19.1 development milestones

Started by franco, November 03, 2018, 01:47:24 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions
November 16, 2018, 12:50:22 PM #15
November 16, 2018, 01:01:49 PM #16
In every topic your help is needed, so it's your turn now
November 16, 2018, 07:57:56 PM #17
mimugmail,
;)

There was free time

19.1 + surciata earned on:
xeon x5670x2, intel 350t4v2, hp proliant 360g6
November 22, 2018, 02:24:59 PM #18
Quote from: mimugmail on November 03, 2018, 03:26:37 PM
It's in Bind Plugin already and I'll add Dome stuff to a new dnscrypt-proxy. Unbound may follow, but no idea before 19.1
Is possible to add content filter categories to block through Bind Plugin (like Shallalist)? And blacklist specific websites, like Squid do but with DNSBL?

Thanks!
November 22, 2018, 02:26:32 PM #19
No, there are different lists to select which include some kind like categorie, e.g. 1M top porn sites, malware domains, ad's etc.
November 22, 2018, 02:28:35 PM #20
And its planned to add those features in the near future?
November 22, 2018, 02:51:07 PM #21
You can only add lists which are category specific, but, there are not many public lists available for free.
If you have some, feel free to post :)
November 25, 2018, 08:36:10 PM #22
Quote from: miroco on November 03, 2018, 03:18:22 PM
How about ad-blocking, is it on the 19.1 roadmap?

I have to turn mine off to even use dozens of websites so the webmasters have gotten smarter.

You can already use the proxy and set it up to use it to import lists such as Shalla, etc. The proxy as of yet only works with single wan. On one of my firewalls I set the proxy up and have it update the lists once per week. The benefit of the proxy filter is that you have numerous categories you can block including phishing sites. 
November 27, 2018, 02:56:41 PM #23
Is there a way to test 19.1 with FreeBSD 11.2 kernel ?

When I switch to the "Development" branch, I still have a 11.1 kernel.

I am currently trying 19.1.b_306 which seems to run on 11.1 kernel :

Code Select

root@OPNsense:~ # uname -a
FreeBSD OPNsense.localdomain 11.1-RELEASE-p15 FreeBSD 11.1-RELEASE-p15  2be81e6145f(stable/18.7)  amd64



What are we supposed to do to switch to 11.2 kernel ?


Thanks.
November 27, 2018, 08:39:01 PM #24
November 28, 2018, 10:26:19 AM #25
Ok so couple of things here:

We are trying to have OPNsense working with a Netgate sg-5100 which is based on a Denverton architecture.
This device does not boot with any kernel on 11.1 (Denverton is not supported in 11.1) which makes sense.

It also does not boot at all on any kernel based on 11.2 and HardenedBSD.


So I have compiled a kernel based on FreeBSD 11.2 and installed it on top of an 18.7.8 and It boots straight out of the box.

What were the problems that you had with 11.2 and FreeBSD (if any) ?
Do you plan to create an option to install either on FreeBSD kernel or Hardened BSD ?


Thanks.
November 28, 2018, 01:29:46 PM #26
Ideally the manufacturer of the hardware would assist with troubleshooting compatibility. At the very least to provide steps for us to amend images provided.


Cheers,
Franco
November 28, 2018, 01:59:59 PM #27
QuoteIdeally the manufacturer of the hardware would assist with troubleshooting compatibility. At the very least to provide steps for us to amend images provided.

The manufacturer of the hardware is fully compatible with FreeBSD 11.2

I don't see much thing that they could do to have a Hardened BSD image working with Denverton architecture and EMMc since It is working already with FreeBSD 11.2

So the problem is somewhere between the stock FreeBSD 11.2 source code and HardenedBSD 11.2

How could we help to try to solve this issue ?
November 28, 2018, 03:24:45 PM #28
Couple questions:

At what point does the system fail to boot?

What happens when you set vm.pmap.pti=0 in the loader?
November 28, 2018, 04:57:54 PM #29 Last Edit: November 28, 2018, 05:01:50 PM by bob@afrinet.eu
So I have tried your hint
Code Select
vm.pmap.pti=0
which didn't work at all and ended up with a SDHCI error (image below)

I have also tried the hint found in here : https://forum.opnsense.org/index.php?topic=10135.0
Code Select
set hint.sdhci_pci.0.disabled=1
set hint.sdhci_pci.1.disabled=1
boot

This last one has allowed me to go further on the install process, but finally ended up with a disk install failure / CAM status problem (mountroot problem) also illustrated with the image below.


And this is the freeBSD 11.2 boot that I have :
Code Select

Copyright (c) 1992-2018 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.2-RELEASE-p4 #0 r341013: Tue Nov 27 13:30:22 CET 2018
    root@FBSD:/usr/obj/usr/src/sys/GENERIC_OPNS amd64
FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
VT(vga): resolution 640x480
CPU: Intel(R) Atom(TM) CPU C3558 @ 2.20GHz (2200.07-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x506f1  Family=0x6  Model=0x5f  Stepping=1
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x4ff8ebbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x101<LAHF,Prefetch>
  Structured Extended Features=0x2294e283<FSGSBASE,TSCADJ,SMEP,ERMS,NFPUSG,MPX,PQE,RDSEED,SMAP,CLFLUSHOPT,PROCTRACE,SHA>
  Structured Extended Features3=0x2c000000<IBPB,STIBP,ARCH_CAP>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  IA32_ARCH_CAPS=0x1<RDCL_NO>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
  TSC: P-state invariant, performance statistics
real memory  = 8589934592 (8192 MB)
avail memory = 8186150912 (7806 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <INTEL  TIANO   >
WARNING: L1 data cache covers less APIC IDs than a core
0 < 1
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-23 on motherboard
SMP: AP CPU #1 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
Timecounter "TSC-low" frequency 1100035606 Hz quality 1000
random: entropy device external interface
kbd1 at kbdmux0
netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0xffffffff80ff4580, 0) error 19
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
nexus0
vtvga0: <VT VGA driver> on motherboard
cryptosoft0: <software crypto> on motherboard
acpi0: <ALASKA A M I > on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 24000000 Hz quality 950
Event timer "HPET" frequency 24000000 Hz quality 550
Event timer "HPET1" frequency 24000000 Hz quality 440
Event timer "HPET2" frequency 24000000 Hz quality 440
Event timer "HPET3" frequency 24000000 Hz quality 440
Event timer "HPET4" frequency 24000000 Hz quality 440
atrtc0: <AT realtime clock> port 0x70-0x77 irq 8 on acpi0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pcib0: _OSC returned error 0x10
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 6.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pci1: <processor> at device 0.0 (no driver attached)
pcib2: <ACPI PCI-PCI bridge> mem 0xdff60000-0xdff7ffff irq 20 at device 14.0 on pci0
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> mem 0xdff40000-0xdff5ffff irq 21 at device 15.0 on pci0
pci3: <ACPI PCI bus> on pcib3
igb0: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xd000-0xd01f mem 0xdfd00000-0xdfd7ffff,0xdfd80000-0xdfd83fff irq 21 at device 0.0 on pci3
igb0: Using MSIX interrupts with 5 vectors
igb0: Ethernet address: 00:90:0b:7c:3a:49
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: Bound queue 2 to cpu 2
igb0: Bound queue 3 to cpu 3
igb0: netmap queues/slots: TX 4/1024, RX 4/1024
pcib4: <ACPI PCI-PCI bridge> mem 0xdff20000-0xdff3ffff irq 22 at device 16.0 on pci0
pci4: <ACPI PCI bus> on pcib4
igb1: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xc000-0xc01f mem 0xdfc00000-0xdfc7ffff,0xdfc80000-0xdfc83fff irq 22 at device 0.0 on pci4
igb1: Using MSIX interrupts with 5 vectors
igb1: Ethernet address: 00:90:0b:7c:3a:4a
igb1: Bound queue 0 to cpu 0
igb1: Bound queue 1 to cpu 1
igb1: Bound queue 2 to cpu 2
igb1: Bound queue 3 to cpu 3
igb1: netmap queues/slots: TX 4/1024, RX 4/1024
pcib5: <ACPI PCI-PCI bridge> mem 0xdff00000-0xdff1ffff irq 23 at device 17.0 on pci0
pci5: <ACPI PCI bus> on pcib5
ath0: <Atheros 9280> mem 0xdfb00000-0xdfb0ffff irq 23 at device 0.0 on pci5
[ath] enabling AN_TOP2_FIXUP
ath0: [HT] enabling HT modes
ath0: [HT] 1 stream STBC receive enabled
ath0: [HT] 1 stream STBC transmit enabled
ath0: [HT] 2 RX streams; 2 TX streams
ath0: AR9280 mac 128.2 RF5133 phy 13.0
ath0: 2GHz radio: 0x0000; 5GHz radio: 0x00c0
ahci0: <Intel Denverton AHCI SATA controller> port 0xe0c0-0xe0c7,0xe0b0-0xe0b3,0xe040-0xe05f mem 0xdff96000-0xdff97fff,0xdffa2000-0xdffa20ff,0xdffa1000-0xdffa17ff irq 20 at device 19.0 on pci0
ahci0: AHCI v1.31 with 1 6Gbps ports, Port Multiplier supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahciem0: <AHCI enclosure management bridge> on ahci0
ahci1: <Intel Denverton AHCI SATA controller> port 0xe0a0-0xe0a7,0xe090-0xe093,0xe020-0xe03f mem 0xdff94000-0xdff95fff,0xdffa0000-0xdffa00ff,0xdff9f000-0xdff9f7ff irq 21 at device 20.0 on pci0
ahci1: AHCI v1.31 with 1 6Gbps ports, Port Multiplier supported
ahcich8: <AHCI channel> at channel 7 on ahci1
ahciem1: <AHCI enclosure management bridge> on ahci1
xhci0: <Intel Denverton USB 3.0 controller> mem 0xdff80000-0xdff8ffff irq 19 at device 21.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pcib6: <ACPI PCI-PCI bridge> irq 16 at device 22.0 on pci0
pci6: <ACPI PCI bus> on pcib6
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> mem 0xdf600000-0xdf7fffff,0xdf804000-0xdf807fff irq 16 at device 0.0 on pci6
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:90:0b:7c:3a:4b
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> mem 0xdf400000-0xdf5fffff,0xdf800000-0xdf803fff irq 17 at device 0.1 on pci6
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:90:0b:7c:3a:4c
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
pcib7: <ACPI PCI-PCI bridge> at device 23.0 on pci0
pci7: <ACPI PCI bus> on pcib7
ix2: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> mem 0xdf000000-0xdf1fffff,0xdf204000-0xdf207fff irq 16 at device 0.0 on pci7
ix2: Using MSI-X interrupts with 5 vectors
ix2: Ethernet address: 00:90:0b:7c:3a:4d
ix2: netmap queues/slots: TX 4/2048, RX 4/2048
ix3: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> mem 0xdee00000-0xdeffffff,0xdf200000-0xdf203fff irq 17 at device 0.1 on pci7
ix3: Using MSI-X interrupts with 5 vectors
ix3: Ethernet address: 00:90:0b:7c:3a:4e
ix3: netmap queues/slots: TX 4/2048, RX 4/2048
pci0: <simple comms> at device 24.0 (no driver attached)
pci0: <simple comms, UART> at device 26.0 (no driver attached)
pci0: <simple comms, UART> at device 26.1 (no driver attached)
pci0: <simple comms, UART> at device 26.2 (no driver attached)
sdhci_pci0: <Intel Denverton eMMC 5.0 Controller> mem 0xdff9a000-0xdff9afff,0xdff99000-0xdff99fff irq 16 at device 28.0 on pci0
sdhci_pci0: 1 slot(s) allocated
mmc0: <MMC/SD bus> on sdhci_pci0
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
pci0: <memory> at device 31.2 (no driver attached)
pci0: <serial bus> at device 31.5 (no driver attached)
acpi_tz0: <Thermal Zone> on acpi0
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 7 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
uart1: <16550 or compatible> port 0x2f8-0x2ff irq 10 on acpi0
ppc0: cannot reserve I/O port range
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21c200001600
device_attach: est0 attach returned 6
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21c200001600
device_attach: est1 attach returned 6
est2: <Enhanced SpeedStep Frequency Control> on cpu2
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21c200001600
device_attach: est2 attach returned 6
est3: <Enhanced SpeedStep Frequency Control> on cpu3
est: CPU supports Enhanced Speedstep, but is not recognized.
est: cpu_vendor GenuineIntel, msr 21c200001600
device_attach: est3 attach returned 6
Timecounters tick every 1.000 msec
ugen0.1: <0x8086 XHCI root HUB> at usbus0
uhub0: <0x8086 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
mmcsd0: 8GB <MMCHC M32508 5.2 SN 3642E57D MFG 06/2018 by 112 0x0000> at mmc0 200.0MHz/8bit/8192-block
mmcsd0boot0: 4MB partion 1 at mmcsd0
mmcsd0boot1: 4MB partion 2 at mmcsd0
mmcsd0rpmb: 4MB partion 3 at mmcsd0
ses0 at ahciem0 bus 0 scbus1 target 0 lun 0
ses0: <AHCI SGPIO Enclosure 1.00 0001> SEMB S-E-S 2.00 device
ses0: SEMB SES Device
ses1 at ahciem1 bus 0 scbus3 target 0 lun 0
ses1: <AHCI SGPIO Enclosure 1.00 0001> SEMB S-E-S 2.00 device
ses1: SEMB SES Device
ada0 at ahcich8 bus 0 scbus2 target 0 lun 0
ada0: <2.5" SATA SSD 3ME2 M170707> ACS-2 ATA SATA 3.x device
ada0: Serial Number 20180724AA1853000018
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 122104MB (250069680 512 byte sectors)
Trying to mount root from ufs:/dev/gpt/rootfs [rw]...
uhub0: 8 ports with 8 removable, self powered
igb0: link state changed to UP
igb1: link state changed to UP
aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard
igb0: link state changed to DOWN
ix0: link state changed to UP
igb0: link state changed to UP
igb1: link state changed to DOWN
ng0: changing name to 'pppoe0'
pflog0: promiscuous mode enabled
igb1: link state changed to UP



Thanks for your support.
Print
Go Up Pages 1 2 3 4
User actions