<_luna>
hi folks, I'm looking to add an option to opkg to log package actions like install / remove / etc. to syslog. I'd like to submit this upstream and am following the instructions for quilt on the wiki, which is fine. I read somewhere else (not sure where) that I need to submit patches with commits, though, is this right?
<_luna>
ah, right, the submitting patches page on the wiki says I should send patches via email (which I'm comfortable with) and have git commits. I'm following the quilt instructions which don't produce a diff I can commit with git, everything is under the patches/ directory instead, so I'm a bit lost how to go from one to the other or if I should be doing something else
<hurricos>
aparcar: I do not, but I'm always interested in automatic hardware testing given how labor-intensive the manual side is.
<hurricos>
aparcar: I didn't do that for emacs, I did that because I couldn't run networking to the DUT as I don't keep around almost any non-PoE devices, and it was a realtek-poe device :P
<hurricos>
I had no other way to copy files.
<hurricos>
easily.
ptudor_ has quit [Quit: Strict-Transport-Security: max-age=48211200; preload]
Tapper has quit [Ping timeout: 480 seconds]
zexon has joined #openwrt-devel
<zexon>
hello everyone
<zexon>
i need some help :(
<zexon>
how can i modify the .dts file for 'adding a new device'
<zexon>
when i flash the bin into device, one log is mt7621-pci 1e140000.pcie: Parsing DT failed.
zexon has quit [Remote host closed the connection]
danitool has quit [Quit: Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos]
zexon has joined #openwrt-devel
<zexon>
hello
<zexon>
how to fix mt7621-pci 1e140000.pcie: Parsing DT failed
<zexon>
mt7621-pci 1e140000.pcie: No bus range found for /pcie@1e140000, using [bus 00-ff]
zexon has quit [Remote host closed the connection]
ptudor has joined #openwrt-devel
nixuser has quit [Ping timeout: 480 seconds]
ekathva has joined #openwrt-devel
nixuser has joined #openwrt-devel
MaxSoniX has joined #openwrt-devel
<russell-->
sounds like zexon is missing a semi-colon;
<f00b4r0>
hmm wth I run "make" in a build folder that built yesterday and today I get: pkg_hash_check_unresolved: cannot find dependency kmod-nft-nat6 for firewall4 ?!
<stintel>
that's been talked about in here earlier
danitool has joined #openwrt-devel
clayface has quit [Ping timeout: 480 seconds]
<stintel>
not sure if someone pointed to a PR or that was for a different problem
goliath has joined #openwrt-devel
<f00b4r0>
i guess I'll make distclean and start over :/
hanetzer has joined #openwrt-devel
robimarko has joined #openwrt-devel
ekathva has quit [Remote host closed the connection]
Tapper has joined #openwrt-devel
ekathva has joined #openwrt-devel
<f00b4r0>
aparcar: even without considering squashfs/tar.gz, the busybox binary size change is ludicrously small: the change in rootfs size is thus comparable :)
Misanthropos has quit [Ping timeout: 480 seconds]
borek has joined #openwrt-devel
aiyion has quit [Quit: aiyion]
<aparcar[m]>
still the questions if it should b included on pretty much all devces
FriendlyNGeeks has quit [Remote host closed the connection]
<aparcar[m]>
I guess having telnet-bsd as a first step and fixing LAVA in a second step is the way to got
<f00b4r0>
aparcar: as I pointed out, we include "larger" binaries on all devices, binaries which most don't need.
<f00b4r0>
again, we're talking about 1kB here.
<f00b4r0>
any packaged client will be several orders of magnitude larger
<f00b4r0>
aparcar[m]: ^
<f00b4r0>
1kB *uncompressed*
<aparcar[m]>
f00b4r0: could you please create a PR disabling swap?
<aparcar[m]>
hauke: makes sense right?
Piraty_ has joined #openwrt-devel
<f00b4r0>
it doesn't. It's probably expected by god knows what script / other package and as I pointed out the space saving is insignificant
<f00b4r0>
please don't revert the argument :)
<russell-->
f00b4r0: dirclean is usually enough
<f00b4r0>
besides i picked that as an example. I'm sure if we wanted to be pedantic there'd be other busybox applets that are "debatable". The point is that busybox isn't the place where one saves/loses much space. The size difference between rc1 and rc6 is another good indication of that imo.
<f00b4r0>
russell--: too late but thanks :)
xback has joined #openwrt-devel
Misanthropos has joined #openwrt-devel
Piraty has quit [Ping timeout: 480 seconds]
Piraty_ has quit []
Piraty has joined #openwrt-devel
xback has quit [Quit: Konversation terminated!]
Lynx- has joined #openwrt-devel
<Lynx->
tc qdisc add dev $vpn_if handle ffff: ingress; tc filter add dev $vpn_if parent ffff: matchall action mirred egress redirect dev ifb-wg-pbr; <-- will this work to mirror ingress packets on WireGuard interface? It seems to give me mangled packets on the ifb?
robimarko has quit [Read error: Connection reset by peer]
robimarko has joined #openwrt-devel
Lynx- has quit [Read error: Connection reset by peer]
Lynx- has joined #openwrt-devel
indy has quit [Ping timeout: 480 seconds]
<ynezz>
Habbie: it is EOL, so you can't expect binaries and any support, but apparently its still being used in some projects, so folks still contribute fixes into source code
<f00b4r0>
neat
<Habbie>
ynezz, very clear, thanks
srslypascal is now known as Guest328
srslypascal has joined #openwrt-devel
jlsalvador has quit [Ping timeout: 480 seconds]
srslypascal is now known as Guest329
srslypascal has joined #openwrt-devel
srslypascal has quit []
jlsalvador has joined #openwrt-devel
Guest328 has quit [Ping timeout: 480 seconds]
Guest329 has quit [Ping timeout: 480 seconds]
indy has joined #openwrt-devel
srslypascal has joined #openwrt-devel
<Lynx->
root@OpenWrt:~# tc qdisc add dev vpn handle 1: root prio --> Error: Specified qdisc kind is unknown.
<Lynx->
what package am I missing?
<dwfreed>
the item after 'root' should be a qdisc; 'prio' is not a qdisc
jlsalvador has quit [Read error: Connection reset by peer]
<pepes>
Habbie: Yes, OpenWrt 19.07 is used in Turris OS, thus we are updating packages repository, we would do the same for OpenWrt main repo, but a few PRs were already closed, thus we are storing them in our repo. Hopefully, we will move to supported OpenWrt version soon. It's exhausting to provide support for it and also embarassasing.
<karlp>
ynezz: "update package to latest git head" is not really what I'd call security patchs though, for instance. that would seem to be, on the face of it, not in the spirit at least...
<Habbie>
pepes, right :)
<karlp>
same for adding completely new packages...
<_luna>
russell--: yes, that's the document I'm reading for quilt, but it doesn't seem to specify how I make commits with the diffs. do I just `git apply` them to a repo clone?
<Habbie>
that cgi-io update does in fact look like security, but i don't know what else the new head brings
<Lynx->
Anyone familiar with the OpenWrt package that contains the prio qdisc?
<stintel>
Lynx-: kmod-sched-prio
<Lynx->
Unknown package 'kmod-sched-prio'.
<stintel>
opkg update first
<Lynx->
hmm
<Lynx->
is it in 22.03?
<Lynx->
(same error)
<stintel>
ah, it was in kmod-sched
<Lynx->
I have that installed
<stintel>
it has been extract to its own package recently
<stintel>
lsmod | grep sch_prio
<Lynx->
yeah not coming up
<Lynx->
ah sorry I don't have kmod-sched
<Lynx->
btw stintel is "tc qdisc add dev vpn handle 1: root prio" and "tc filter add dev vpn parent 1: protocol all u32 match u32 0 0 action mirred egress mirror" the correct way to mirror EGRESS?
<stintel>
I don't know by heart
<Lynx->
do you know if ingress on WireGuard interface is encrypted?
<stintel>
you could look at the qosify code, it contains some tc commants to set up mirroring
<stintel>
commands*
<stintel>
I don't know anything about wireguard, maybe zx2c4 can answer that
<Lynx->
* pkg_hash_fetch_best_installation_candidate: Packages for firewall4 found, but incompatible with the architectures configured * opkg_install_cmd: Cannot install package firewall4. *satisfy_dependencies_for: Cannot satisfy the following dependencies for luci: * kmod-nft-nat6
jlsalvador has quit [Ping timeout: 480 seconds]
<Lynx->
So luci/firewall4?
<stintel>
git grep kmod-nft on luci repo doesn't yield anything
<stintel>
that's probably just because luci depends on uci-firewall, which is provided by either firewall3 or firewall4
jlsalvador has joined #openwrt-devel
<stintel>
dunno, never used IB before
<stintel>
someone else will have to fix it
Lynx- is now known as Guest337
Guest337 has quit [Read error: Connection reset by peer]
Lynx- has joined #openwrt-devel
borek1 has joined #openwrt-devel
borek has quit [Ping timeout: 480 seconds]
borek1 is now known as borek
ekathva has quit [Remote host closed the connection]
borek has quit [Quit: borek]
borek has joined #openwrt-devel
tomh- has quit [Quit: WeeChat 3.5]
tom- has joined #openwrt-devel
Misanthropos has quit [Quit: ZNC 1.8.2+deb2+b1 - https://znc.in]
minimal has joined #openwrt-devel
cp- has quit [Read error: Connection reset by peer]
danitool has quit [Remote host closed the connection]
<schmars[m]>
stintel Lync-: this is the commit https://github.com/openwrt/openwrt/commit/534e256c029bc47920d8b2544a43e568491b1af2 -- so firewall4's dependencies were changed, but on downloads.openwrt.org it still has the old dependencies set, including kmod-nft-nat6 which has been removed. my guess is some weird buildbot caching issue. the commit that downloads.openwrt.org/releases/22.03-SNAPSHOT is already newer than the kmod-nft-nat6 removal
<schmars[m]>
commit
<schmars[m]>
Lynx- ^
<Lynx->
Ah, so this is one for aparcar?
<schmars[m]>
i don't know but seems like a stopper for 22.03 release
borek has quit [Quit: borek]
<Lynx->
Don't suppose you have familiarity with ingress on WireGuard interfaces and whether if you mirror that using tc + mirred to an IFB you would expect the mirrored packets to be unencrypted as they appaeat using 'tcpdump -i wg_interface'?
<Lynx->
Know how in this area seems rather hard to come by
PtitGNU has quit [Read error: Connection reset by peer]
PtitGNU has joined #openwrt-devel
MAbeeTT has joined #openwrt-devel
<schmars[m]>
Lynx- well, try it out? :) i know that kmod-wireguard does its own network interface, so tc would need to be able to work with that. it's not a tun or tap or veth
<mrnuke>
.
<Lynx->
schmars[m] thanks. I tried it but don't know how to interpret the results: https://forum.openwrt.org/t/ifbs-in-wireguard-context/134799. It looks to me a bit like mirroring ingress on the VPN interface results in copying over the encpasulated packets not the unencrypted packets, which is what I Actually want.
<schmars[m]>
yeah cause your capturing on wan, stuff hasn't entered the wireguard codepath yet
<Lynx->
ah no that's capturing on VPN
<Lynx->
Well both actually, but the weird stuff is what is captured from VPN
<schmars[m]>
ah ok :) well i can't help you with tc, never really used it
<Lynx->
Conceptually is the idea that on wan packet is encrypted and encapsulated and then what would you expect ingress on the WireGuard interface to look like?
<Lynx->
You see using 'tcpdump -i VPN' I see everything unencrypted
<Lynx->
so I assumed that meant ingress is the inner, unencrypted packets
Misanthropos has quit [Quit: ZNC 1.8.2+deb2+b1 - https://znc.in]
goliath has quit [Quit: SIGSEGV]
Misanthropos has joined #openwrt-devel
Tapper has quit [Ping timeout: 480 seconds]
PtitGNU has quit [Read error: Connection reset by peer]
PtitGNU has joined #openwrt-devel
aiyion has joined #openwrt-devel
aiyion has quit [Remote host closed the connection]
aiyion has joined #openwrt-devel
aiyion has quit [Quit: aiyion]
aiyion has joined #openwrt-devel
Tapper has joined #openwrt-devel
ekathva has joined #openwrt-devel
goliath has joined #openwrt-devel
aiyion has quit [Quit: aiyion]
aiyion has joined #openwrt-devel
danitool has joined #openwrt-devel
floof58 has quit [Ping timeout: 480 seconds]
floof58 has joined #openwrt-devel
SlimeyX has quit [Ping timeout: 480 seconds]
Lynx-- has joined #openwrt-devel
Lynx- is now known as Guest362
Lynx-- is now known as Lynx-
<f00b4r0>
i see some targets make use of LED "function" property in dts but the use doesn't seem widespread: what's the verdict on that?
Guest362 has quit [Ping timeout: 480 seconds]
Borromini has joined #openwrt-devel
<robimarko>
Sounds like a good idea to use it when possible, since its upstream anyway
<mrnuke>
Isn't "function" and "color" redundant since they are also part of the led name?
<robimarko>
No, its the other way around
<robimarko>
label has been deprecated
<f00b4r0>
i'll check what it does. The bindings doc isn't very clear on that
<mrnuke>
It's seems like a C-ism to me to try to enumerate every possible string and encode it as an enum. But then the kernel is written by C-ists -- I shouldn't be surprised :p
<robimarko>
It just dynamically creates the LED name instead of setting it manually via label
<robimarko>
Its start of an attempt to kind of standardise the functions
<f00b4r0>
robimarko: but that means the name isn't deterministic/static then? How does one connect that with e.g. the uci_netdev trigger?
<f00b4r0>
(for 01_leds)
<robimarko>
It is
<robimarko>
Its gonna be color:function (Or the other way around=
<robimarko>
Plus the enumerator if you have multiple ones
<robimarko>
So its predictable and always the same
<f00b4r0>
ah ok!
<f00b4r0>
sounds like something we might want to propagate treewide
* mrnuke
doesn't like it
Tapper has quit [Ping timeout: 480 seconds]
Borromini has quit [Ping timeout: 480 seconds]
<hauke>
Habbie: do you want to work on adding openssl3 support to OpenWrt?
<svanheule>
f00b4r0: the problem with color/function/function-enumerator, is that led classdevs in sysfs don't have a backlink to their DT entry
<svanheule>
so it's currently not possible to translate a DT alias into a /sys/class/leds node if we don't also have the label property
<Habbie>
hauke, no, i do not - openssl3 already is a source of work for me, and I do not need it to be that in more places :)
<svanheule>
f00b4r0: unless the script that retrieves the sysfs locations of the LEDs also has a table of COLOR_ID values to their string representations, but that seems fragile
<Lynx->
* pkg_hash_check_unresolved: cannot find dependency kmod-nft-nat6 for firewall4
<Lynx->
* satisfy_dependencies_for: Cannot satisfy the following dependencies for luci: * kmod-nft-nat6
<Lynx->
auc/attended sysupgrade for 22.03 broken now :(
Lynx- has quit [Quit: Going offline, see ya! (www.adiirc.com)]
<Habbie>
hauke, that said, after alpine tried and then went back, and ubuntu tried and sticked with it, most software should be able to cope now - although dnsdist ran into another 1/3 incompatibility today
<minimal>
Habbie: Alpine switched again - Edge is using openssl3 for approx 2 weeks now
<Habbie>
ah! in fact i had in mind that they tried again even longer ago
<minimal>
Habbie: yes Alpine 1st tried quite a few months ago (6 months?) and rolled back. Then in the last couple of weeks they switched again and stayed on openssl3
<Habbie>
ack
<f00b4r0>
svanheule: I'm kinda lost. I don't see the backlink you mention in the leds defined with a "label" either. And forgive the silly question but how is this a problem?
<minimal>
the main blocker originally for Alpine was mariadb (or mysql) didn't support openssl3
<hauke>
stintel: on which image builder do we have the problem with the missing kmod-nft-nat6 ?
<svanheule>
f00b4r0: it's never there, but "label" still takes precedence over [[device:]color:]function device names. So if "label" exists, the entry will always be at /sys/class/leds/$LABEL
<hauke>
I do not understand how this happens.
<f00b4r0>
svanheule: ah yes but label is supposed to be deprecated in favor of color/function, so of course when I say "propagate", the idea would be to replace one with the other :)
<hauke>
it looks like someone uses an old firewall4 package and a recent kernel build
<f00b4r0>
hauke: could it be temporary cruft? I experienced the issue this morning and all I did was git checkout a fresh master from a slightly out of date branch that built fine, and then check'd out said branch again and it was broken
<svanheule>
f00b4r0: that would make most sense, yes. Otherwise we probably end up with conflicting names
<f00b4r0>
distclean fixed it
valku has joined #openwrt-devel
<f00b4r0>
then russell-- pointed out that dirclean would too
<svanheule>
f00b4r0: I would also not be opposed to free-form values for "function", instead of just using the ones from the leds header
<f00b4r0>
svanheule: *nod*
<svanheule>
f00b4r0: the missing backlink is cause by the led device being created and registered *before* the DT node is assigned to said device
<svanheule>
f00b4r0: if the device was created, DT node assigned, and only then registered, there would be backlink
<hauke>
Habbie: openssl 1.1.1 is EOL 2023-09-11, we should upgrade master before the next release
<f00b4r0>
svanheule: ok but it seems orthogonal to the color/function thing, no?
<Habbie>
hauke, ah, right
<svanheule>
f00b4r0: to some extent, yes, but AFAIK this missing backlink is also the reason we don't push for color/function
<svanheule>
never got around to submitting it upstream, partly because I didn't like the duplicated boilerplate that's normally done by device_create_with_groups()
guidosarducci has quit [Remote host closed the connection]
guidosarducci has joined #openwrt-devel
robimarko has quit [Quit: Leaving]
MaxSoniX has quit [Quit: Konversation terminated!]
shibboleth has quit [Quit: shibboleth]
<f00b4r0>
hauke: out of curiosity, is there a reason not to have telnet client support in openwrt?
<pepes>
Yes, why enable telnet now when it was disabled? I get that you want to have it, but there is an image builder, where you can enable it and it will suits your needs. Also, you can install package, if you want to have it. I don't see a reason, why it should be enabled to all routers supported by OpenWrt.