From owner-freebsd-stable@freebsd.org Mon Nov 9 15:54:44 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 37A164668E1 for ; Mon, 9 Nov 2020 15:54:44 +0000 (UTC) (envelope-from paul@gromit.dlib.vt.edu) Received: from gromit.dlib.vt.edu (gromit.dlib.vt.edu [128.173.49.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "gromit.dlib.vt.edu", Issuer "Chumby Certificate Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CVFtW462Lz3FT4 for ; Mon, 9 Nov 2020 15:54:43 +0000 (UTC) (envelope-from paul@gromit.dlib.vt.edu) Received: from mather.gromit23.net (unknown [73.99.214.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gromit.dlib.vt.edu (Postfix) with ESMTPSA id ED6341A9; Mon, 9 Nov 2020 10:54:42 -0500 (EST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: Re: FreeBSD disable any automated outgoing connections From: Paul Mather In-Reply-To: <06ef76eeff11b6bd6c0964dbf8256d40@tango.lu> Date: Mon, 9 Nov 2020 10:54:42 -0500 Cc: freebsd-stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <06ef76eeff11b6bd6c0964dbf8256d40@tango.lu> To: freebsd@tango.lu X-Mailer: Apple Mail (2.3608.120.23.2.4) X-Rspamd-Queue-Id: 4CVFtW462Lz3FT4 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=vt.edu (policy=none); spf=none (mx1.freebsd.org: domain of paul@gromit.dlib.vt.edu has no SPF policy when checking 128.173.49.70) smtp.mailfrom=paul@gromit.dlib.vt.edu X-Spamd-Result: default: False [-1.06 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEFALL_USER(0.00)[paul]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[128.173.49.70:from]; MV_CASE(0.50)[]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; ARC_NA(0.00)[]; NEURAL_SPAM_SHORT(0.44)[0.438]; SPAMHAUS_ZRD(0.00)[128.173.49.70:from:127.0.2.255]; RECEIVED_SPAMHAUS_PBL(0.00)[73.99.214.146:received]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:1312, ipnet:128.173.0.0/16, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-stable]; DMARC_POLICY_SOFTFAIL(0.10)[vt.edu : No valid SPF, No valid DKIM,none] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2020 15:54:44 -0000 On Nov 2, 2020, at 2:15 AM, freebsd@tango.lu wrote: > Hello, >=20 > I have these connections 4-5 am in the morning going to bytemark, = cloudfare and other cloud providers: >=20 > - Connections 2.0 - Payload 5.0k - > Ports | Sources | Destinations = | Services | Protocols | States | > 443 100.0% | 192.168.1.5#1 100.0% | 104.16.45.99#2 = 50.0% | - 100.0% | 6 100.0% | SHR 100.0% | > | | 104.16.44.99#3 = 50.0% | | | | >=20 This is likely to be the /etc/periodic/daily/480.leapfile-ntpd daily = periodic job. It checks for an updated NTP leapfile from = $ntp_leapfile_sources. This periodic job defaults to "YES" in = /etc/defaults/rc.conf and the default for $ntp_leapfile_sources is = "https://www.ietf.org/timezones/data/leap-seconds.list". A current DNS = lookup of www.ietf.org shows it uses the Cloudflare CDN. > This machine is an IDS it should never make outgoing connections ever. = How to disable this? You might set "daily_ntpd_leapfile_enable=3DNO" in your local = periodic.conf file to override the default. Alternatively, if you have a strict rule that the machine should not = initiate any outbound connections, you could add a firewall rule = dropping any such traffic originating there (i.e., not belonging to an = established connection) going out on the external ("WAN") interface. Cheers, Paul. From owner-freebsd-stable@freebsd.org Wed Nov 11 08:41:02 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F210A2E116A for ; Wed, 11 Nov 2020 08:41:02 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4CWJ9B6J0fz4V6H for ; Wed, 11 Nov 2020 08:41:02 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: by mailman.nyi.freebsd.org (Postfix) id D825F2E1703; Wed, 11 Nov 2020 08:41:02 +0000 (UTC) Delivered-To: stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D7EC22E1169 for ; Wed, 11 Nov 2020 08:41:02 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from kabab.cs.huji.ac.il (kabab.cs.huji.ac.il [132.65.116.210]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4CWJ9963kHz4V4F for ; Wed, 11 Nov 2020 08:41:01 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=cs.huji.ac.il; s=57791128; h=To:Date:Message-Id:Subject:Mime-Version:Content-Transfer-Encoding:Content-Type:From; bh=xRa3dquWEWiRcf6YI/0KFewTfWHCItmQ06kNjKeUMto=; b=fX3n4Na2NHz9rsYqdaV+Vcu1Brptzkj78idcP6tyv22jAsKhZPlF0U9jIuHIXi7kr1AVeX71vQY4uC+qNHSIhEo9EAgcGi/iT+MIE7GdUFh0pyVpjLdAW+lNo9alTK+WP1vjghtAeYD00/ugaRqC5+afEwriV5skMjNHjSiZbzz57zpBJ6KJuzJfxEtrj3Bw3/9IQDMtqVLjEPqEYKLQT6h9+ds/qLA05iTaPNbpuBGbt9ft/0ESB+qYPPKKdtnmERyrS+3jkryDb73RhlRw5RANHzPjEUzCbyHBoEa6jyDCh9djCWEjTMNInJnbF6Q1qcmvw7VPVcQRarYDSuAgxw==; Received: from bach.cs.huji.ac.il ([132.65.80.20]) by kabab.cs.huji.ac.il with esmtp id 1kclgR-000OKv-TK for stable@freebsd.org; Wed, 11 Nov 2020 10:40:51 +0200 From: Daniel Braniss Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\)) Subject: kqueue and NFS Message-Id: Date: Wed, 11 Nov 2020 10:40:51 +0200 To: stable@freebsd.org X-Mailer: Apple Mail (2.3445.9.7) X-Rspamd-Queue-Id: 4CWJ9963kHz4V4F X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cs.huji.ac.il header.s=57791128 header.b=fX3n4Na2; dmarc=pass (policy=none) header.from=huji.ac.il; spf=none (mx1.freebsd.org: domain of danny@cs.huji.ac.il has no SPF policy when checking 132.65.116.210) smtp.mailfrom=danny@cs.huji.ac.il X-Spamd-Result: default: False [-2.96 / 15.00]; MID_RHS_MATCH_FROM(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[132.65.116.210:from]; R_DKIM_ALLOW(-0.20)[cs.huji.ac.il:s=57791128]; FREEFALL_USER(0.00)[danny]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[132.65.116.210:from:127.0.2.255]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[cs.huji.ac.il:+]; DMARC_POLICY_ALLOW(-0.50)[huji.ac.il,none]; NEURAL_HAM_SHORT(-0.66)[-0.662]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:378, ipnet:132.64.0.0/13, country:IL]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[stable] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2020 08:41:03 -0000 Hi, I have a vague recollection that kqueue does not work for NFS files, any chance that this will be made possible? cheers, danny From owner-freebsd-stable@freebsd.org Wed Nov 11 10:45:16 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3BF702E5218 for ; Wed, 11 Nov 2020 10:45:16 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4CWLwX0Wgvz4c25 for ; Wed, 11 Nov 2020 10:45:16 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: by mailman.nyi.freebsd.org (Postfix) id 102312E5217; Wed, 11 Nov 2020 10:45:16 +0000 (UTC) Delivered-To: stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0FDE92E4BDA for ; Wed, 11 Nov 2020 10:45:16 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4CWLwW0s68z4cJY for ; Wed, 11 Nov 2020 10:45:14 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Date: Wed, 11 Nov 2020 11:45:10 +0100 (CET) From: Ronald Klop To: stable@freebsd.org Message-ID: <634878874.26.1605091510541@localhost> In-Reply-To: References: Subject: Re: kqueue and NFS MIME-Version: 1.0 X-Mailer: Realworks (533.992.f75f8696d4e) Importance: Normal X-Priority: 3 (Normal) X-Rspamd-Queue-Id: 4CWLwW0s68z4cJY X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of ronald-lists@klop.ws designates 194.109.157.24 as permitted sender) smtp.mailfrom=ronald-lists@klop.ws X-Spamd-Result: default: False [-0.27 / 15.00]; ARC_NA(0.00)[]; RWL_MAILSPIKE_VERYGOOD(0.00)[194.109.157.24:from]; NEURAL_HAM_MEDIUM(-0.45)[-0.446]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:194.109.157.0/24]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[klop.ws]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_SPAM_SHORT(0.98)[0.978]; HAS_X_PRIO_THREE(0.00)[3]; RCVD_IN_DNSWL_NONE(0.00)[194.109.157.24:from]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL]; MID_RHS_NOT_FQDN(0.50)[]; MAILMAN_DEST(0.00)[stable] Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2020 10:45:16 -0000 Hi, I don't think NFS has the possibility to push notifications about changes in the filesystem to the clients. NFSv3 is stateless so the server does not even know about the clients. NFSv4 I don't know much about, but I have never heard of notifications. So for NFS kqueue would only trigger if the change is on the same client as where the kqueue is lurking. Otherwise you could run some daemon on the server which pushes the notifications out of band of the NFS protocol to the clients. Which probably gives interesting results together with the caching of the NFS client. But that is another story we see at work. (postfix -> you have mail! -> NFS -> imap -> no you don't -> O yes, you have. :-) ) Regards, Ronald. Van: Daniel Braniss Datum: woensdag, 11 november 2020 09:40 Aan: stable@freebsd.org Onderwerp: kqueue and NFS > > Hi, > I have a vague recollection that kqueue does not work for NFS files, > any chance that this will be made possible? > > cheers, > danny > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > > > From owner-freebsd-stable@freebsd.org Wed Nov 11 13:37:06 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5E6F32EA065 for ; Wed, 11 Nov 2020 13:37:06 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4CWQkn6nCVz4n2P for ; Wed, 11 Nov 2020 13:37:05 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: by mailman.nyi.freebsd.org (Postfix) id E88F12EA2F3; Wed, 11 Nov 2020 13:37:05 +0000 (UTC) Delivered-To: stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E855F2EA064 for ; Wed, 11 Nov 2020 13:37:05 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from kabab.cs.huji.ac.il (kabab.cs.huji.ac.il [132.65.116.210]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4CWQkn595Vz4myt for ; Wed, 11 Nov 2020 13:37:05 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=cs.huji.ac.il; s=57791128; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=5lWyamj2zAhN/3mT1/h3IHuPoPyIhIss75rCkhnZaY4=; b=J5s6HqyVxDG8MVcTmAU2nfUerIgVEpAM7L/sWj1XtDMURRsL2rkrV0JbyxNx2cADHJ/CC9Y4P2RvUQel6GaXK5rgTVzSvFB8k0hJ+EGivIeaDS8BAuf2DnflXjKyXIKcyQr7fFleX/L6l+5bYbX0veNeDngN1Rg3c2MGa0g55CGKBonhmswR4pH0zyWcpeE/CNocgznQuzCKuAIxDWLVbZReC6d8JGDPgIcIJ6wC11lgkA7r5006LSh8uLEMTRMSWkDf1FBCuKKBQMEdVjtp0EvM/y/Ol/bI1TJL4Dawp8vt/eiHI1VuYNwly5JSVMSnIMWTgXhoKeCYtI9BjXJicw==; Received: from mbpro2.bk.cs.huji.ac.il ([132.65.179.20]) by kabab.cs.huji.ac.il with esmtp id 1kcqJ2-000Kep-J6; Wed, 11 Nov 2020 15:37:00 +0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.0.3.2.82\)) Subject: Re: kqueue and NFS From: Daniel Braniss X-Priority: 3 (Normal) In-Reply-To: <634878874.26.1605091510541@localhost> Date: Wed, 11 Nov 2020 15:37:00 +0200 Cc: stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <6262B2F9-39CF-4326-B391-1A23AE65DEF2@cs.huji.ac.il> References: <634878874.26.1605091510541@localhost> To: Ronald Klop X-Mailer: Apple Mail (2.3654.0.3.2.82) X-Rspamd-Queue-Id: 4CWQkn595Vz4myt X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2020 13:37:06 -0000 hi, > On 11 Nov 2020, at 12:45, Ronald Klop wrote: >=20 > Hi, >=20 > I don't think NFS has the possibility to push notifications about = changes in the filesystem to the clients. NFSv3 is stateless so the = server does not even know about the clients. NFSv4 I don't know much = about, but I have never heard of notifications. >=20 I now remember having a similar chat with Rick some years ago. > So for NFS kqueue would only trigger if the change is on the same = client as where the kqueue is lurking. >=20 > Otherwise you could run some daemon on the server which pushes the = notifications out of band of the NFS protocol to the clients. Which = probably gives interesting results together with the caching of the NFS = client. But that is another story we see at work. (postfix -> you have = mail! -> NFS -> imap -> no you don't -> O yes, you have. :-) ) >=20 in my case it was a python app (flask restful) that when run in debug = mode would restart if some file changed, but some days ago that stopped working, Since I had updated the kernel = and the ports it took me some time to find out what had happened, it had nothing to do with the upgrades = but instead I had installed =E2=80=98watchdog.py=E2=80=99 which flaks->werkseig->reload decided to use :-( =20 rabbit hole indeed. thanks, danny > Regards, > Ronald. >=20 > Van: Daniel Braniss > Datum: woensdag, 11 november 2020 09:40 > Aan: stable@freebsd.org > Onderwerp: kqueue and NFS >> Hi, >> I have a vague recollection that kqueue does not work for NFS files, >> any chance that this will be made possible? >> cheers, >> danny >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"