<rsalvaterra>
Pinged the wireless client successfully. Waited for a GTK renegotiation. Purged the ARP entry on the local machine. Pinged the wireless client again, also successfully.
<nbd>
can you test if it's specific to wpa3 or wpa2 with 802.11w enabled?
<nbd>
i.e. does it happen if you just use plain wpa2 with 802.11w explicitly disabled
<rsalvaterra>
This is WPA3, so 802.11w is implicitly enabled.
<rsalvaterra>
It also fails with WPA2, but I'm not sure if the client had 802.11w disabled, since it was optional (sae-mixed on the router).
<nbd>
please try disabling 802.11w on the router with wpa2 for testing
<rsalvaterra>
I'll try with psk2 on the router and explicitly disabling 802.11w.
state has joined #openwrt-devel
<rsalvaterra>
Aw, crap… have to build an unpatched image, of course…
victhor has joined #openwrt-devel
state_ has quit [Ping timeout: 276 seconds]
Darkmatter66 has joined #openwrt-devel
opal has quit [Remote host closed the connection]
opal has joined #openwrt-devel
dedeckeh has quit [Quit: Ping timeout (120 seconds)]
linzst has quit [Quit: Leaving]
state_ has joined #openwrt-devel
state has quit [Ping timeout: 246 seconds]
<blocktrron>
rsalvaterra nbd: i think i see the same on MT7915 with traffic coming to a halt upon GTK rekeying
<blocktrron>
I have a WPA2 11w disabled VAP and a SAE 11w enabled VAP and IIRC it only broke on the SAE one.
<blocktrron>
I'll be back at the APs place this weekend so i can verify this
<rsalvaterra>
blocktrron: Maybe it's 802.11w related, we should also test WPA2 with 802.11w.
dedeckeh has joined #openwrt-devel
<Namidairo>
that might be why I haven't hit it yet
<Namidairo>
I would have hit a ton of rekeying by now if it's at 600
state_ has quit [Read error: Connection reset by peer]
decke has quit [Quit: Leaving.]
dangole has joined #openwrt-devel
csrf has quit [Read error: Connection reset by peer]
csrf has joined #openwrt-devel
state_ has joined #openwrt-devel
state has quit [Ping timeout: 260 seconds]
kubrickdave has quit [Quit: ZNC 1.7.2+deb3 - https://znc.in]
caravel has joined #openwrt-devel
kubrickdave has joined #openwrt-devel
dangole has quit [Ping timeout: 272 seconds]
linzst has joined #openwrt-devel
linzst has quit [Max SendQ exceeded]
linzst has joined #openwrt-devel
linzst has quit [Max SendQ exceeded]
linzst has joined #openwrt-devel
eigma has quit [Ping timeout: 240 seconds]
linzst has quit [Max SendQ exceeded]
linzst has joined #openwrt-devel
linzst has quit [Max SendQ exceeded]
linzst has joined #openwrt-devel
rsalvaterra1 has joined #openwrt-devel
linzst has quit [Max SendQ exceeded]
linzst has joined #openwrt-devel
rsalvaterra has quit [Ping timeout: 240 seconds]
linzst has quit [Max SendQ exceeded]
rsalvaterra1 has quit [Client Quit]
rsalvaterra has joined #openwrt-devel
<rsalvaterra>
Namidairo: GTK rekeying is done once a day (86400 seconds) per station, by default, except for TKIP (but nobody should be using TKIP in 2021).
valku has joined #openwrt-devel
Huntereb has joined #openwrt-devel
Borromini has quit [Ping timeout: 256 seconds]
dedeckeh has quit [Quit: Ping timeout (120 seconds)]
<hurricos>
adrianschmutzler: Just wanted to say thanks for merging the MR12 commit. I apologize for being a frequent pain in the ass
<hurricos>
This will be a huge help for the supportability of our mesh net. We're getting a pile of MR62's soon and I was beginning to work on code to help maintain a patch of the upcoming release. But this saves me a ton of work.
<adrianschmutzler>
note that I modified the compat message, as for the two-port design network config will be incompatible as well when updated from ar71xx
<adrianschmutzler>
so you need to flash with -n when coming from ar71xx
<adrianschmutzler>
(just pushed it a minute ago)
<vdl>
does btrfs allow to have a rw overlay over a ro rootfs? I'm looking for an alternative to overlayfs because of the hassle to manage the upperdir and workdir mounts.
<plntyk>
anybody knows if there is some openwrt or associated talk at FOSDEM 2021 ?
<plntyk>
noticed openwifi hardware and some legal talk so far
<stintel>
vdl: I would actually ask that in #btrfs
state has joined #openwrt-devel
state_ has quit [Ping timeout: 240 seconds]
<hurricos>
adrianschmutzler: Thanks for sussing out that scenario.
Darkmatter66 has joined #openwrt-devel
state has quit [Ping timeout: 276 seconds]
state has joined #openwrt-devel
dorf has quit [Remote host closed the connection]
blb4393 has joined #openwrt-devel
dorf has joined #openwrt-devel
<vdl>
stintel: thank you
Borromini has joined #openwrt-devel
blb4393 has quit [Quit: ChatZilla 0.9.93 [Waterfox 56.3/MOZ_BUILDID]]
state has quit []
danitool has joined #openwrt-devel
Darkmatter66 has quit [Ping timeout: 272 seconds]
junland has quit [Quit: %ZNC Disconnected%]
junland has joined #openwrt-devel
dedeckeh has joined #openwrt-devel
<champtar>
blocktrron: any news regarding the GitHub notice? deadline is monday
<blocktrron>
no reply from github yet
dedeckeh has quit [Quit: Ping timeout (120 seconds)]
dedeckeh has joined #openwrt-devel
<champtar>
you tried to contact the guy ?
* ldir-
doesn't like 240e:f7:4000::/36
<grift>
whats not to like?
<grift>
36 prefix seems pretty bad-ass to me
caravel has quit [Quit: Konversation terminated!]
<ldir->
China Telecom aka Communist Party of China doing slow (3 ish/per second) address/port scan
<grift>
harmless
<ldir->
It is since I drop the prefix in & out
<grift>
i got 160 mb worth of ssh brute force a day, dont give a funk
<ldir->
I'm domestic user, I don't run any servers etc I don't understand why they're looking/what they're looking for.
<grift>
theyre just ensuring that your shed is secure, nothing to do with .cn
<olmari>
Well... scanning whole IPv4 address space isn't that hard thing to do, so also very likely that something akin to that happends
<grift>
i am more annoyed with crawlers ignoring my robots.txt and constantly crawling my git history endlessly
black_ant has quit [Ping timeout: 256 seconds]
<grift>
i will admit though that port scans on ip6 arent all the common, atleast not on my network
<grift>
but other than that, its just a fact of life and can't be bothered with it (keeps me sharp so in a way to should be thankful)
Borromini has quit [Quit: Lost terminal]
<grift>
look at it this way, theyre ringing your doorbell to see if youre home
<grift>
alteast someone cares
Ycarus_ has quit [Quit: Ycarus_]
Ycarus has joined #openwrt-devel
<ldir->
I take a slightly more suspicious slant - they're checking to see which doors are locked on a row of parked cars.... the intent is unclear.
<grift>
but yes that comes from someone who allows anonymous root access to his router ... LOL
<ldir->
do I ?
<grift>
i am actually anxiously awaiting someone to log on LOL
<grift>
no i do
<ldir->
will they report the unlocked door to the owner, the police, a criminal element, get in and drive off themselves?
<grift>
look they;s dumb fucks scan the network find its open , but they wouldnt know what to do with it
<grift>
even if it gives root access
<blocktrron>
champtar: yes, he also tries to contact GitHub
<grift>
but look i do understand what you mean but if youre confident that you closed all the doors and that any open doors lead to nothing then why would you be worried? are you not confident?
<grift>
port scanning, brute forcing is just a think of modern internet. If you let that get to you then you have an issue
<grift>
blocking a 36 prefix for this is probably not very sustainable strategy
<grift>
point i am trying to make is that in this world you need a level of conidence and trust otherwise it will drive you nust
<grift>
nuts
<grift>
i wont let some lousy script intimidate me
<grift>
so bottom-line for me i like 36 prefixes, i wish i had one
<champtar>
blocktrron: could you ask him to make a public comment in the PR explaining the situation so that on monday when a random guy at GitHub review the case they don't suspend / delete the repo because nothing was done
<ynezz>
they would make a lot of people happy by doing exactly that :p
Borromini has joined #openwrt-devel
<Borromini>
rsalvaterra: ping
<rsalvaterra>
Borromini: pong
<Borromini>
rsalvaterra: hi
<Borromini>
i am still trying to get to the bottom about my MT7613 issue, but I have two MT7615 devices in production here
<Borromini>
and i realised today that weirdness i've been saying (ping dropping intermittently at some point) is the MT7615 radios
<rsalvaterra>
Right, check mt76 bug 494.
<Borromini>
e.g. 5 that go through, 5 that drop, ...
<rsalvaterra>
Borromini: there's a problem with broadcast and 802.11w on MT7615. Hacking the driver to force software GTK rekeying makes it work.
<Borromini>
it seems here it's not just pings dropping, i can SSH in when the ping responds but the connection just cuts off once the ping dies as well
<Borromini>
so you think that's similar/the same?
<Borromini>
sometimes it pops up after a few hours, and this time it took a few days.
<Borromini>
ok that report has a patch, i might give that a spin
valku has quit [Quit: valku]
Ivan__83 has quit [Quit: Miranda NG]
Ivan__83 has joined #openwrt-devel
<rsalvaterra>
Borromini: Yes. It happens after a GTK rekeying.
<rsalvaterra>
The patch fixes it.
<Borromini>
ok
<rsalvaterra>
Well, hacks around it, more precisely.
<Borromini>
so gtk rekeying happens at random intervals?
<rsalvaterra>
Once a day (every 86400 seconds), per station, by default.
<Borromini>
ok. should have checked the uptime before rebooting
Huntereb has quit [Read error: Connection reset by peer]
philipp64 has quit [Quit: philipp64]
Ivan__83 has quit [Read error: Connection reset by peer]
Ivan__83 has joined #openwrt-devel
Borromini has quit [Quit: Lost terminal]
<rsalvaterra>
Is DSA already on par with swconfig, featurewise?
philipp64 has joined #openwrt-devel
<rsalvaterra>
(I don't mean in LuCI, just UCI.)
mattsm has quit [Read error: Connection reset by peer]
mattsm has joined #openwrt-devel
feriman has quit [Ping timeout: 276 seconds]
mattsm has quit [Read error: Connection reset by peer]
mattsm has joined #openwrt-devel
rmilecki has quit [Ping timeout: 276 seconds]
dedeckeh has quit [Ping timeout: 240 seconds]
<mangix>
rsalvaterra: AFAIK no
<rsalvaterra>
mangix: Still no untagging?
<rsalvaterra>
I'm trying to bridge (on an Omnia) eth2.100 with lan3 untagged.
<rsalvaterra>
*eth2.105
<mangix>
No idea about that.
<rsalvaterra>
Wait, it worked(!!),
<rsalvaterra>
I'm not touching it anymore. Even afraid to sneeze atm.
adrianschmutzler has quit [Quit: ~ Trillian - www.trillian.im ~]
<Grommish>
My device uses -march=octeonplus by default from the repo. If I add a -mtune=octeon3, will I still be able to use the octeonplus ipk repos generated by the build bot, or will it complain about arch types?
<Grommish>
I know I can't change the -march or it complains and refuses, but not use if I leave the arch and add a tune if it'll still work