Move to 14.1?

Started by bbin, May 08, 2024, 05:46:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 08, 2024, 05:46:28 PM
I recall seeing another post about this a while back, I couldn't find it with the forum search function.

I just saw that FreeBSD 14.1 beta 1 was released, and it's (currently) on target for a June launch.  The roadmap for the next release currently shows refactoring toward the FreeBSD 13.3 codebase.  Would there be any possibility of moving toward 14.1 this summer?  Between some of the updated Intel drivers, network/wireguard performance enhancements, etc I would expect there would be some tangible benefits.
May 13, 2024, 12:31:40 AM #1 Last Edit: May 13, 2024, 03:19:50 PM by hazuki
One may test FreeBSD 14 kernel in OPNSense after selecting the snapshot

Code Select
opnsense-update -zkr 14-STABLE -a FreeBSD:14:amd64

Test FreeBSD 14 kernel at your own risk!

This FreeBSD 14.1 kernel indeed boost up wireguard speed.
More information are in https://forum.opnsense.org/index.php?topic=40413.msg198242#msg198242

EDIT 1: add missing -b switch in code. Solely updating kernel without base file will lead to messed-up routing in my setup.
EDIT 2: add warning regarding failed ISC DHCPv4
EDIT 3: add warning regarding failed pkg command
EDIT 4: I was told by franco that updating kernel only (not base file) should be good to test. Updating base file will break more things. I have removed -b switch and later found out duplicated entry (same port) in port forward led my firewall messed-up while using 14.1 kernel in 24.1 base file. (pfctl: DIOCADDRULENV: File exists). All warnings removed
May 13, 2024, 12:37:31 AM #2
Quote from: bbin on May 08, 2024, 05:46:28 PM
Would there be any possibility of moving toward 14.1 this summer?

I genuinely hope NOT! This is supposed to be a security platform, not a bleeding edge / use fresh untested code platform.

I mean, they can do what they want of course, but I definitely would not install the 24.7 release if it is FreeBSD 14.1 based. Too new for my tastes.
May 13, 2024, 12:48:57 AM #3 Last Edit: May 13, 2024, 09:46:49 AM by Patrick M. Hausen
Quote from: JasonJoel on May 13, 2024, 12:37:31 AM
I genuinely hope NOT! This is supposed to be a security platform, not a bleeding edge / use fresh untested code platform.

I mean, they can do what they want of course, but I definitely would not install the 24.7 release if it is FreeBSD 14.1 based. Too new for my tastes.
Seriously? I run FreeBSD 14.0 in (not OPNsense) production so even with the "never run a .0 release" recommendation 14.1 looks like a very reliable bet to me. I sincerely hope the team around Franco and Ad jump to 14.1.

Kind regards,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 13, 2024, 07:43:10 AM #4
We could start discussing here our favourit flavours for icecream too. Makes about the same amount of sense to me...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
May 13, 2024, 11:08:06 AM #5
I am not sure if I am looking into the right place. In https://github.com/opnsense/src/blob/volatile/24.7/sys/conf/newvers.sh , looks like 24.7 will be in FreeBSD 14.1.

Code Select
TYPE="FreeBSD"
REVISION="14.1"
BRANCH="BETA1"

If this is true, I really looking forward to test the BETA 24.7 as the performance gain in wireguard is really astonishing.
May 13, 2024, 11:09:13 AM #6
Quote from: Patrick M. Hausen on May 13, 2024, 12:48:57 AM
Quote from: JasonJoel on May 13, 2024, 12:37:31 AM
I genuinely hope NOT! This is supposed to be a security platform, not a bleeding edge / use fresh untested code platform.

I mean, they can do what they want of course, but I definitely would not install the 24.7 release if it is FreeBSD 14.1 based. Too new for my tastes.
Seriously? I run FreeBSD 14.0 in (not OPNsense) production so even with the "never run a .0 release" recommendation 14.1 looks like a very reliable bet to me. I sincerely hope the team around Franco and Ad jump to 14.1.

Kind regards,
Patrick

I would tend to agree with Patrick.  FreeBSD 14.0 was released in November 2023.  Some components have been backported into opnsense already.  The code seems relatively stable, and there are noticable performance improvements.

It would be one thing if I were suggesting moving to the FreeBSD 15 codebase, but 14 seems fine so far.  The pfsense people have been running on the 14 codebase for a while, so we have some data from their efforts.  I recall franco suggesting that 14.1 could be an option at some point.  I for one would be happy to see the next release based on 14.1

Quote from: hazuki on May 13, 2024, 12:31:40 AM
One may test FreeBSD 14 kernel in OPNSense after selecting the snapshot

Code Select
opnsense-update -zkbr 14-STABLE -a FreeBSD:14:amd64

WARNING:
1)ISC DHCPv4 (and probably ISC DHCPv6) will fail to start (at least in my setup) after applying the FreeBSD 14 kernel, which is due to [object "libcrypto.so.111" not found]. One should migrate to Kea DHCP before test.
2) In relation to [object "libcrypto.so.111" not found], "pkg" command and any binary in relation to libcrypto.so also not working. "pkg-static bootstrap -f" will not solve the problem, as basically all required binary/packages under FreeBSD 14 kernel is not available in OPNSense repo.

Test FreeBSD 14 kernel at your own risk!

This FreeBSD 14.1 kernel indeed boost up wireguard speed.
More information are in https://forum.opnsense.org/index.php?topic=40413.msg198242#msg198242

EDIT 1: add missing -b switch in code. Solely updating kernel without base file will lead to messed-up routing.
EDIT 2: add warning regarding failed ISC DHCPv4
EDIT 3: add warning regarding failed pkg command

I thought about testing on the new kernel, but as you point out base and ports/pkg haven't been updated in line with the kernel yet.

Quote from: hazuki on May 13, 2024, 11:08:06 AM
I am not sure if I am looking into the right place. In https://github.com/opnsense/src/blob/volatile/24.7/sys/conf/newvers.sh , looks like 24.7 will be in FreeBSD 14.1.

Code Select
TYPE="FreeBSD"
REVISION="14.1"
BRANCH="BETA1"

If this is true, I really looking forward to test the BETA 24.7 as the performance gain in wireguard is really astonishing.

+1 for me as well.  :)
May 13, 2024, 11:33:31 AM #7 Last Edit: May 13, 2024, 11:35:46 AM by franco
> FreeBSD 14.0 was released in November 2023.

FWIW, this is just a fact. If we act on release schedules by third parties we can't maintain our own schedules. If we don't look at quality of releases either we run the risk of complaints more than "why haven't you XYZ" as it ends up as "why have you XYZ" much more loudly ;)

Also keep in mind that when comparing to other projects they tend to market everything they did better as sensational, but don't really tell you they avoided FreeBSD 13 with all of its benefits and haven't really put an effort into backporting their changes into this stable version either so nobody who uses FreeBSD 13 can benefit from it in the interrim... which would have been a more standard FreeBSD release engineering policy. But all of this is what it is and we will reach an acceptable goal for ourselves eventually.

> One may test FreeBSD 14 kernel in OPNSense after selecting the snapshot

> Code: [Select]
> opnsense-update -zkbr 14-STABLE -a FreeBSD:14:amd64

> "libcrypto.so.111" not found

> Test FreeBSD 14 kernel at your own risk!

Well to be frank you applied "-b" which breaks your userland. If you wanted to test the kernel just install the kernel... not the base ;)

> EDIT 1: add missing -b switch in code. Solely updating kernel without base file will lead to messed-up routing.

I don't think that's true or much too broad a statement. I've been running fine with 14.1 kernels for a while now. Just don't tell others to break their installs. volatile/24.7 is a bit of an indication of what to expect and why we don't communicate it.


Cheers,
Franco
May 13, 2024, 11:46:31 AM #8
Quote from: franco on May 13, 2024, 11:33:31 AM
> FreeBSD 14.0 was released in November 2023.

FWIW, this is just a fact. If we act on release schedules by third parties we can't maintain our own schedules. If we don't look at quality of releases either we run the risk of complaints more than "why haven't you XYZ" as it ends up as "why have you XYZ" much more loudly ;)

Also keep in mind that when comparing to other projects they tend to market everything they did better as sensational, but don't really tell you they avoided FreeBSD 13 with all of its benefits and haven't really put an effort into backporting their changes into this stable version either so nobody who uses FreeBSD 13 can benefit from it in the interrim... which would have been a more standard FreeBSD release engineering policy. But all of this is what it is and we will reach an acceptable goal for ourselves eventually.

Totally fair.  :)  I'd expect the project team is thinking through the right balance.
May 13, 2024, 08:38:04 PM #9
We have some more work to do, but I think in a few weeks we can make a final discussion regarding the base for 24.7.


Cheers,
Franco
June 05, 2024, 02:22:08 PM #10
Hello,

I updated to 14.1 Kernel and it indeed increased Wireguard performance, however, my network is now quite unstable.

It is probably because I am using RTL8168. which is only stable using the os-realtek-re (with realtek-re-kmod).
According to pciconf, even if os-realtek-re is still installed, it reverted back to using the default opensource driver (rather than the vendor one).

How can i update the kmod to the version compatible with the kernel ?
I do not see any option for that in opnsense-update, and pkg does not allow the package to be installed manually (pkg: wrong architecture: FreeBSD:14:amd64 instead of FreeBSD:13:amd64)

Kr
June 10, 2024, 02:07:17 PM #11
Test packages will be provided with the 24.7-BETA images this week.


Cheers,
Franco
Print
Go Up Pages1
User actions