<enyc>
I imagine that 18.06 be show as projected EOL "soon" (when 20.x released)
<enyc>
19.07 then considerably beyond that
nast has joined #openwrt-devel
<blogic>
stintel: so the lldpd issue
<blogic>
stintel: we need to make it run on the member interfaces of a bridge, rather than the bridge
<blogic>
if you run it on the bridge, remote hosts will see the AP
<blogic>
but the AP can't see them
Darkmatter66 has joined #openwrt-devel
<mangix>
blogic: you can get it to compile?
<blogic>
1.0.7 ?
<blogic>
yes build locally
<blogic>
or whatever the update was
<blogic>
tested in mips, arm and aarch64
<stintel>
mangix: we tried reproducing the buildbot bug, it builds for Hauke for me on d10 for jow, even in the Docker container used by the build slaves
<jow>
usually it is locally shipped macros which are broken and omitting them fixes things
<jow>
but in this case, lddpd relies on a "broken" (modified) local macro
<jow>
the official one does not set the expected variables
<jow>
and due to the official one having a higher serial, autoconf will always prefer it, even if we'd shuffle the include paths to prefer local over global (which was my first idea for a fix)
<mangix>
hmm git grep amincline doesn't show anything interesting
<mangix>
*aminclude
<mangix>
jow: right but ola broke with the introduction of autoconf-archive
<jow>
well, autoconf has more failure modes than working code paths
<stintel>
Pepe: whe have too many discussion places already. flyspray, forum, github issues/PRs, irc, ML. do we really need another one?
<stintel>
jow: also builds for me, so tested-and-acked by if that is a think :)
<jow>
upstream accepted the change already btw
<Pepe>
I see your point, but there are already more than 200 issues in packages repository and some of them are feature request which can be moved there.
<jow>
so with the next bump we can get rid of the patch again
<stintel>
jow: excellent!
<stintel>
jow: thanks a lot for this
victhor has joined #openwrt-devel
<jow>
yw
<mangix>
hmm wish I knew when 19.07.5 was dropping so I could have backported kambs
<mangix>
*ksmbd
<jow>
mangix: you can backport any non-image-included packages at any time
<dorf>
is that likely to be a simple opkg update, or more involved, ynezz?
csrf has joined #openwrt-devel
<ynezz>
you can't update kernel that way
dorf has quit [Remote host closed the connection]
dorf has joined #openwrt-devel
<dorf>
> yeah, what I suspected. what about a semi-painless way to update an install on exroot?
<dorf>
also, has anyone considered a mechanism to update the kernel by downloading and deploying on reboot? or is that too complex?
MatMaul has joined #openwrt-devel
<dorf>
-or- failing that, a LuCI feature that builds on the various backup/restore scripts out there, backing up all relevant configs together with a list of installed apps, with the option to import the backup to restore a previous setup post-upgrade.
rr123 has quit [Remote host closed the connection]
<rsalvaterra>
mangix: I just saw your pull request. Do you have a link to the upstream multi-CPU port DSA patch? :)
Borromini has joined #openwrt-devel
T-Bone has joined #openwrt-devel
f00b4r0 has quit [Ping timeout: 265 seconds]
noltari has quit [Quit: Bye ~ Happy Hacking!]
Borromini has quit [Quit: Lost terminal]
noltari has joined #openwrt-devel
Tusker has joined #openwrt-devel
Tusker has quit [Client Quit]
danitool has joined #openwrt-devel
ivanich has quit [Quit: Konversation terminated!]
ivanich has joined #openwrt-devel
<ynezz>
jow: what's the rationale behind 65fad8645d72f2293a7d62d6ca338ebc2ee0d9de ?
dopje_ has quit [Read error: Connection reset by peer]
dopje has joined #openwrt-devel
<mangix>
rsalvaterra: it was referenced in that PR
<rsalvaterra>
Sorry, must have missed it.
<mangix>
ynezz: who cuts the releases?
Olipro has quit [Ping timeout: 260 seconds]
Misanthropos has quit [Read error: Connection reset by peer]
Olipro has joined #openwrt-devel
Olipro has joined #openwrt-devel
Misanthr- has joined #openwrt-devel
Misanthr- is now known as Misanthropos
nitroshift has quit [Quit: Gone that way --->]
danitool has quit [Quit: Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos]
<ynezz>
mangix: if you look at the commits, it's mostly Hauke, he's sending usually emails few weeks in advance
noltari has quit [Quit: Bye ~ Happy Hacking!]
noltari has joined #openwrt-devel
hbug has quit [Remote host closed the connection]
hbug has joined #openwrt-devel
opal has quit [Remote host closed the connection]
opal has joined #openwrt-devel
valku has joined #openwrt-devel
xxiao has joined #openwrt-devel
<xxiao>
if i have a package mandating openssl, will wolfssl/mbedtls still make any sense at all? wolfss itself is 400K
<xxiao>
trying to switch all to openssl and see how much space it can save, the ideal world will be all packages be ssl-neutral
Darkmatter66 has joined #openwrt-devel
Night-Shade has joined #openwrt-devel
dedeckeh has joined #openwrt-devel
Night-Shade has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
kubrickdave has quit [Quit: ZNC 1.7.2+deb3 - https://znc.in]
kubrickdave has joined #openwrt-devel
kubrickdave has quit [Client Quit]
Nick_Lowe has joined #openwrt-devel
kubrickdave has joined #openwrt-devel
<jow>
ynezz: real world failures with canonical mirrors having expired / selfsigned certs
<jow>
ynezz: reasoning was that we rely on hashes to verify integrity, HTTPS only adding complexity at best
<jow>
modern CDNs even mass-produce throw-away certs for dozens of sites they're caching, so I really don't see any merit in turning random cert quirks into hard failures
<jow>
but I can live with reverting it if it makes the security fanboys happy
blb4393 has joined #openwrt-devel
<jow>
s/canoical mirrors/canonical sources/, as in random project sites hosting tarballs
<jow>
likely not that much of an issue nowadays, its all github, sourceforge or aws anyway
finsternis has quit [Read error: Connection reset by peer]
<dorf>
adguardhome is being packaged for 20.x so it might be an idea to see if it's worth making that available?
Nick_Lowe has joined #openwrt-devel
Nick_Lowe has quit [Client Quit]
Darkmatter66_ has joined #openwrt-devel
Darkmatter66 has quit [Ping timeout: 240 seconds]
<ynezz>
jow: ok, makes sense, there is no commit description, so had to ask :)
<rr123>
jow: it has been a while since i used openssh-sftp-server for luci, does dropbear work with openssh-sftp-server or i have to use openssh to replace dropbear? I'm running dropbear with openssh-sftp-server but sshfs complains "remote host has disconnected"
<dorf>
not yet messed with sshfs, but sftp works fine with the openssh package.
<rr123>
dorf: for sure, i just don't recall if i need openssh-server for sftp, or dropbear server can work, don't want to use openssh server due to size
<dorf>
I never bothered to uninstall dropbear, but I did install the ssh server.
<dorf>
openssh-sftp-server and *sftp-cient
<dorf>
sorry, that's probably not much help.
<dorf>
I'm guessing you probably need those for the sftp service, rr123.
<dorf>
also, I didn't install the openssh-server package.
<dorf>
So in short, the opensftp-server and opensftp-client packages will work with dropbear.
<philipp64>
karlp: what it you that emailed me the link to the “procd init script parameters” wiki page?
<philipp64>
seems like some of the hooks are undocumented, like “service_started()”, etc.
<dorf>
works for me, rr123.
<dorf>
and no, it's not -p <port> it's -o port=<port>
Night-Shade has joined #openwrt-devel
<rr123>
dorf:thanks for testing, does not work for me still, testing
<rr123>
that's what i kind of remembered, that dropbear + openssh-sftp-server should work
<dorf>
sure thing. sounds like a permissions issue of sorts.
<dorf>
did you disabled password logins in dropbear?
<dorf>
also, maybe logread will give you some insight into what the issue is.
<rr123>
logread was not helping, just show (root) exited, i use ssh public key access which worked fine for ssh access
<dorf>
maybe try with a password, see if it's an issue with key access?
<rr123>
tries that , something else is wrong, just revert some changes in my ssh_config, not helping either
<rr123>
i can sshfs to other host just fine
Ycarus has quit [Quit: Ycarus]
<karlp>
philipp64: I may have at some point, not recently? yeah, people keep adding things and then not documenting them, I cnat do much abotu that :)
<philipp64>
maybe rmilecki can fix that if he gets bored...
<jow>
rr123: openssh-sftp-server works with dropbear
<jow>
it does not replace it
thess has joined #openwrt-devel
<dorf>
jow: you're a little late to the party!
thess has quit []
<rr123>
thanks, i found the problem, i was replacing wolfssl with openssl as i need openssl anyway so why adding the 400KB wolfssl, in the process I enabled cryptodev, then disable it as i realize my ath79 probably does not have it supported, then i mistakenly disable openssh engine support, it's place holder but must be on, otherwise sftp won't run. now it works, no openssh-server needed.
<philipp64>
jow: you around? seeing something weird in IPsec…
<philipp64>
Dec 7 18:12:46 OpenWrt2 ipsec: 12[NET] received packet: from 45.33.216.244[500] to 192.168.254.2[500] (617 bytes)
<philipp64>
what would cause that reflection?
* rr123
finally ready to play with luci js files
thess has left #openwrt-devel [#openwrt-devel]
<philipp64>
jow: I just ran “iptables-save | less” but nothing looks like a culprit (that I could see, anyway) regarding reflection…. And why would reflection happen on traffic coming from the outside, anyway? I thought reflection only happened when you tried to connection (from the inside) to a service on the WAN address…
<jow>
philipp64: uhm no idea, sorry.
<jow>
I usually avoid touching ipsec since it never works as intended for me
<philipp64>
okay, who knows that part of the firewall?
<jow>
I do, but I fail to see the relation to ipsec
* rr123
thought the whole world is already on wireguard
<philipp64>
or could tell me where to dive into the reflection/NATting?
<jow>
rr123: yes, but do you intend to decode binary data in luci?
<jow>
I know that it is useful for bidirectional data streaming, think video conferencing etc.
<jow>
but as a "better poll" alternative it is bloated mess ihmo
<jow>
the protocol is complicated, the implementations are complex and huge, and the requirement of persistent connections easily opens DoS vectors without further limiting measures
<philipp64>
jow: no, not a firewall problem. Strongswan is generating traffic from an interface that’s NOT the one facing the default route…
<philipp64>
hence it getting NATted on the outgoing masquerade…
<jow>
philipp64: was about to write that... your DNAT/SNAT rule list is quite empty
<philipp64>
Dec 7 18:12:46 OpenWrt2 ipsec: 09[NET] sending packet: from 192.168.254.2[500] to 45.33.216.244[500] (584 bytes)
<philipp64>
WTF...
<jow>
rr123: yeah, Rafal implemented it last month
<dorf>
jow: eventsource sounds good to me.
<dorf>
potentially better than websockets, unidirectional.. no need for bidirectional communication.
<rr123>
ok I'm going to play with that, I never intend to play games within luci anyways
<dorf>
eventsource is a new one to me, but it looks pontentially a better fit.
<jow>
downside of eventsource is that the EvenSource() client API does not allow setting custom headers, so no way to pass the token using Authorization: or Cookie:
<dorf>
is the max 6 connections if !http/2 an issue?
<jow>
remains to be seen
<rr123>
then how to do authentication in luci
<jow>
rr123: we need to allow passing the session token via query string for EventSource requests
<stintel>
so if I forgot which switchport goes to which devices, this is very helpful
<stintel>
aside from the crappy Cisco SG200-08 on MultiGE0/0/15 =)
<barhom>
Does anyone know if there is a good way to get events from the kernel when it learns about new mac-addr (arp) ? hotplug.d/neigh is not enough because it is based on dnsmasq/dhcp.
<stintel>
ip monitor neigh ?
<stintel>
never used tbh but might be useful
<barhom>
stintel, I learned something new today. Thanks
<stintel>
welcome :)
<barhom>
What would you say about letting it be an option to run this and plugging it into hotplug.d/neigh ? Anyone find it useful maybe?
<stintel>
sounds like a DoS vector
<barhom>
For me it is about being able to list clients on the network who have set a static IP
<stintel>
there might be other options
philipp64 has quit [Ping timeout: 260 seconds]
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
philipp64 has joined #openwrt-devel
T-Bone has quit [Quit: Quitte]
Nick_Lowe has joined #openwrt-devel
<stintel>
I was thinking prometheus and node_exporter, but seems the lua version doesn't expose arp entries
<mangix>
sounds niche
falk0n has quit [Ping timeout: 240 seconds]
<rr123>
what about a small sh script to expose `arp -a`
<barhom>
I think Ill skip adding this extra unnecessary arp-entries checker. I wanted to get a list of client devices reliably. hotplug.d/dhcp and hostapd_cli to catch wifi connect/disconnect catches almost all clients
falk0n has joined #openwrt-devel
<barhom>
The only ones I'll be missing are the ones that connect via cable and incorrectly do not use dhcp and set a static IP. Those clients will never be listed
adrianschmutzler has quit [Quit: ~ Trillian - www.trillian.im ~]
* rr123
did not see hotplug.d on the master build at all
<jow>
barhom: monitoring netlink is the only reliable way to detect new neighbour entries
<jow>
ip neigh monitor does exactly that, but depending on how you implemented your solution, subscribing to a netlink socket in C might be easer
<jow>
compared to scraping "ip monitor" output
<jow>
altenratively poll /proc/net/arp
<barhom>
I do not see why i shouldn't use ip monitor neigh if I want to subscribe to this. Feels easy enough in bash, read each line and run whatever script you want
Nick_Lowe has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<barhom>
jow, do you think hotplug.d/neigh should get updates or is it too much spam?
Nick_Lowe has joined #openwrt-devel
<jow>
I think it
<jow>
'll overwhlem the event system in case of high neighbour activity
<barhom>
yeh, I think Ill skip this whole chapter for now. Enough with dhcp+hostapd_cli
pkgadd has quit [Remote host closed the connection]
pkgadd has joined #openwrt-devel
<barhom>
It was quite cumbersome to add hostapd_cli to startup. The only good way I could find was ti add it in hotplug.d/net/