Even though 8.0 hasn’t been released yet, with the second release candidate available for testing, a number of regressions have already been committed to HEAD, or FreeBSD 9.0-CURRENT. The single change that caused most fallout in ports was a commit to the sh(1) parser that disallows mismatched quotes in backticks that broke a large number of badly written ‘configure’ scripts. A number of those have already been fixed, but there are still plenty of errors out there. The fix is usually easy, like the one for tcl83, so if you’re looking for something to do while the ports tree is still in a slush state, please give a hand by fixing some of the new errors on 9.0. For a full list, see the logs of the pointyhat cluster.
Related posts:
Related posts brought to you by Yet Another Related Posts Plugin.
A few days ago the FreeBSD team released RC2 of the 8.0 version. This is the fore-last before 8.0-RELEASE will see the light. Some problems had been ironed out, especially that had fallout of the NULL mapping removal option. PIE was one of the things that broke, things like Samba seemed to be affected.
This had been resolved now, and everyone is advised to test -RC2. -RC3 will also follow in around two weeks from now, closing in on the -RELEASE version. Stay tuned!
p.s. I am also writing a “Welcome to FreeBSD 8″ article. This is currently being reviewed by my employer (which supported me in writing this) and will be published soon..
Someone -- I thought it was Kristof, but he claims not to have this problem so it must be someone else -- told me a while ago that Telenet's DHCP server "exhibits weird behaviour". That sort of mystery certainly gets the hyperactive mind interested.
For totally unrelated reasons, I found myself looking at a packet capture of DHCP traffic on a Telenet connection. Indeed, there was something very strange in there. The DHCP client would get a perfectly fine lease with perfectly reasonably renewing and rebinding times. When the renewing timer (T1) expired, the client would unicast a DHCPREQEST to the server and expect a unicast DHCPACK back. Only the DHCPACK would never arrive, and the client would retransmit the unicast DHCPREQUEST messages until the rebinding timer (T2) expired. At that time, the client would broadcast a DHCPREQUEST after which the DHCPACK would arrive.
The fact that the DHCPACK messages came through the DHCP relay server put me on a side-track briefly. I discovered that the DHCP server (mentioned in option 54) would not respond to my DHCP requests. While it makes perfect sense to protect a DHCP server from clients, you do want your clients to be able to get packets to them somehow.
I sent some packet captures to a contact inside Telenet (thanks ;-) I couldn't imagine trying to explain this to a helldesk!) wondering if they'd put too sharp an access control list between me and the DHCP server (recently -- because I hadn't seen the problem before). After some digging, they found that I was sending my unicast DHCPREQUEST messages with a random source port number. From my reading of the RFC, this is "allowed", but no one else does it. It turns out that Telenet does some sanity checking (sensible precaution) on DHCP messages before allowing them to go to the DHCP server. This sanity checking does not like (or recognize, presumably) DHCP messages with a source port other than bootpc (68).
FreeBSD's dhclient is a rather old version of ISC's reference implementation, simplified by OpenBSD. I found that OpenBSD has had a patch for a couple of years that purported to fix this behaviour. When I ported this patch to FreeBSD however, I found that sendmsg would return EINVAL, which was not documented to ever happen.
Again I wondered how people without source code to their operating systems get through the day? Do they resort to alcohol and panic at this stage? I used DDB to set a breakpoint on sendmsg and stepped through briefly, expecting it to blow up somewhere quickly when copying in the iovec or so. No such luck however, and I found myself in sosend_generic, which is not so much fun to step through without symbol information, so I set up remote debugging so I could use ddd.
Eventually, I found my way to rip_output and found that my EINVAL came from here:
if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options)
|| (ip->ip_len > m->m_pkthdr.len)
|| (ip->ip_len < (ip->ip_hl << 2))) {
INP_RUNLOCK(inp);
m_freem(m);
return (EINVAL);
}
Oh dear...:
(gdb) p m->M_dat.MH.MH_pkthdr.len $6 = 328 (gdb) p ip->ip_len $7 = 18433
Obviously (to the trained -- or strained -- eye which sees this kind of thing often), 18433 and 328 are strikingly similar. Indeed - it helps if you put the bytes in the right order!
For hysterical raisins, the raw socket interface on BSD-derived network stacks expects the ip_len field of the IP header included when IP_HDRINCL is sent to be in host byte order. dhclient used to only send packets with headers through the BPF, which will put the packet on the wire exactly as given (ie: the ip_len needs to be in the right order). For reasons which don't seem to be explained in CVS history, OpenBSD decided to change this behaviour in their network stack (making it differ from every other network stack and many books written about sockets).
To make a very long story short: I committed revision 198352 to make dhclient on FreeBSD work in networks which put sharp teeth between DHCP clients and servers. Debugging the problem also kept me out of trouble for a couple of hours.
I'm told that finding the cause of weird errors in the protocol stack is now significantly easier with DTrace. I will have to find some time to play with that. While ddd "works", it's not exactly the most pleasant tool to work with.
Entirely aside: I'm still not convinced that "sharp teeth" should care about the source port of unicast DHCPREQUEST messages, but I'm happy to accept that if everyone uses port 68, there's no reason to gratuitously differ from that. Thanks to the Telenetists for helping me look into this.
In the last couple of days I have scratched a couple of the itches I had with regarding to the timezone database on the FreeBSD Operating System, all related to the (in)ability to update /etc/localtime automatically or quickly:
This feature is currently only available in FreeBSD -CURRENT, after the release of 8.0 I will merge it back into FreeBSD 8.0 and 7.0.
The port misc/zoneinfo and the installation script of src/share/zoneinfo do support these new features.
So, now a while after the disconnect of ”lukemftpd”, I only got one response from Ed Schouten mentioning that I could have done it with a ‘src.conf’ setting. I decided not to do that, but that were all reactions. So given that, it might be that people are either not noticing it, or something else is wrong. I would have assumed that at least several people would complain that their lukemftpd doesn’t work any longer, or at least no longer gets installed.
+1 for success 
So, that WordPress plugin I mentioned previously has been working pretty well and I might replace Planet faster than I thought. Actually I might do that over the weekend.
A few users probably won’t be happy that the “complete” version is going away. I don’t have plans for it at the moment. If you think something else is missing, leave a comment.
If you’re meant to be listed on blogs.freebsdish.org but you’re not, then drop me an email or leave a comment and I’ll (re-)add you.
If you’re in the list but don’t put your posts in the FreeBSD category, then they won’t be aggregated.
Related posts:
Related posts brought to you by Yet Another Related Posts Plugin.
As FreeBSD 8.0 is right around the corner it's the right time to get it some more exposure. Just for kicks I got the idea to stress the Jails subsystem - the cheap (both in $$$ and resource requirements) OS-level virtualization technology present in FreeBSD for nearly 10 years now. Behold... the bootup of 1,000, count them - 1,000 virtual machines on a single host with 4 GB of RAM.
Alright, so I just found out about that FeedWordPress plugin for WordPress and I figured I would give it a spin. It seems to be doing everything I did with Planet, and has a few features (shared admin rights through wordpress accounts, mark new posts as pending instead of publishing them straight away) that could prove useful if I want to poke core@ about planet.freebsd.org once again.
Anyway, check it out.
Share and Enjoy:
Related posts:
Related posts brought to you by Yet Another Related Posts Plugin.
I’ve recently added directory caching into pefs (sources tarball available here and here).
Despite of being directory listing cache (like dirhash for ufs) it also acts as encrypted file name cache. So that there is no need to decrypt names for the same entries all the time. That was really big issue because directory listing has to be reread on almost every vnode lookup operation. It made operations on directories with 1000 and more files too time consuming.
The cache is getting updated at two points: during vnode lookup operation and during readdir call. Vnode generation attribute is used to monitor directory changes (the same way NFS works) and expire the cache if it changes. There is no per-operation monitoring because that would violate stacked filesystem nature (and also complicate the code). There are some issues regarding large directories handling within dircache. First of all results of consequent readdir calls considered inconsistent, i.e cache expires if user provided buffer is too small to fit entire directory listing. And while doing a vnode lookup search doesn’t terminate if matching directory entry found, it further traverses directory to update the cache.
There is vfs.pefs.dircache_enable sysctl to control cache validity. Setting it to zero would force always treating cache as invalid, and thus dircache would function only as a file name encryption cache.
At the moment caching is only enabled for name decryption, but there are operations like rm or rmdir which perform name encryption on every call to pass data to underlying filesystem. Enabling caching for such operations is not going to be hard, but I just want code to stabilize a bit before moving further.
I’ve performed two types of tests: dbench and handling directories with large number of files. I’ve used pefs mounted on top of tmpfs to measure pefs overhead but not disk io performance. Salsa20 algorithms with 256 bit key was chosen because of being the fastest available. Before each run underlying tmpfs filesystem was remounted. Each test was run for 3 times, and average of results is shown in charts (distribution was less then 2%). Also note that I’ve used kernel with some extra debugging compiled in (invariants, lock debugging).
dbench doesn’t show extra large difference comparing to plain pefs and old pefs without dircache: 143,635 Mb/s against 116,746 Mb/s; it’s 18% improvement witch is very good imho. Also interesting is that result gets just a bit lower after setting vfs.pefs.dircache_enable=0: 141,289 Mb/s with dircache_enable=0 against 143,635 Mb/s.
Dbench uses directories with small number of entries (usually ~20). That perfectly explains the results achieved. Handling large directories is where dircache shines. I’ve used the following trivial script for testing, it creates 1000 or 2000 files, does ‘ls -l’ and removes these files:
for i in `jot 1000`; do
touch test-$i
done
ls -Al >/dev/null
find . -name test-\* -exec rm '{}' +
The chart speaks for itself. And per file overhead looks much closer to expected linear growth after running the same test for 3000 files:
