Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
gch9812130 has joined #openwrt-devel
gch981213 has quit [Ping timeout: 260 seconds]
gch9812130 is now known as gch981213
dangole has quit [Quit: Leaving]
csrf has quit [Read error: Connection reset by peer]
csrf has joined #openwrt-devel
Grommish has quit [Read error: Connection reset by peer]
Grommish has joined #openwrt-devel
Grommish has quit [Read error: Connection reset by peer]
Grommish has joined #openwrt-devel
valku has joined #openwrt-devel
rsalvaterra has joined #openwrt-devel
philipp64 has quit [Quit: philipp64]
gch9812139 has joined #openwrt-devel
gch981213 has quit [Ping timeout: 265 seconds]
gch9812139 is now known as gch981213
thagabe has joined #openwrt-devel
ds_shadof has quit [Ping timeout: 256 seconds]
gch981213 has quit [Read error: Connection reset by peer]
gch9812136 has joined #openwrt-devel
OutBackDingo has joined #openwrt-devel
danitool has quit [Quit: Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos]
hbug has joined #openwrt-devel
hbug___ has quit [Ping timeout: 240 seconds]
victhor has quit [Ping timeout: 256 seconds]
thagabe has quit [Quit: Connection closed]
tobleminer-tSYS has quit [Quit: AS4242423214]
tobleminer-tSYS has joined #openwrt-devel
gch9812136 has quit [Read error: Connection reset by peer]
gch981213 has joined #openwrt-devel
UnknownzD has joined #openwrt-devel
gch981213 has quit [Read error: Connection reset by peer]
gch981213 has joined #openwrt-devel
<UnknownzD>
Hi, I may have found an issue in the dnsmasq package. But I don't want to immediately open the ticket unless someone has confirmed the issue as well. Is there anyone free to help? Currently I have found the same issue to take place on 2 different routers running OpenWRT
<UnknownzD>
I have found that when dnsmasq is loading a large amount of hosts via "servers" in a config file (specifically dropped via adblock), dnsmasq has dropped all subsequent TCP enquiry
<UnknownzD>
with TCP RST packet sent to the client
<UnknownzD>
Normally this would not affect PC connection since PC is mainly using UDP port for enquiry
<UnknownzD>
However, my android TV has been sending TCP query to dnsmasq instead, and does not rely on the UDP reply
<UnknownzD>
It is confirmed that the packet is not dropped by the firewall since the pcap file captured by the adblock packge under DNS report section has shown the RST packet
<UnknownzD>
And I have set all the firewall setting to adopt a drop approach instead of reject approach, therefore a RST packet is unlikely caused by the firewall
<UnknownzD>
Any help would be appreciated, and if anyone can confirm this issue, I will submit a ticket in bug tracker as well
<UnknownzD>
In addition, I have also confirmed that the /tmp/dnsmasq.d/adb_list.overall (a dnsmasq conf file) dropped by adblock does not contain any malformed directive / parameter as I have confirmed with the regular expression "\n(?!address=)" to see if the file contains any lines unrelated to host blocking
<Namidairo>
how many entries is it
<UnknownzD>
"log-queries=extra" was also adopted in dnsmasq.conf, and the syslog simply skipped to show anything / any query when TCP request is resolved
<Namidairo>
>= 150 entries?
<UnknownzD>
Yes, 458090 lines
<UnknownzD>
with 2 different routers, one Linksys EA8300, one NetGear R7500 v1
<UnknownzD>
when the DNS cache / adblock config file is being reset via "service adblock restart", the dnsmasq on the router respond to the TCP enquiry
<UnknownzD>
But once the config file is dropped and the dnsmasq is reloaded, the dnsmasq no longer respond to TCP enquiry
<UnknownzD>
During the test, I have also tried to use all 3 different ways of binding interface (bind-interfaces / bind-dynamic / default) but still shows the same result ....... so I guess it is different from the previously reported bug via RHEL bug tracker
<Grommish>
I've had no issues with Adblock or dnsmasq locally, but gimme a sec to test.. I've been blowing my device up all day and haven't turned it back on yet
<UnknownzD>
Grommish, I have another user trying to reproduce the result in #openwrt, but he said he has no such issue at all
<UnknownzD>
brb, shutting down connection for further test
UnknownzD has quit [Quit: Leaving]
zjason has quit [Quit: ERC (IRC client for Emacs 27.0.50)]
UnknownzD has joined #openwrt-devel
<UnknownzD>
Grommish, did you have similar result?
gch981213 has quit [Read error: Connection reset by peer]
gch9812130 has joined #openwrt-devel
cp- has quit [Ping timeout: 260 seconds]
cp- has joined #openwrt-devel
mwarning has joined #openwrt-devel
UnknownzD has quit [Ping timeout: 260 seconds]
kakaka has quit [Ping timeout: 240 seconds]
[florian] has quit [Ping timeout: 260 seconds]
[florian] has joined #openwrt-devel
[florian] has joined #openwrt-devel
[florian] has quit [Changing host]
valku has quit [Quit: valku]
kakaka has joined #openwrt-devel
mwarning has quit [Ping timeout: 260 seconds]
nitroshift has joined #openwrt-devel
dedeckeh has joined #openwrt-devel
UnknownzD has joined #openwrt-devel
<UnknownzD>
For anyone who has read the chat regarding the dnsmasq dropping TCP enquiry issue, in relation to adblock, I have found a temporary workaround that the adblocker will be working but certain functionality will be missing, such as NX domain in the DNS reporting function and the blocked domain enquiry function
<UnknownzD>
You can set adblock as using raw as the DNS backend, and then add the following line in the crontab, "*/2 * * * * sed -e 's/^/0.0.0.0 /' /tmp/adb_list.overall > /tmp/adblocker && rm /tmp/adb_list.overall && killall -s SIGHUP dnsmasq &"
<UnknownzD>
This will cause the router to check for adblock drop eveyr 2 mintues, and then reformat the list as per attn-host file format
<UnknownzD>
in /etc/dnsmasq.conf, add /tmp/adblocker as attn-hosts with "addn-hosts=/tmp/adblocke"
<UnknownzD>
"addn-hosts=/tmp/adblocker"
<UnknownzD>
if you only use SIGHUP to force dnsmasq to re-read the attn-hosts file, instead of reading a 400k+ line config file for adblocking, it will work
<UnknownzD>
Anyway, thanks for anyone that helped, and I will see if anyone can reproduce the issue before submitting the bug ticket
UnknownzD has quit [Quit: Leaving]
Borromini has joined #openwrt-devel
UnknownzD has joined #openwrt-devel
Darkmatter66 has joined #openwrt-devel
ivanich has joined #openwrt-devel
black_ant has joined #openwrt-devel
black_ant has quit [Changing host]
black_ant has joined #openwrt-devel
feriman has joined #openwrt-devel
Ycarus has joined #openwrt-devel
feriman has quit [Client Quit]
Borromini has quit [Ping timeout: 260 seconds]
indy has quit [Ping timeout: 246 seconds]
xback has joined #openwrt-devel
eduardas has joined #openwrt-devel
indy has joined #openwrt-devel
gch9812130 has quit [Read error: Connection reset by peer]
gch981213 has joined #openwrt-devel
Nick_Lowe has joined #openwrt-devel
glyph has quit [Quit: End of line.]
mwarning has joined #openwrt-devel
glyph has joined #openwrt-devel
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Nick_Lowe has joined #openwrt-devel
swalker has quit [Ping timeout: 260 seconds]
Tapper has quit [Excess Flood]
Tapper has joined #openwrt-devel
qgTG_ has quit [Quit: quit]
qgTG has joined #openwrt-devel
<ldir>
Could someone take a look at https://git.openwrt.org/?p=openwrt/staging/ldir.git;a=commit;h=700029406989ce7964f1370173023371136ad484 for me please - I don't know if there's a more technically correct way to fix it.
<ldir>
nbd: ^^^^ you might have more clues
mwarning has quit [Ping timeout: 260 seconds]
<jow>
I wonder about the sudden SADDNS hype
<jow>
I though it is common sense that a DNS TXN is only protected by a random 16 bit source port
<jow>
ldir: looks reasonable
<rsalvaterra>
jow: I believe it's a bit overblown, to be honest.
<jow>
some of these things appear as if some people just rediscover how the internet works
<rsalvaterra>
I'm still amazed it actually does. :P
<karlp>
thankfully we've at least moved on from the "omg, I have physical access and jtag tooling and I could modify memory!"
<rsalvaterra>
karlp: Yeah, security people are a bit… overzealous.
<rr123>
rebuild master this morning, my tplink-a7-v5 lost one wifi radio, previously wlan0 for 5G and wlan1 for 2.4G, now wlan0 is 2.4G and 5G is gone with this new daily master build
<adrianschmutzler>
Well, we could discuss that at the next meeting which should happen at some point anyway
<aparcar[m]>
The schema had some errors but seems mostly fine now. The original data of the wiki has tons of flaws which I try to resolve at some point with Thomas
<adrianschmutzler>
if properly prepared, one could then decide where to maintain it
<aparcar[m]>
is there an idea for the next meeting?
<adrianschmutzler>
Well, it will be hard to work with it if its created directly from the wiki. one should at least extract the device names itself from the main git repo and then only fill those with data from the Wiki.
* rr123
wonders when nftables(fw4?) work will start, from the reading it's mostly about luci related work
<aparcar[m]>
yes I added a "tag" to all automatically moved devices, those should go through a manual review process. I'll add some demos of recently added devices.
valku has quit [Read error: Connection reset by peer]
<jow>
rr123: I already started working on it
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
Nick_Lowe has joined #openwrt-devel
<rr123>
jow: will it be fw4 and share the same git as firewall3,want to watch the repo and test it along the way
mwarning has quit [Ping timeout: 264 seconds]
Ycarus has quit [Quit: Ycarus]
mwarning has joined #openwrt-devel
opal has quit [Remote host closed the connection]
<jow>
rr123: no, it will be a separate repository most likely
opal has joined #openwrt-devel
caravel has quit [Quit: Konversation terminated!]
black_ant has quit [Ping timeout: 260 seconds]
mwarning has quit [Ping timeout: 260 seconds]
dedeckeh has quit [Remote host closed the connection]
mwarning has joined #openwrt-devel
<adrianschmutzler>
aparcar: btw, the next meeting is actually due for more than a month now, but obviously nobody had the time or interest in scheduling it (i.e. determine a slot where many people are available)
<adrianschmutzler>
and preferably we would lift all release blockers for 20.xx beforehand, so we can branch at this meeting
<aparcar[m]>
dangole: ping
enyc has quit [Ping timeout: 264 seconds]
Darkmatter66 has quit [Ping timeout: 260 seconds]
enyc has joined #openwrt-devel
caravel has joined #openwrt-devel
enyc has quit [Ping timeout: 260 seconds]
enyc has joined #openwrt-devel
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<aparcar[m]>
adrianschmutzler: yea I'm aware of it 🙂 should we create mail threads for it?
<rsalvaterra>
GCC bump deemed to risky? That's unfortunate… :/
<pkgadd>
rsalvaterra: that's just a matter of timing, bumping core toolchain packages now invalidates all testing done
<rsalvaterra>
pkgadd: Yeah, totally agree… it's just easy to forget that when we're building our own images with GCC 10.x for months… :)
<pkgadd>
in the beginning, after gcc 10 was formally released as stable, it still had quite a few bugs (those are solved by now)
<aparcar[m]>
does it make sense to skpi gcc 9 then?
<pkgadd>
personally I've not used either on OpenWrt so far (I usually keep the toolchain options, and especially the compiler, at their defaults), but I don't think there'd be much value in looking into gcc-9, unless gcc-10 would show bigger issues (apart from being more strict)
<pkgadd>
(but I do use gcc-10 on Debian/ unstable for i386 and x86_64 regularly+)
csrf has quit [Ping timeout: 264 seconds]
feriman has quit [Ping timeout: 260 seconds]
<enyc>
silly question, what does the gcc version change 8.4->10.x make to the quality/hardening/functionality of OpenWRT-20.xx ? some tangeable advantage, or more just future-proofing release?
Misanthr- has joined #openwrt-devel
<pkgadd>
to varying extents, it's all of that - and eventually a mere necessity. yes, sources often have problems with (too-) new compilers, but at the same time they quickly lose compatibility with old ones or require features of newer ones
<pkgadd>
especially for ARM, you also see a lot of work happening on the compiler side (and yes, also all of those topics, hardening, performance for newer SOCs, ...)
Misanthropos has quit [Ping timeout: 256 seconds]
Misanthr- is now known as Misanthropos
adrianschmutzler has quit [Quit: ~ Trillian - www.trillian.im ~]