danitool has quit [Quit: Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos]
<neggles>
slh: i was not, no, though i did see a post or two on the forums
valku has quit [Quit: valku]
ekathva has joined #openwrt-devel
Atomicly- has joined #openwrt-devel
Atomicly- is now known as AtomiclyCursed
Atomicly| has quit [Ping timeout: 480 seconds]
bprfh has joined #openwrt-devel
cbeznea has joined #openwrt-devel
csrf has quit [Ping timeout: 480 seconds]
arinc9 has joined #openwrt-devel
dedeckeh has joined #openwrt-devel
arinc9 has quit [Quit: arinc9]
ekathva has quit [Remote host closed the connection]
ekathva has joined #openwrt-devel
Piraty has quit [Remote host closed the connection]
Piraty has joined #openwrt-devel
bprfh has quit [Quit: Leaving.]
ekathva has quit [Ping timeout: 480 seconds]
<rsalvaterra>
jow: Remember when I said yesterday I personally no use for the dnsfilter option of dnsmasq? Boy, did those words came back to bite me in the ass.
<dwfreed>
rofl
Tapper has joined #openwrt-devel
<rsalvaterra>
So, I'm using IPv4 only, since my ISP is sh*t. The DNS resolvers I'm using return both A and AAAA records. If the AAAA records are the first, my machines will try to connect to them and fail. I had seen these spurious errors once in a while, but ignored them…
<rsalvaterra>
… until it clicked.
<rsalvaterra>
So, yeah. Globally filtering AAAA records is what I'm doing now.
danitool has joined #openwrt-devel
ekathva has joined #openwrt-devel
<dwfreed>
rsalvaterra: yeah, some software has some really shitty fallback code
<dwfreed>
(or no fallback at all)
_lore_ has quit [Ping timeout: 480 seconds]
<dwfreed>
also glibc at least used to have really poor AI_ADDRCONFIG behavior for v6
<rsalvaterra>
I discovered this be sheer luck. After my browser failed to connect to a rather proeminent site I had no trouble opening seconds before, I went to the router, did a couple of nslookups and noticed a) it returned AAAA records (which I didn't expect, since it's an IPv4 DNS address) and b), sometimes the AAAA records were on top.
<rsalvaterra>
I also had noticed apt sometimes trying to connect to IPv6 addresses on my *buntu/Debian systems, which I had filed as "apt is on drugs again". But now I see it's not entirely its fault.
<neggles>
rsalvaterra: i have a very, very dirty hackaround for this
<neggles>
and no it's not, it's RFC6555's fault
<rsalvaterra>
Oooh…! I like dirty. Hit me. :)
<neggles>
it's not actually *my* solution, per se, but
<rsalvaterra>
At the moment, the AAAA filtering seems like the cleanest of the dirty solutions… :P
<neggles>
you grab a list of every current TLD and tell dnsmasq that the AAAA nameserver for that TLD is '0'
<neggles>
> A properly working DNS server returns NOERROR, ANSWER: 0, if there is no AAAA record for a given name
<rsalvaterra>
The thing is, there *are* AAAA records for the given names, in this case. They just shouldn't be used, since I can't connect to them.
<neggles>
yes
<neggles>
so what this does is make dnsmasq reply to AAAA queries with 'no there's no AAAAs here'
<neggles>
which makes a compliant client go 'ok' and send an A request
<neggles>
which passes through just fine
<rsalvaterra>
Ok, it's a solution, but I believe the dnsfilter option is cleaner in the case. ;)
<rsalvaterra>
Much less to configure.
<neggles>
the dnsfilter option does basically this :P
<neggles>
i have this running on a DJA0231 (technicolor, Telstra Smartmodem Gen 2) where I can't recompile dnsmasq
<rsalvaterra>
Yeah, with a single config line. :)
<rsalvaterra>
option dnsfilter 'AAAA'
<neggles>
yeah. if you have the option it's the way to go
<neggles>
though
<rsalvaterra>
neggles: We will all have, once the dnsmasq pull request hits master. :)
<neggles>
technicolor is broadcom
<neggles>
i have rooted hacky unlocked access to their SDK respin of 19.07 it runs
<neggles>
and there's some guys in italy who run a package repo for it, but they won't tell us what toolchain setup etc. they're using >:(
<rsalvaterra>
neggles: I have a TG784n v3 here. I have no hope of ever seeing it running OpenWrt, unfortunately.
<neggles>
yeah
<neggles>
i have 3 of these, only reason i use them is... well
<neggles>
telstra sends them out with a sim card in them that's pre-activated
<neggles>
even if the device was never attached to an account or anything
<neggles>
there's an IMEI whitelist on the SIMs, so they only work in telstra smartmodems, but in a smartmodem they work fine and give you a free 25Mbps/5Mbps internet connection
<neggles>
if you stay under ~100GB/month they will never shut it down
<rsalvaterra>
I'm moving to Australia.
<rsalvaterra>
:P
<neggles>
they're *meant* to be used when you buy an internet service from telstra, as a backup + something to give you internet while you wait for install
<neggles>
one of my friends has bought probably 20 or so of them second hand, usually unopened - telstra have a tendency to accidentally send you 2 or 3 of them when you sign up because of their stupid prov system
<neggles>
has a pool of 5 of them load-balanced
<neggles>
so far T have 'shut off' 4 of the SIMs in total - it's been 2 years
<rsalvaterra>
mwan3?
<neggles>
mwan3
<rsalvaterra>
Nice!
<neggles>
it's doubly fun because the APN is pure-ipv6, no ipv4
<neggles>
but then there's a 6to4 tunnel it sets up which gives you a CG-NAT IPv4
<neggles>
but for some reason the config they baked in, kills outbound ipv6 connectivity for the router itself whenever the tunnel is up
<rsalvaterra>
Well, don't set the tunnel up, then. :)
<rsalvaterra>
IPv6 ought to be enough for anybody. ;)
<neggles>
lmao
<neggles>
i mean you could run a wireguard tunnel over v6 to a VPS or something i guess? but
<neggles>
I just filter AAAAs on its own dnsmasq so it can still get to the internet
<neggles>
they've 'shut off' two SIMs on me so far but i have 3 left - the mean part is they don't actually disconnect it
<neggles>
they throttle it to 512kbps symmetric
<rsalvaterra>
My first broadband connection was 512/64 kb/s, in 2003 or so. :)
<neggles>
I'm just using mine for failover so my monitoring systems can still send notifications, so i just left the throttled SIM in and restricted what machines can use the link
<neggles>
but you can't tell they've throttled it until you fail over, unless you run regular speedtests to check, which will make them more likely to notice :P
<neggles>
but yeah. so that's the use case for the hacky zone file approach - dnsmasq you can't recompile
<rsalvaterra>
And for programming work, git traffic, etc., you don't need that much bandwidth. 512 kb/s should be usable.
<neggles>
it's usable if i block everything else on the network and set my laptop to metered mode
<neggles>
but it was simpler to just block everything other than the monitoring system VM from using it
<neggles>
it VPNs out to a jump box, too, from which I can SSH into my router here + the smartmodem if needed, and that's good enough - main problem i wanted to fix was 'if the main link goes down, the monitoring server can't send me a notification that the link has gone down, because, the link has gone down'
<grift>
rsalvaterra: my first broadband (cable) had those specs as well (a few years earlier though: i think it was late 1999 if i am not mistaken)
<rsalvaterra>
grift: This was ADSL, though. And I could choose between PPPoE or PPPoA, both worked (I chose the latter, of course). :)
<grift>
back than I had a "real" static ip and i think it was plain ethernet, i actually still remember the first part of that address: 195
<grift>
i think ADSL was not an option then (1999/2000). I know some of my peers had isdn
<nbd>
rmilecki: ping
<rmilecki>
nbd: here
<nbd>
regarding your performance issue - could you please make a perf flamegraph while running the NAT performance test?
<rmilecki>
nbd: let me see if I did in the past
<rmilecki>
but sure, i can make a new one too
<nbd>
i'd prefer a new one if you didn't already make one recently
<nbd>
it would help getting rid of a lot of guesswork as to which places matter most for performance
<rmilecki>
ok
<rmilecki>
let me finish few more tests I just started
<jow>
mrkiko: I am looking at the luci qr code stuff (question is not going to be strictly luci related, more conceptual)
<mrkiko>
robimarko: did my BDFs submission go in in the end?
<robimarko>
I dont know
<mrkiko>
robimarko: thanks!
<robimarko>
I think it got pulled into OpenWrt
<robimarko>
Dont think that Kalle picked it upstream yet
<mrkiko>
robimarko: yes; I will have to look at the ath10k-firmware git repo
<mrkiko>
robimarko: thanks!
<jow>
see https://ibb.co/9GwBLsm - it generates a QR code using a randomly generated privkey to encode a wg peer configuration to connect to this devices wireguard interface (server)
<mrkiko>
jow: nice feature
<jow>
but isn't that totally useless without also configuring the pubkey locally to accept that peer?
<jow>
that feature was contriobuted by someone but I don't understand how it can work
<jow>
the privatekey generated for the peer is never stored anywhere, just encoded in the on-the-fly qr code
<mrkiko>
jow: infact you need both peers to know each other's public key
<jow>
but don't we need at least the corresponding pubkey and store it in the local configuration for the peer to be authenticated/registered?
<f00b4r0>
you do
<f00b4r0>
i had never used that feature but from what I see and your description, it does look completely useless indeed
<jow>
then this feature is utterly broken
<jow>
meh, the wntire wireguard gui support is... not ideal
<f00b4r0>
it works :)
<jow>
yeah but it has quirks like this
<f00b4r0>
i have interconnected various locations through a wg network, with subnet routing, and I've done that all through GUI for a while with no hickup
<jow>
okay, so that generate qr code thing should also fill out the pubkey corresponding to the autogenerated privkey
rua has quit [Ping timeout: 480 seconds]
<f00b4r0>
iirc wg has a tool that does autoconfig and prints the qr code, it looks like this is trying to replicate this
<jow>
and if a pubkey is already configured we should refuse to generate a qr code since we have no way to know the corresponding privkey (or at least warn that the pubkey is going to be replaced/overwritten)
<jow>
f00b4r0: both descriptions omit the info on how to deal with the peer's pubkey
<jow>
f00b4r0: but I suppose they assume that it is preregistered/setup already and we merely want to encode it as qr-code
<f00b4r0>
*nod*
<jow>
okay, thne the qr code feature is completely broken
<f00b4r0>
if it doesn't save the peer's pubkey, yes it is
<jow>
does not work with already configured pubkeys (conceptually impossible due to lack of privkey) and does not work with fresh keys either as the pubkey is never stored
<mrkiko>
but am I wrong or the private keyshould never be released to anyone?
<f00b4r0>
mrkiko: that's the peer's private key
<f00b4r0>
not the host one
<mrkiko>
f00b4r0: ah, ok; so it gives you wg.conf in a pocket :D
<f00b4r0>
yes
<jow>
mrkiko: it seems the idea of this feature is to basically create a new client keypair + config on demand and encode it as qr code
<f00b4r0>
intended for mobile devices where setting up keys can be a chore
bluew has quit [Quit: Leaving]
<jow>
in order for that feature to be actually useful it should
<jow>
1) actually store the pubkey
<f00b4r0>
you basically feed the device a complete config and retain it's pubkey/IP setup locally, to allow said peer to connect
<jow>
2) also offer the peer config as plaintext for download/copy-paste as alternative to the qr code
ekathva has quit [Remote host closed the connection]
<f00b4r0>
jow: sounds good yes. Though arguably the plaintext can be had from the qr code :)
<jow>
it's probably easer to popup a textarea to copy it from
<f00b4r0>
*nod*
rua has quit [Quit: Leaving.]
<stintel>
vglfrei: pastebin the log file
<jow>
the ux should be improved too, the qr code must be presented as one-time artifact which is gone once seen. Cannot be replicated without re-pairing the client
<f00b4r0>
indeed
c0sm1cSlug has joined #openwrt-devel
_lore_ has joined #openwrt-devel
_lore_ has quit [Read error: No route to host]
_lore_ has joined #openwrt-devel
_lore_- has joined #openwrt-devel
_lore_ has quit [Read error: Connection reset by peer]
ekathva has joined #openwrt-devel
<neggles>
stintel: no update to my ticket yet
<neggles>
presumably because I asked for the layerscape stuff
<neggles>
jow: if it works the way `wireguard-ui` works, when it generates the QR it adds a corresponding peer entry to the local server config, with the pre-shared key and the public key it just generated
<neggles>
wireguard-ui does then save the generated private key, but there's no reason you'd have to
bprfh has quit [Quit: Leaving.]
<jow>
neggles: unfortunately the luci feature does neither
<neggles>
jow: well that's utterly pointless then yeah
<jow>
I also considered saving the private key
<neggles>
there should be a button to save the server-side peer config
<jow>
to be able to recall the qr-code / client-config later
<neggles>
and a button to download the client wg0.conf
<neggles>
so you go to page, feed in details, scan QR or download wg0.conf and hit 'commit'
<neggles>
and it adds the server side config, optionally restarts the wireguard server to load the new config
<neggles>
ideally you'd generate the private key etc. in javascript in the browser
<jow>
what's the key format in wg? Just random bytes?
<jow>
server reload etc. should be taken care of already
<neggles>
it's an ed25519 key i think?
<neggles>
or a relative thereof
<jow>
since its part of the nerwork config it should seamlessly reload
<neggles>
this is what i use to manage it on a big boi system
<mrkiko>
jow: thanks
<rsalvaterra>
jow: Regarding WireGuard configuration user friendliness… let's say one of the tools I always use to configure it is… tcpdump. :P
<rsalvaterra>
Because, for the life of me, I never get it right the first time.
<f00b4r0>
neggles: neat stuff
torv has quit [Remote host closed the connection]
torv has joined #openwrt-devel
<Habbie>
fresh openwrt 19.07 tree, configured, scripts/feeds install dnsdist, make package/dnsdist/compile fails with cp: cannot stat '/home/peter/projects/powerdns/openwrt/openwrt/staging_dir/toolchain-mips_24kc_gcc-7.5.0_musl/lib/ld-musl-*.so*': No such file or directory
<Habbie>
what's the magic command to build these common base things? i know 'make' does it but i don't need a kernel
vglfrei has quit [Quit: Bye!]
vglfrei has joined #openwrt-devel
<mrkiko>
Habbie: I would approximate a make toolchain/compile
<mrkiko>
or something like that
<mrkiko>
and then the /install
<Habbie>
ah, that is doing something, thanks
AtomiclyCursed has quit [Quit: ZNC 1.8.2 - https://znc.in]
AtomiclyCursed has joined #openwrt-devel
rua has joined #openwrt-devel
rua has quit [Ping timeout: 480 seconds]
rua has joined #openwrt-devel
Atomicly| has joined #openwrt-devel
AtomiclyCursed has quit [Ping timeout: 480 seconds]
Atomicly| is now known as AtomiclyCursed
rua has quit [Ping timeout: 480 seconds]
torv has quit [Remote host closed the connection]
torv has joined #openwrt-devel
rua has joined #openwrt-devel
ekathva has quit [Quit: Leaving]
AtomiclyCursed2 has joined #openwrt-devel
AtomiclyCursed has quit [Ping timeout: 480 seconds]
AtomiclyCursed2 is now known as AtomiclyCursed
danitool has quit [Quit: Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos]
pepe2k has quit [Read error: Connection reset by peer]
minimal has joined #openwrt-devel
<neggles>
Habbie: should be `make tools/install toolchain/install`
<Habbie>
tools/install was super quick after toolchain/compile :)
<neggles>
yeah i think tools/install is a prereq of toolchain/compile
<Habbie>
oh perfect
<Habbie>
don't know why i did not find that
<neggles>
🤷
rua has quit [Ping timeout: 480 seconds]
rua has joined #openwrt-devel
<rsalvaterra>
GCC 12.1 out! Adding it! :D
<rsalvaterra>
aparcar[m]: ^
<rsalvaterra>
Crap. 931-libffi-fix-MIPS-softfloat-build-issue.patch needs human intervention… and my MIPS asm knowledge is pretty close to zero. Let's see how it goes…
<rsalvaterra>
Christ, the amount of trailing whitespace in those files… why doesn't the GCC crowd clean their code? :/
<mrkiko>
rsalvaterra: go go go!!!!!!!!
<mrkiko>
rsalvaterra: I like seeing enthusiasm around :D
<rsalvaterra>
Ok, so by the looks of it, a modified version of it has been upstreamed. Looks safe to delete.
<aparcar[m]>
rsalvaterra: yessss
<mrkiko>
an rm is all it takes to fix things :D
<rsalvaterra>
Pft. You guys just want me to see me break things. :P
<rsalvaterra>
Joke's on you, I'm testing this on arm64 first! xD
<mrkiko>
rsalvaterra: oh, if that's the matter I can reach you - I'm sure I would break lots of them with eyes closed :D
<mrkiko>
rsalvaterra: the RT3200?
<rsalvaterra>
Yep! The one!
<mrkiko>
rsalvaterra: did you see the (unconfirmed on my side) issue #97 of the owrt installer repo?
<rsalvaterra>
No, not really. What is it?
<mrkiko>
rsalvaterra: seems new firmwares will only accept signed upgrades and prevent downgrading
<rsalvaterra>
Oh…! I wasn't aware of it. Mine came with the version required for the UBI conversion, I didn't even have to downgrade.
<mrkiko>
rsalvaterra: I would have preferred waiting before talking about this in general to have some confirmations. But if things are turning this way i'ts sad
<rsalvaterra>
Ugh… 970-macos_arm64-building-fix.patch is also giving me rejects… and my hatred for macOS isn't making things easier. :P
snh has quit [Read error: Connection reset by peer]
<mrkiko>
rsalvaterra: that seems tricky
<mrkiko>
judging from it's name
snh has joined #openwrt-devel
<rsalvaterra>
I have no way of testing this. It's a fix for a GCC cross-compilation error on Apple silicon hardware.
<rsalvaterra>
And even if I had an M1-based system, it would definitely be running Linux. :P
domon has joined #openwrt-devel
<rsalvaterra>
I'll just delete it for now and hope that someone with an M1 system running macOS will test, to see if the compilation breaks and the patch is still needed.
<rsalvaterra>
I just can't be arsed to support an OS which has even worse memory management than Windows. :P
* mrkiko
remembers ot read LWN article about the disabling of BPF allocator due to memory managemnt issues or something like that
<arnd>
Are there any known users remaining for https://openwrt.org/docs/techref/targets/oxnas ? I'm thinking about dropping the platform from the kernel once it becomes the last arm11mpcore hardware
<arnd>
apparently nobody ever submitted the last five drivers for mainline inclusion, and the git history for the patches suggests that they were last working in 5.4. The 5.10 patches got added with a comment explaining what was broken, and then 5.4 got dropped a while later without fixing the issues
* f00b4r0
has an M1-based machine, and it's definitely *not* running Linux ;P
<rsalvaterra>
Oh, we have a volunteer! :D
<f00b4r0>
:D
<f00b4r0>
incidentally i haven't tried yet building world on this machine
<f00b4r0>
having access to a 32-core intel machine kind of made me lack motivation :)
<f00b4r0>
though I wouldn't be surprised if the M1 beats that. Given the kind of day-to-day performance I see
<rsalvaterra>
Hm… Hunk #1 succeeded at 9596 (offset 538 lines).
<rsalvaterra>
The size of this offset scares me.
<mrkiko>
rsalvaterra: :D :D
<rsalvaterra>
The patch itself looks sane, though…
<domon>
Hello, im using board with soc ipq4018, phy YT8531S. As MDIO driver use generic, as ethernet driver ag71xx. Many things ported from openwrt, so hope, maybe somedy can help me
<domon>
When set up speed 1000, ping working, but when set 100 or 10, stop working. Maybe somebody had similar problem with YT8531S chip
<domon>
P.s. sorry for poor English, not my native
snh has quit [Read error: Connection reset by peer]
snh has joined #openwrt-devel
snh has quit [Read error: Connection reset by peer]
<mrkiko>
domon: you might have more luck posting this on the mailing list
<domon>
Ok, thanks :)
bprfh has joined #openwrt-devel
<rsalvaterra>
Alright, let's build this.
<\x>
so i was trying to move my network from wpa2-psk to wpa3/2 mixed mode. i tested every device and they all work with it nicely once 802.11w is set to optional
<\x>
now i was trying to deploy it to my network across 2 aps and it seems like with wpa3 mixed mode, roaming/fast transition doesnt work?
<\x>
is this known?
<\x>
or am I doing something wrong
<rsalvaterra>
\x: I have devices which don't work at all with 802.11r (and WPA2, haven't tried WPA3).
<\x>
the thing is that they worked with wpa2-psk and roams nicely
<\x>
i made an ssid "test" and tested all of them with wpa3-sae/wpa2-psk mixed mode and once 802.11w is set to optional the old devices do work
<Zero_Chaos>
I believe I have found a bug in openwrt when running on a device with >3 radios. When it tries to bring all the interfaces/ssids up at boot, something in uci seems to lock up and time out. I have x86 docker containers which demonstrate working and broken versions built from 21.02 a few weeks apart.
<\x>
but they dont work once 802.11r is enabled
<stintel>
clients suck. I'm actually considering a wpa3-only ssid and separate wpa2-only ssid
<\x>
so so far ive tried wpa3 + 11r, works on wpa3-capable devices
<\x>
damn. and i was planning to deploy mixed mode now, I guess ill just use wpa2 while this thing isnt looked at yet
mirko has joined #openwrt-devel
snh has joined #openwrt-devel
snh_ has joined #openwrt-devel
snh has quit [Ping timeout: 480 seconds]
csrf has joined #openwrt-devel
<neggles>
\x: i've found wpa2+3 coexistence to be a disaster tbh
snh_ has quit [Read error: Connection reset by peer]
snh has joined #openwrt-devel
<neggles>
it took long enough for 802.11r to work properly with most things...
<neggles>
i'm with stintel, run separate SSIDs
<neggles>
me, i'm sticking to wpa2-psk on one SSID and wpa2-ent on another, though i might just replace my two unifis with a couple of these insane cambiums
<neggles>
and use ePSK to deal with garbage iot crap
<neggles>
i hope WG are putting as much effort into my T20 gpl dump as they put into the M300 one... this is suprisingly complete, given how difficult they made it
<stintel>
geez had to modify lighttpd conf to be able to upgrade a litebeam
<stintel>
is there any OEM that doesn't suck ?
<csrf>
in 'make menuconfig', under 'target images -> ramdisk', what does 'FORCE' mean?
<neggles>
sophos? maybe cambium?
<neggles>
hey sophos where are your wifi 6 APs though
<neggles>
but, no, there are no OEMs who don't suck, because 'doesn't suck' costs a lot more time and money than 'sucks, but works', and doesn't significantly improve how much money they make, so why would they bother?
Tapper has quit [Read error: Connection reset by peer]
bprfh has quit [Quit: Leaving.]
danitool has joined #openwrt-devel
bprfh has joined #openwrt-devel
csrf has quit [Ping timeout: 480 seconds]
<hurricos>
anyone still have that mx60w dsa patch lying around?
<hurricos>
I should probably dig around and look for other AR8327 implementations, should be *dead* simple ...
pepe2k has quit [Remote host closed the connection]
<hauke>
aiyion: is something wrong with glibc?
<hauke>
aiyion: OpenWrt 22.03 uses glibc 2.34 and not libc-2.31.so
<aiyion>
hauke: I've set up a debian bullseye vm yesterday, which buil gluons master and while building 22.03 it dropped masses of glibc errors in dmesg.
<stintel>
barf, soft-bricked lbe-5ac-gen2 with sysupgrade
<aiyion>
I've got no time to debug them right now, but will get back to it the next days and create somereproducible scenario.
<aiyion>
Weird was to see similar issues on my (recently updated) rolling release distro.
<hauke>
this looks more like a problem with the distrobution
<hauke>
or the tools
<aiyion>
I hope so :)
bprfh has quit [Quit: Leaving.]
sodo has quit [Quit: Page closed]
borek has quit [Ping timeout: 480 seconds]
<nbd>
fyi, flow offloading should work much better now in master and 22.03
<nbd>
finally got around to running some tests and fixing some breakage
SamantazFox has joined #openwrt-devel
galens has quit [Quit: Leaving]
srslypascal is now known as Guest294
srslypascal has joined #openwrt-devel
Guest294 has quit [Ping timeout: 480 seconds]
csrf has joined #openwrt-devel
bluew has joined #openwrt-devel
shibboleth has joined #openwrt-devel
robimarko has quit [Quit: Leaving]
<rsalvaterra>
Ugh. I made the build, alright… but messed up the config and still used GCC 11.3. Oh, well. Fixed now, but too many beers to test right now. Tomorrow… 😅