > wrong, because it's computed by the hardware (so after tcpdump captured > it). On the tun0 (destination of RST packet routed to tun0). tun0: flags=8051 metric 0 mtu 1500 options=80000 inet 192.168.4.1 --> 192.168.4.1 netmask 0xffffff00 inet6 fe80::240:63ff:fedc:ac9e%tun0 prefixlen 64 scopeid 0x9 nd6 options=21 Opened by PID 1345 tun0 don't computed checksum. From owner-freebsd-stable@freebsd.org Thu Jun 9 13:08:38 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C704B6F07E for ; Thu, 9 Jun 2016 13:08:38 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 3C72F1DCB for ; Thu, 9 Jun 2016 13:08:38 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 3BC4AB6F07D; Thu, 9 Jun 2016 13:08:38 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B4D4B6F07B; Thu, 9 Jun 2016 13:08:38 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 08AEB1DCA; Thu, 9 Jun 2016 13:08:38 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [10.65.209.127] (unknown [137.122.64.8]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id D8E661E513; Thu, 9 Jun 2016 15:08:35 +0200 (CEST) From: "Kristof Provost" To: "Slawa Olhovchenkov" Cc: stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfw fwd to closed port Date: Thu, 09 Jun 2016 09:08:33 -0400 Message-ID: In-Reply-To: <20160609130601.GS75630@zxy.spb.ru> References: <20160608230240.GA51364@zxy.spb.ru> <20160609130017.GA4071@vega.codepro.be> <20160609130601.GS75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Mailer: MailMate Trial (1.9.4r5234) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 13:08:38 -0000 On 9 Jun 2016, at 9:06, Slawa Olhovchenkov wrote: > On Thu, Jun 09, 2016 at 03:00:17PM +0200, Kristof Provost wrote: > >> On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov wrote: >>> Forwarding by ipfw to closed local port generating RST packet with >>> incorrect checksun. Is this know ussuse? Need open PR? >> >> Where did you capture the packet? If you've captured the packet on the >> machine that generated it tcpdump may indeed claim that the checksum is >> wrong, because it's computed by the hardware (so after tcpdump captured >> it). > > On the tun0 (destination of RST packet routed to tun0). > tun0: flags=8051 metric 0 mtu 1500 > options=80000 > inet 192.168.4.1 --> 192.168.4.1 netmask 0xffffff00 > inet6 fe80::240:63ff:fedc:ac9e%tun0 prefixlen 64 scopeid 0x9 > nd6 options=21 > Opened by PID 1345 > > tun0 don't computed checksum. I’m not sure I understand what you’re trying to say. In any case: either capture the packet outside the machine, or confirm that the checksum is wrong by watching the relevant netstat counters. Regards, Kristof From owner-freebsd-stable@freebsd.org Thu Jun 9 13:16:20 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B04FB6F409 for ; Thu, 9 Jun 2016 13:16:20 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 79B6316B6 for ; Thu, 9 Jun 2016 13:16:20 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 752E8B6F408; Thu, 9 Jun 2016 13:16:20 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74984B6F407; Thu, 9 Jun 2016 13:16:20 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 39E8116B4; Thu, 9 Jun 2016 13:16:20 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bAzoo-0005ur-9O; Thu, 09 Jun 2016 16:16:18 +0300 Date: Thu, 9 Jun 2016 16:16:18 +0300 From: Slawa Olhovchenkov To: Kristof Provost Cc: stable@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfw fwd to closed port Message-ID: <20160609131618.GU75630@zxy.spb.ru> References: <20160608230240.GA51364@zxy.spb.ru> <20160609130017.GA4071@vega.codepro.be> <20160609130601.GS75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 13:16:20 -0000 On Thu, Jun 09, 2016 at 09:08:33AM -0400, Kristof Provost wrote: > > > On 9 Jun 2016, at 9:06, Slawa Olhovchenkov wrote: > > > On Thu, Jun 09, 2016 at 03:00:17PM +0200, Kristof Provost wrote: > > > >> On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov wrote: > >>> Forwarding by ipfw to closed local port generating RST packet with > >>> incorrect checksun. Is this know ussuse? Need open PR? > >> > >> Where did you capture the packet? If you've captured the packet on the > >> machine that generated it tcpdump may indeed claim that the checksum is > >> wrong, because it's computed by the hardware (so after tcpdump captured > >> it). > > > > On the tun0 (destination of RST packet routed to tun0). > > tun0: flags=8051 metric 0 mtu 1500 > > options=80000 > > inet 192.168.4.1 --> 192.168.4.1 netmask 0xffffff00 > > inet6 fe80::240:63ff:fedc:ac9e%tun0 prefixlen 64 scopeid 0x9 > > nd6 options=21 > > Opened by PID 1345 > > > > tun0 don't computed checksum. > > I’m not sure I understand what you’re trying to say. > > In any case: either capture the packet outside the machine, or confirm > that the checksum is wrong by watching the relevant netstat counters. I am have machine with tun0 (see above) and ipfw rules: 04010 23880 2132855 fwd 127.0.0.1,3129 tcp from 192.168.0.0/16 to not me dst-port 80,3128,8080,8100-8105 recv tun0 # netstat -rn 192.168.4.0/24 192.168.4.1 UGS tun0 192.168.4.1 link#9 UH tun0 tun0 handled by coova-chilli. Initator from network 192.168.4.0/24 (ex: 192.168.4.4) send packet to outside, 8.8.8.8 for example. fwd on tun0 forwarded tin 127.0.0.1,3129. No listener on 127.0.0.1:3129, RST generated from 8.8.8.8:80 to 192.168.4.4:2345. This packet routed to tun0 an received by chilli. Checksums must be correct at this point, on tun0 interface for correct handling in chilli. From owner-freebsd-stable@freebsd.org Thu Jun 9 13:29:12 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C1603B6FBA2 for ; Thu, 9 Jun 2016 13:29:12 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id A146718A3 for ; Thu, 9 Jun 2016 13:29:12 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 9C520B6FB9F; Thu, 9 Jun 2016 13:29:12 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BE61B6FB9E; Thu, 9 Jun 2016 13:29:12 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 44A3E189F; Thu, 9 Jun 2016 13:29:12 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x22f.google.com with SMTP id n184so225517100wmn.1; Thu, 09 Jun 2016 06:29:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MadOM8yAnNnN1Yef6apRUE2ZaMOOCY1+ysvWQKGIYtw=; b=cXqVRLaDSdvNThgcCMbysEvblYXUxgwLr4Ghx+M7HBtjEcfU8FQkxFfzkfAqCIMCmh qh0Ti9TePnrfUotBjgNML8+ks3VIldoj7Sr+fM2d3d2JO3PLESP+oomSj5rBoqkoUG3b gjDWhxFgzDSfRmi5LGYSAQuDmukWimrKGMrjG2WtRs4JSXmiOya0xN9wrDLgq8j0nRv6 CspnX2gke3/FYDaE4jHAPTGPha5j56nKrLqweC4DFkDavfcq29dqeB4SFiwVwnk2DZNq O6t+Rwm5jhu75Djs0GkvmNSjf0OZEu9/+TVjyeYMriCa57hJEZHhA4Ekl2jZdQOdpTh9 v3oQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MadOM8yAnNnN1Yef6apRUE2ZaMOOCY1+ysvWQKGIYtw=; b=Ff3TAirQMRCQZiF5xqUAUBtXyHasqbsvF7Skgw63xlAI9pySZGRD0ZyN8Df0ze7vHD NMac/fzSOpUtD2dLUyV4Rl8YVgCdt+IyV2FJ2hJy7yre8pV6vlaZqCgklHNvie8+Zmwg wn6oPele9HtNkLiePGNLbFvEfjVJpkST8L84PBkkQr69lrZUEGWb7RNFKIISTevPWkE9 jPsLXYbMMnczBD5KekzoB4OwBFfLmwvmPxAIo2Jyie/wZdLy5WP3dzrOcvlzs0njEbag yfL7sPO3KL5V0mqQR3reaREaJheCOPmfRDtG2tzojnf+DNvoC2p3XItDZjIx4nzOAhY8 +FBg== X-Gm-Message-State: ALyK8tJNcpiy22CUiyPLPM2DFWtgs/FF5MKaiakMDKmb+boYp3+8k0BtrWLohlQrXPG7GbGbx+yiGYQJHdMZGg== X-Received: by 10.28.20.139 with SMTP id 133mr13169534wmu.19.1465478950362; Thu, 09 Jun 2016 06:29:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Thu, 9 Jun 2016 06:29:09 -0700 (PDT) In-Reply-To: <20160609080440.GR75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> From: krad Date: Thu, 9 Jun 2016 14:29:09 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= , freebsd-security@freebsd.org, "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 13:29:12 -0000 I doubt that will happen as you are asking to pollute every release installation for an edge condition when there is numerous work arounds that would be acceptable to most. eg two lines in rc.conf will fix the issue. On 9 June 2016 at 09:04, Slawa Olhovchenkov wrote: > On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote: > > > googles will be pretty static, but i would just use them as a one off, = ie > > with ntpdate > > i am talk about freebsd system/project. > > > > > On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > > > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Sm=C3=B8rgrav wr= ote: > > > > > > > Slawa Olhovchenkov writes: > > > > > IMHO, ntp.conf need to include some numeric IP of public ntp > servers. > > > > > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > > > > > What you suggestion? > > > > > > _______________________________________________ > > > freebsd-stable@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > To unsubscribe, send any mail to " > freebsd-stable-unsubscribe@freebsd.org" > > > > From owner-freebsd-stable@freebsd.org Thu Jun 9 13:37:42 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C103B700D6 for ; Thu, 9 Jun 2016 13:37:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 68A77118F for ; Thu, 9 Jun 2016 13:37:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 63F42B700D5; Thu, 9 Jun 2016 13:37:42 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6376EB700D4; Thu, 9 Jun 2016 13:37:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2783D118E; Thu, 9 Jun 2016 13:37:42 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bB09T-0006NM-U0; Thu, 09 Jun 2016 16:37:39 +0300 Date: Thu, 9 Jun 2016 16:37:39 +0300 From: Slawa Olhovchenkov To: krad Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , freebsd-security@freebsd.org, "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160609133739.GV75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 13:37:42 -0000 On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > I doubt that will happen as you are asking to pollute every release > installation for an edge condition when there is numerous work arounds > that would be acceptable to most. eg two lines in rc.conf will fix the > issue. This manual editing will be required by every install on RPi, for example. Also, this issuse hard to dignostics by average user. > On 9 June 2016 at 09:04, Slawa Olhovchenkov wrote: > > > On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote: > > > > > googles will be pretty static, but i would just use them as a one off, ie > > > with ntpdate > > > > i am talk about freebsd system/project. > > > > > > > > On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > > > > > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav wrote: > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > IMHO, ntp.conf need to include some numeric IP of public ntp > > servers. > > > > > > > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > > > > > > > What you suggestion? > > > > > > > > _______________________________________________ > > > > freebsd-stable@freebsd.org mailing list > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > To unsubscribe, send any mail to " > > freebsd-stable-unsubscribe@freebsd.org" > > > > > > From owner-freebsd-stable@freebsd.org Thu Jun 9 13:48:34 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D6C0B70515 for ; Thu, 9 Jun 2016 13:48:34 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 8986D1C22 for ; Thu, 9 Jun 2016 13:48:34 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: by mailman.ysv.freebsd.org (Postfix) id 88E97B70514; Thu, 9 Jun 2016 13:48:34 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8898FB70513 for ; Thu, 9 Jun 2016 13:48:34 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id 63F5B1C21 for ; Thu, 9 Jun 2016 13:48:34 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from lowell-desk.lan (router.lan [172.30.250.2]) by be-well.ilk.org (Postfix) with ESMTP id 6FCC733C1E; Thu, 9 Jun 2016 09:48:27 -0400 (EDT) Received: by lowell-desk.lan (Postfix, from userid 1147) id C457E39828; Thu, 9 Jun 2016 09:48:26 -0400 (EDT) From: Lowell Gilbert To: Slawa Olhovchenkov Cc: krad , Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , "stable\@freebsd.org" Subject: Re: unbound and ntp issuse References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> Reply-To: stable@freebsd.org Date: Thu, 09 Jun 2016 09:48:25 -0400 In-Reply-To: <20160609133739.GV75630@zxy.spb.ru> (Slawa Olhovchenkov's message of "Thu, 9 Jun 2016 16:37:39 +0300") Message-ID: <44r3c68od2.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 13:48:34 -0000 Slawa Olhovchenkov writes: > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > >> I doubt that will happen as you are asking to pollute every release >> installation for an edge condition when there is numerous work arounds >> that would be acceptable to most. eg two lines in rc.conf will fix the >> issue. > > This manual editing will be required by every install on RPi, for > example. No, it won't. Most people will just give the system a valid DNS configuration, and the clock will not be an issue. From owner-freebsd-stable@freebsd.org Thu Jun 9 14:02:13 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39461B70A24 for ; Thu, 9 Jun 2016 14:02:13 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 265BA17DC for ; Thu, 9 Jun 2016 14:02:13 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 25B47B70A23; Thu, 9 Jun 2016 14:02:13 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 255D4B70A22 for ; Thu, 9 Jun 2016 14:02:13 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DDF3317D9 for ; Thu, 9 Jun 2016 14:02:12 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bB0XB-0006ww-W5; Thu, 09 Jun 2016 17:02:10 +0300 Date: Thu, 9 Jun 2016 17:02:09 +0300 From: Slawa Olhovchenkov To: stable@freebsd.org Cc: krad , Dag-Erling =?utf-8?B?U23DuHJncmF2?= Subject: Re: unbound and ntp issuse Message-ID: <20160609140209.GW75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44r3c68od2.fsf@lowell-desk.lan> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 14:02:13 -0000 On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote: > Slawa Olhovchenkov writes: > > > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > > > >> I doubt that will happen as you are asking to pollute every release > >> installation for an edge condition when there is numerous work arounds > >> that would be acceptable to most. eg two lines in rc.conf will fix the > >> issue. > > > > This manual editing will be required by every install on RPi, for > > example. > > No, it won't. Most people will just give the system a valid DNS > configuration, and the clock will not be an issue. What invalid in my DNS configuration? From owner-freebsd-stable@freebsd.org Thu Jun 9 17:08:49 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 37DD8B70A2D for ; Thu, 9 Jun 2016 17:08:49 +0000 (UTC) (envelope-from mi+thun@aldan.algebra.com) Received: from vms173015pub.verizon.net (vms173015pub.verizon.net [206.46.173.15]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 01DE514BD; Thu, 9 Jun 2016 17:08:48 +0000 (UTC) (envelope-from mi+thun@aldan.algebra.com) Received: from vz-proxy-m001.mx.aol.com ([64.236.83.14]) by vms173015.mailsrvcs.net (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014)) with ESMTPA id <0O8I00GTUI5F8T20@vms173015.mailsrvcs.net>; Thu, 09 Jun 2016 11:08:08 -0500 (CDT) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=J+9Xl1TS c=1 sm=1 tr=0 a=MJxOpqxZADbEbEImuSX/mw==:117 a=pD_ry4oyNxEA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=_qAzQHV7Tnxc-pD94YkA:9 a=pILNOxqGKmIA:10 a=XJnPi4rGg6p4uxBij5IA:9 a=b55vj6Ecdl4peCG8:21 a=_W_S_7VecoQA:10 Received: by 100.1.241.90 with SMTP id 1eca989b; Thu, 09 Jun 2016 16:08:08 GMT Subject: Re: Nasty state after running out of swap To: Mark Johnston References: <057d6b66-8051-213f-e716-efada3692bc0@aldan.algebra.com> <20160608222440.GA28489@charmander> Cc: freebsd-stable@FreeBSD.org From: "Mikhail T." Message-id: <46efd82f-8038-259b-dc2e-2e0073760ee5@aldan.algebra.com> Date: Thu, 09 Jun 2016 12:08:03 -0400 MIME-version: 1.0 In-reply-to: <20160608222440.GA28489@charmander> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 17:08:49 -0000 On 08.06.2016 18:24, Mark Johnston wrote: >> Is it yet to recover from the "out of swap" situation? I'm sure, a >> > reboot will fix everything, but I expected FreeBSD to be better than >> > that... Running 10.3-stable from April 18 here. Thanks! > There was a memory leak in CAM at that point. It's fixed in r299531, but > the vmstat output is needed to verify that this is the problem you're > hitting. Sorry, the system was completely dead by the time I got home to it (no console, ssh-connections hanging after the first handshake)... I reset it and built a new world/kernel, which seem to be working Ok now. Thanks! -mi From owner-freebsd-stable@freebsd.org Thu Jun 9 18:31:25 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6021B70FBD for ; Thu, 9 Jun 2016 18:31:25 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D16E21180 for ; Thu, 9 Jun 2016 18:31:25 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: by mailman.ysv.freebsd.org (Postfix) id CD0C2B70FBC; Thu, 9 Jun 2016 18:31:25 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CCB64B70FBB for ; Thu, 9 Jun 2016 18:31:25 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id A911E117E for ; Thu, 9 Jun 2016 18:31:25 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from lowell-desk.lan (router.lan [172.30.250.2]) by be-well.ilk.org (Postfix) with ESMTP id 4A7A133C1E; Thu, 9 Jun 2016 14:31:18 -0400 (EDT) Received: by lowell-desk.lan (Postfix, from userid 1147) id C135839828; Thu, 9 Jun 2016 14:31:17 -0400 (EDT) From: Lowell Gilbert To: Slawa Olhovchenkov Cc: stable@freebsd.org, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , krad Subject: Re: unbound and ntp issuse References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> <20160609140209.GW75630@zxy.spb.ru> Reply-To: stable@freebsd.org Date: Thu, 09 Jun 2016 14:31:17 -0400 In-Reply-To: <20160609140209.GW75630@zxy.spb.ru> (Slawa Olhovchenkov's message of "Thu, 9 Jun 2016 17:02:09 +0300") Message-ID: <44mvmu8b9m.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 18:31:26 -0000 Slawa Olhovchenkov writes: > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote: > >> Slawa Olhovchenkov writes: >> >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: >> > >> >> I doubt that will happen as you are asking to pollute every release >> >> installation for an edge condition when there is numerous work arounds >> >> that would be acceptable to most. eg two lines in rc.conf will fix the >> >> issue. >> > >> > This manual editing will be required by every install on RPi, for >> > example. >> >> No, it won't. Most people will just give the system a valid DNS >> configuration, and the clock will not be an issue. > > What invalid in my DNS configuration? You said that you configured 127.0.0.1 as your DNS server. You didn't say how (or rather where) you did that, but if you had used the address of a working upstream recursive server, I suspect there wouldn't have been any problem. From owner-freebsd-stable@freebsd.org Thu Jun 9 18:56:49 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1683CB70914 for ; Thu, 9 Jun 2016 18:56:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 0283D1964 for ; Thu, 9 Jun 2016 18:56:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 01D35B70913; Thu, 9 Jun 2016 18:56:49 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 017E0B70912 for ; Thu, 9 Jun 2016 18:56:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B6AD11963 for ; Thu, 9 Jun 2016 18:56:48 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bB58H-000DaU-DQ; Thu, 09 Jun 2016 21:56:45 +0300 Date: Thu, 9 Jun 2016 21:56:45 +0300 From: Slawa Olhovchenkov To: stable@freebsd.org Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , krad Subject: Re: unbound and ntp issuse Message-ID: <20160609185645.GZ75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> <20160609140209.GW75630@zxy.spb.ru> <44mvmu8b9m.fsf@lowell-desk.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44mvmu8b9m.fsf@lowell-desk.lan> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 18:56:49 -0000 On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote: > Slawa Olhovchenkov writes: > > > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote: > > > >> Slawa Olhovchenkov writes: > >> > >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > >> > > >> >> I doubt that will happen as you are asking to pollute every release > >> >> installation for an edge condition when there is numerous work arounds > >> >> that would be acceptable to most. eg two lines in rc.conf will fix the > >> >> issue. > >> > > >> > This manual editing will be required by every install on RPi, for > >> > example. > >> > >> No, it won't. Most people will just give the system a valid DNS > >> configuration, and the clock will not be an issue. > > > > What invalid in my DNS configuration? > > You said that you configured 127.0.0.1 as your DNS server. You didn't > say how (or rather where) you did that, but if you had used the address > of a working upstream recursive server, I suspect there wouldn't have > been any problem. Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause unbound acts as recursive resolver. This is conventional setup. ("No forwarders found in resolv.conf, unbound will recurse." -- from /usr/sbin/local-unbound-setup) Using upstream recursive server with local unbound will cause same problem, IMHO, because unbound will be enfocing DNSSEC by the same way and rejecting all answers from upstream. From owner-freebsd-stable@freebsd.org Fri Jun 10 11:53:07 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88F53B71550 for ; Fri, 10 Jun 2016 11:53:07 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 67F5A1118 for ; Fri, 10 Jun 2016 11:53:07 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 675EBB7154E; Fri, 10 Jun 2016 11:53:07 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66D5DB7154D; Fri, 10 Jun 2016 11:53:07 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E90531117; Fri, 10 Jun 2016 11:53:06 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-wm0-x22f.google.com with SMTP id k204so98807343wmk.0; Fri, 10 Jun 2016 04:53:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GFrw87W4K9y8Jdwk7vTFhVGJ0gtwLF4x913wE0o9Ad8=; b=M7P5UEGouQD5zGZnMsLmApfTgNztUqEwtbmVQxE1QCxhMKJ8/whocjL4tUY9M0ytJ9 7k3c3gFaUtuyyCbE89HZlbmBk26RE+ASQ4tIruSgL4Ck81wSQEW4Q6eeYwmZ/aTqm7qH PRAsG5ERuPIsLOsCIJJ+H6j0bJc0tqYERBbwWmfYyV8w+WK8jh9ACfcb7JO3YVRCbKtY HetmNqdq6kUTsBCLsnIz2y1G8pkP4EIHApDA6IwWYCeILFpibtloNazw6DRDGg1fooRu 4852Fo411HFLXc7tOcT2U2FTgFRG4L5dbijhC+Q6IKn97ow/eJ//ndIveuGXB7QB0t4h UoNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GFrw87W4K9y8Jdwk7vTFhVGJ0gtwLF4x913wE0o9Ad8=; b=FQrqyoyURbsCklGU0PHZ+FqvgJ1PNuP1yJOyELFJ0/KphI7Lz13skOaIM3QyK/qn7z 8mlIB+9oLSe+tQ38STKbL4WCr1xhISwFHpuBXjjDBb7jQx6V2efWv42BMPpXE0JnGgd5 vREzN0CeLPIBSOmivWzBxHuEBc/x6nfRV1Gn7MZ0ymdKWmF4doq+odhS7venWA1RU4Lf mCMxE6DFbCVsWyG0DoEDHw8x7UKdLVMOCnLEK6+KKtVOwsTtXJiHRYXG7fc9MPJGEtUM TVDe/draKo6xKIaDUvB4Mg/74cNJcbzcTpwHP31RuCIP5/9t7MwOEtfVRDhLPH8VdKwc xJEA== X-Gm-Message-State: ALyK8tKlg/sFktLw/7tJKrNUXi6sJoQcO5Swii8Lv4ddM6o4KZW4KtGMSdIlUoitaE+Co0+K54hiiHnlGXlXIA== X-Received: by 10.195.11.103 with SMTP id eh7mr1851966wjd.56.1465559585472; Fri, 10 Jun 2016 04:53:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.6.12 with HTTP; Fri, 10 Jun 2016 04:53:04 -0700 (PDT) In-Reply-To: <20160609133739.GV75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> From: krad Date: Fri, 10 Jun 2016 12:53:04 +0100 Message-ID: Subject: Re: unbound and ntp issuse To: Slawa Olhovchenkov Cc: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= , freebsd-security@freebsd.org, "stable@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 11:53:07 -0000 Pretty much every box requires some form of configuration so its a moot point. IF you want automated deployment you will almost certainly be building a pxe or prepreared usb/cd image of some sort. In which case you include these settings in the deployed rc.conf. On 9 June 2016 at 14:37, Slawa Olhovchenkov wrote: > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > > > I doubt that will happen as you are asking to pollute every release > > installation for an edge condition when there is numerous work arounds > > that would be acceptable to most. eg two lines in rc.conf will fix th= e > > issue. > > This manual editing will be required by every install on RPi, for > example. > > Also, this issuse hard to dignostics by average user. > > > On 9 June 2016 at 09:04, Slawa Olhovchenkov wrote: > > > > > On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote: > > > > > > > googles will be pretty static, but i would just use them as a one > off, ie > > > > with ntpdate > > > > > > i am talk about freebsd system/project. > > > > > > > > > > > On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > > > > > > > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Sm=C3=B8rgra= v > wrote: > > > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > > IMHO, ntp.conf need to include some numeric IP of public ntp > > > servers. > > > > > > > > > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > > > > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > > > > > > > > > What you suggestion? > > > > > > > > > > _______________________________________________ > > > > > freebsd-stable@freebsd.org mailing list > > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > > To unsubscribe, send any mail to " > > > freebsd-stable-unsubscribe@freebsd.org" > > > > > > > > > From owner-freebsd-stable@freebsd.org Fri Jun 10 13:17:50 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E9C0B70460 for ; Fri, 10 Jun 2016 13:17:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 8A2AA1A5C for ; Fri, 10 Jun 2016 13:17:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 85C6CB7045F; Fri, 10 Jun 2016 13:17:50 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 853D7B7045E; Fri, 10 Jun 2016 13:17:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 42E7E1A5B; Fri, 10 Jun 2016 13:17:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bBMJh-000F0p-5V; Fri, 10 Jun 2016 16:17:41 +0300 Date: Fri, 10 Jun 2016 16:17:41 +0300 From: Slawa Olhovchenkov To: krad Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , freebsd-security@freebsd.org, "stable@freebsd.org" Subject: Re: unbound and ntp issuse Message-ID: <20160610131741.GC75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 13:17:50 -0000 On Fri, Jun 10, 2016 at 12:53:04PM +0100, krad wrote: > Pretty much every box requires some form of configuration so its a moot > point. IF you want automated deployment you will almost certainly be > building a pxe or prepreared usb/cd image of some sort. In which case you > include these settings in the deployed rc.conf. This sound like "installer and default config not need, use ansible for all" > On 9 June 2016 at 14:37, Slawa Olhovchenkov wrote: > > > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > > > > > I doubt that will happen as you are asking to pollute every release > > > installation for an edge condition when there is numerous work arounds > > > that would be acceptable to most. eg two lines in rc.conf will fix the > > > issue. > > > > This manual editing will be required by every install on RPi, for > > example. > > > > Also, this issuse hard to dignostics by average user. > > > > > On 9 June 2016 at 09:04, Slawa Olhovchenkov wrote: > > > > > > > On Thu, Jun 09, 2016 at 08:39:42AM +0100, krad wrote: > > > > > > > > > googles will be pretty static, but i would just use them as a one > > off, ie > > > > > with ntpdate > > > > > > > > i am talk about freebsd system/project. > > > > > > > > > > > > > > On 8 June 2016 at 10:48, Slawa Olhovchenkov wrote: > > > > > > > > > > > On Wed, Jun 08, 2016 at 02:29:29AM +0200, Dag-Erling Smørgrav > > wrote: > > > > > > > > > > > > > Slawa Olhovchenkov writes: > > > > > > > > IMHO, ntp.conf need to include some numeric IP of public ntp > > > > servers. > > > > > > > > > > > > > > https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse > > > > > > > > > https://en.wikipedia.org/wiki/Poul-Henning_Kamp#Dispute_with_D-Link > > > > > > > > > > > > What you suggestion? > > > > > > > > > > > > _______________________________________________ > > > > > > freebsd-stable@freebsd.org mailing list > > > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > > > To unsubscribe, send any mail to " > > > > freebsd-stable-unsubscribe@freebsd.org" > > > > > > > > > > > > From owner-freebsd-stable@freebsd.org Fri Jun 10 19:10:20 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9232AD932E for ; Fri, 10 Jun 2016 19:10:20 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id B61A828B8 for ; Fri, 10 Jun 2016 19:10:20 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: by mailman.ysv.freebsd.org (Postfix) id B1BD4AD932D; Fri, 10 Jun 2016 19:10:20 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B1600AD932C for ; Fri, 10 Jun 2016 19:10:20 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id 8E87228B7 for ; Fri, 10 Jun 2016 19:10:20 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: by be-well.ilk.org (Postfix, from userid 1147) id BD01E33C26; Fri, 10 Jun 2016 15:10:12 -0400 (EDT) From: Lowell Gilbert To: Slawa Olhovchenkov Cc: stable@freebsd.org, Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , krad Subject: Re: unbound and ntp issuse References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> <20160609140209.GW75630@zxy.spb.ru> <44mvmu8b9m.fsf@lowell-desk.lan> <20160609185645.GZ75630@zxy.spb.ru> Date: Fri, 10 Jun 2016 15:10:10 -0400 In-Reply-To: <20160609185645.GZ75630@zxy.spb.ru> (Slawa Olhovchenkov's message of "Thu, 9 Jun 2016 21:56:45 +0300") Message-ID: <44vb1gx3l9.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 19:10:20 -0000 Slawa Olhovchenkov writes: > On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote: > >> Slawa Olhovchenkov writes: >> >> > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote: >> > >> >> Slawa Olhovchenkov writes: >> >> >> >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: >> >> > >> >> >> I doubt that will happen as you are asking to pollute every release >> >> >> installation for an edge condition when there is numerous work arounds >> >> >> that would be acceptable to most. eg two lines in rc.conf will fix the >> >> >> issue. >> >> > >> >> > This manual editing will be required by every install on RPi, for >> >> > example. >> >> >> >> No, it won't. Most people will just give the system a valid DNS >> >> configuration, and the clock will not be an issue. >> > >> > What invalid in my DNS configuration? >> >> You said that you configured 127.0.0.1 as your DNS server. You didn't >> say how (or rather where) you did that, but if you had used the address >> of a working upstream recursive server, I suspect there wouldn't have >> been any problem. > > Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause > unbound acts as recursive resolver. This is conventional setup. > ("No forwarders found in resolv.conf, unbound will recurse." > -- from /usr/sbin/local-unbound-setup) I'll check on it if I get a chance. > Using upstream recursive server with local unbound will cause same > problem, IMHO, because unbound will be enfocing DNSSEC by the same > way and rejecting all answers from upstream. Well, we know that is not the case, because in that case nearly everyone would be having the problem. From owner-freebsd-stable@freebsd.org Fri Jun 10 19:17:26 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A97BAD96DB for ; Fri, 10 Jun 2016 19:17:26 +0000 (UTC) (envelope-from allbery.b@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 575552E01 for ; Fri, 10 Jun 2016 19:17:26 +0000 (UTC) (envelope-from allbery.b@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 52EC7AD96DA; Fri, 10 Jun 2016 19:17:26 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5292BAD96D9 for ; Fri, 10 Jun 2016 19:17:26 +0000 (UTC) (envelope-from allbery.b@gmail.com) Received: from mail-qg0-x234.google.com (mail-qg0-x234.google.com [IPv6:2607:f8b0:400d:c04::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0B3372E00 for ; Fri, 10 Jun 2016 19:17:26 +0000 (UTC) (envelope-from allbery.b@gmail.com) Received: by mail-qg0-x234.google.com with SMTP id l44so40135908qgd.0 for ; Fri, 10 Jun 2016 12:17:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NeCS5tKmvFqEusfcRrN4sdUGWytK4XOGl2id5tu3umo=; b=NJUS6wbv+kT9I+z22jbKGc6FaStrXRixPGvZH5LQ6gNNfP5GO5etN407J+kXM7jUPp hk3Lr2BYb8z313cZfQNxZaXApDRhUaPg0M5CY0hEm232hMPqSp9OJY/pnzUyDTRpuSpy IEETSTjTOtw3AVywiVmgw8am8O+KDMcKOgiP7H6rSWH9oVz6SguYaQcEUw8thZ4jy5Vl 0PICKq5Be6sP5wgEpupOkGOXNVuzi2/CJmLZwjSUsCQ0jIFxpkUyuTrPddi1zlklzN6F oMyz2bxNXAyCZys7KPR+pWrCZT0arbnIPxzvbpR9nsBa9KbEUoVd9c5yFF3/Q9672Uhz Z1fQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NeCS5tKmvFqEusfcRrN4sdUGWytK4XOGl2id5tu3umo=; b=hvhyfU8xTmhXgEzL7YP9VPdJ3TuoCKGC4d0pQiJhnMcG/12WTD2z2tq1LXWGW/y8yN pp0J3NMAh5yGFMZjdmgbZMj9Bzt75U8KjtilUsEgKFjNmhHDnbyMDAQitjBS6qSTN6IW +bgUxr1EDJVFFa0m7w/ZFAt2sFFkN0nu+xDST6wOcS8CXu5SPpCDXrBEcruB3PspBh6U lByvHDeeZbFfLps1aR0Cf+ooui2VhRbele0K/mDfZ/8CtF2GbCDZRO2fvOLMa8TcxD9z mk614DRtcwPJ1M+kO5a1RrZjiw64w9VGqLAsdrNAhX5+9GWl4DoJ37MLOiO+6Id4qLnR reMw== X-Gm-Message-State: ALyK8tIl9Nse6H0s+UadOGz9Xthi3AcD18yk7BLRHRuHK7/xHvuFbiVENgegIOi+xbwEQ10CYsRy0hCdZ/iLiA== X-Received: by 10.141.41.71 with SMTP id s68mr3524144qhe.102.1465586245123; Fri, 10 Jun 2016 12:17:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.55.203.9 with HTTP; Fri, 10 Jun 2016 12:17:24 -0700 (PDT) In-Reply-To: <44vb1gx3l9.fsf@be-well.ilk.org> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> <20160609140209.GW75630@zxy.spb.ru> <44mvmu8b9m.fsf@lowell-desk.lan> <20160609185645.GZ75630@zxy.spb.ru> <44vb1gx3l9.fsf@be-well.ilk.org> From: Brandon Allbery Date: Fri, 10 Jun 2016 15:17:24 -0400 Message-ID: Subject: Re: unbound and ntp issuse To: Lowell Gilbert Cc: Slawa Olhovchenkov , =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= , "stable@freebsd.org" , krad Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 19:17:26 -0000 On Fri, Jun 10, 2016 at 3:10 PM, Lowell Gilbert < freebsd-stable-local@be-well.ilk.org> wrote: > Well, we know that is not the case, because in that case nearly everyone > would be having the problem. > That would be the point... maybe not "nearly everyone" although it is hard to be certain, but I ran headlong into this when I tried to install --- and thought I'd done something wrong until this thread, where I learned that it doesn't work -out of the box-. -- brandon s allbery kf8nh sine nomine associates allbery.b@gmail.com ballbery@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net From owner-freebsd-stable@freebsd.org Fri Jun 10 21:44:36 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7FF0CAEF561 for ; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6B8A22B53 for ; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 671FCAEF55E; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66C03AEF55C for ; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 287612B52 for ; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bBUEB-0001GO-Gk; Sat, 11 Jun 2016 00:44:31 +0300 Date: Sat, 11 Jun 2016 00:44:31 +0300 From: Slawa Olhovchenkov To: Lowell Gilbert Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , stable@freebsd.org, krad Subject: Re: unbound and ntp issuse Message-ID: <20160610214431.GA2894@zxy.spb.ru> References: <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> <20160609140209.GW75630@zxy.spb.ru> <44mvmu8b9m.fsf@lowell-desk.lan> <20160609185645.GZ75630@zxy.spb.ru> <44vb1gx3l9.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44vb1gx3l9.fsf@be-well.ilk.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 21:44:36 -0000 On Fri, Jun 10, 2016 at 03:10:10PM -0400, Lowell Gilbert wrote: > Slawa Olhovchenkov writes: > > > On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote: > > > >> Slawa Olhovchenkov writes: > >> > >> > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote: > >> > > >> >> Slawa Olhovchenkov writes: > >> >> > >> >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > >> >> > > >> >> >> I doubt that will happen as you are asking to pollute every release > >> >> >> installation for an edge condition when there is numerous work arounds > >> >> >> that would be acceptable to most. eg two lines in rc.conf will fix the > >> >> >> issue. > >> >> > > >> >> > This manual editing will be required by every install on RPi, for > >> >> > example. > >> >> > >> >> No, it won't. Most people will just give the system a valid DNS > >> >> configuration, and the clock will not be an issue. > >> > > >> > What invalid in my DNS configuration? > >> > >> You said that you configured 127.0.0.1 as your DNS server. You didn't > >> say how (or rather where) you did that, but if you had used the address > >> of a working upstream recursive server, I suspect there wouldn't have > >> been any problem. > > > > Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause > > unbound acts as recursive resolver. This is conventional setup. > > ("No forwarders found in resolv.conf, unbound will recurse." > > -- from /usr/sbin/local-unbound-setup) > > I'll check on it if I get a chance. > > > Using upstream recursive server with local unbound will cause same > > problem, IMHO, because unbound will be enfocing DNSSEC by the same > > way and rejecting all answers from upstream. > > Well, we know that is not the case, because in that case nearly everyone > would be having the problem. Only in case of very incorrect time at startup (2008 year in may case, after CMOS reset)