<Grommish>
Does anyone know when Package/xxx i read in the build system? I've got conditional DEPENDS to try and keep the size down when certain options aren't needed.. I don't thik it would be read until make menuconfig is run again, which won't work.
<Grommish>
example, if the nflog option is selected, I want to add +libnet-1.2.x +libnetfilter-log +libnetfilter-queue +libnfnetlink to the DEPENDS so they get installed
philipp64 has quit [Ping timeout: 260 seconds]
<guidosarducci>
Grommish: what's the definition of "nflog option"? Config variable, KCONFIG, etc?
<Grommish>
guidosarducci: Suricata option, not kmod, but it means I need to add those above (for example) to Package/suricata6 DEPENDS so it gets installed properly
<Grommish>
I don't want to have the buid system install 4 packages if they aren't needed
<Grommish>
or like libmagic and file, which isn't needed unless suricata is built to be libmagic aware
<guidosarducci>
Grommish: so how do you define that Suricata option in our build system?
<Grommish>
guidosarducci: But, it only seems to read the Package/suricata6 one time, so I'm not sure how to do it without being tacky and just adding everything
<guidosarducci>
Grommish: that's where it's used, I asked where it's defined. Is it in our build system? Sounds like no. Without a better picture of how things are set up and how they fail for you, difficult to help.
<Grommish>
The deps don't get set, so the build system doesnt pull in the additional libraries. I think it only reads the DEPENDS once, so I'm not sure how to introduce additinal depends based on the if the option that requires them is selected
<Grommish>
So, yes, I'm referring to the build system itself :)
<Grommish>
The way I linked, it added the CONFIGURE_ARGS without issues, but doesn't add th additiona DEPENDS to support that option
ashkan has joined #openwrt-devel
<Grommish>
guidosarducci: I echo out the SURICATA_EXTRA_DEPENDS as a sanity check, and it read as +luajit +libmaxminddb +libmagic +file +libhiredis +libevent2 +libnet-1.2.x +libnetfilter-log +libnetfilter-queue +libnfnetlink +luajit +libmaxminddb +libmagic +file +libhiredis +libevent2 +libnet-1.2.x +libnetfilter-log +libnetfilter-queue +libnfnetlink - but they aren't present
guidosarducci has quit [Quit: ZNC 1.7.5+deb4 - https://znc.in]
guidosarducci has joined #openwrt-devel
philipp64 has quit [Ping timeout: 252 seconds]
hbug_ has quit [Ping timeout: 240 seconds]
philipp64 has joined #openwrt-devel
tobleminer-tSYS has quit [Quit: AS4242423214]
tobleminer-tSYS has joined #openwrt-devel
philipp64 has quit [Quit: philipp64]
kristrev has quit [Read error: Connection reset by peer]
kristrev has joined #openwrt-devel
victhor has quit [Ping timeout: 260 seconds]
<ashkan>
Grommish: do we have rust now?
philipp64 has joined #openwrt-devel
philipp64 has quit [Ping timeout: 240 seconds]
<guidosarducci>
Grommish: any luck? What was wrong with the usual "DEPENDS:= +SURICATA_ENABLE_NFLOG:libnetfilter-log" for example?
<Grommish>
guidosarducci: I'd assume nothing other than I didn't fully understand the deps wiki? :) It's why I ask
<Grommish>
ashkan: Depends on the target, but probably
<Grommish>
ashkan: If it isn't a supported target, it's easy enough to add
<Grommish>
guidosarducci: I will string them out. I appreciate the correction! :)
<ashkan>
Grommish cool, nice to see Suricata finally makes it to packages
poljar has joined #openwrt-devel
<ashkan>
Grommish: some thoughts on your pr though, isn't it a bit harsh to delete the entire log directory on service start ? :D
<Grommish>
ashkan: I doubt the use-case will be super high. Most Opennwrt machine won't have the grunt to actually use it
<Grommish>
ashkan: Probably, although it's in /tmp anyway
poljar1 has quit [Ping timeout: 240 seconds]
<Grommish>
ashkan: For testing purposes I clear everything out.. it can't be merged until rust is, and rust is still draft.. so I"m not concerned overall about it getting used before hand :) But I need a better way to check the pidfile.. I've been chasing down things and not really paying attention
<Grommish>
ashkan: certainly any comments, suggestions, edits, are welcome
<ashkan>
Grommish: I may be wrong but those ones who run suricata most def need the logs to be there and rotated even transfered to some SIEM stuff . most devices provide usb and sd slots for extra storage.
<Grommish>
ashkan: You are not wrong :) and it won't stay that way. log_dir is/will be a configuration setting
<Grommish>
ashkan: I'm just trying to 1) settle out the dependancies and 2) see if ebpf will work on x86
<ashkan>
Grommish: maybe also add a define Package/suricata6/conffiles section ? cause otherwise the config files won't be included in the backups
<Grommish>
ashkan: Gotcha. :) Let me finish this build real quick because I'll need to push other changes anyway
<Grommish>
ashkan: Something to keep in mind.. I don't know Suricata, I don't know rust, and I don't really know programming, so pointing out things like that isn't a bad thing :D
<Grommish>
I'm just persistent
<ashkan>
Grommish: as long as you can keepup with the community high standards :D
<ashkan>
Grommish: but I'm talking about a situation when someone triggers start service multiple times in a row. IDK maybe I did something wrong or this is not the case anymore
<ldir>
that has 2 aspects I don't understand/like - 1) how does linux account for memory of forked processes (ie fork only instead of the usual fork/exec)
<rsalvaterra>
Oh, adblock, I see. That can increase memory usage by *a lot*.
<ldir>
is it 'just' a case that add a bit of swap and linux won't worry that it can't potentially page things out.
<ldir>
that solves the OOM, which I regard as the smaller problem... the larger problem implied is...
<ldir>
a malicious/rogue process on your network can occupy all 20 TCP DNS processing slots (processes!) with something like netcat and denial of service DNS over TCP
Tapper has joined #openwrt-devel
<ldir>
or am I misunderstanding.
Borromini has joined #openwrt-devel
<ldir>
rsalvaterra: oh and I should ask...have I just rapidly reversed away from the Nakatomi building in a hail of bullets? :-D
<rsalvaterra>
Wait, dnsmasq forks itself for a new TCP connection when the previous instance is busy…?
<rsalvaterra>
Did I understand correctly, or am I totally out to lunch (dinner, at this time)?
brickfat has joined #openwrt-devel
danitool has joined #openwrt-devel
<ldir>
AFAIUI and this goes back to the dawn of dnsmasq time, tcp queries are handled by child processes, I think this is to prevent the stateless UDP main process from blocking due to stateful TCP.
<rsalvaterra>
Jesus…! So it desperately need a proper event loop…
<rsalvaterra>
*needs
<ldir>
but that is VERY simplistic understanding of a rumour
muhaha has quit [Quit: Connection closed]
muhaha has joined #openwrt-devel
<rsalvaterra>
Maybe… I'm not at all familiar with the internals of the thing. But it could use something like libevent/libev…
<rsalvaterra>
Speaking of libevent…
* rsalvaterra
wonders if it already implements io_uring support…
brickfat_ has quit [Remote host closed the connection]
dedeckeh has quit [Quit: Connection closed]
dangole has quit [Remote host closed the connection]
brickfat has quit [Ping timeout: 268 seconds]
<Grommish>
ashkan: Are you using MUSL? MUSL is dynamically linked, and I"m showing -static-libstdc++" in your log
Borromini has quit [Quit: Lost terminal]
<Grommish>
guidosarducci: The eBPF error in Suricata has to do with the Clang version, I'm being told. I think I'm going to end up having to learn another system. But. mangix, mangix loves Clang and I'm hoping with help ;p
brickfat has joined #openwrt-devel
<Grommish>
ashkan: You should know that it takes a bloody long time to compile Rust toolchain the first time. My basic rebuild without a clean is < 5 minutes.. about 15 with a clean.. On the initial rust build, it took 2 hours just for the rust toolchain
dorf has joined #openwrt-devel
<Grommish>
ashkan: Do me a favor.. go into menuconfig / lang and select Rust.. I was having issues with that before. Just select it and then build the toolchain separately via make -j1 V=sc package/feeds/packages/rust/host/{clean,compile}
<Grommish>
ashkan: It works, just isnt ready for repo time for sure
<Grommish>
ashkan: You should end up with dl/rust-1.50.0-x86_64-openwrt-linux-musl-install.tar.xz
<Grommish>
and dl/rust-1.50.0-x86_64-unknown-linux-gnu-install.tar.xz once you're done
brickfat has quit [Quit: Leaving]
Dracos-Carazza has quit [Ping timeout: 246 seconds]
Dracos-Carazza has joined #openwrt-devel
Tapper has quit [Ping timeout: 240 seconds]
Tapper has joined #openwrt-devel
Dracos-Carazza has quit [Ping timeout: 260 seconds]
muhaha has quit [Quit: Connection closed]
Dracos-Carazza has joined #openwrt-devel
zkrx has quit [Ping timeout: 252 seconds]
zkrx has joined #openwrt-devel
hadam88 has joined #openwrt-devel
<hadam88>
Hi!
<hadam88>
Can anyone help me understand the MBR used by the u-boot bootloader? It's the MBR of a router.
<hadam88>
I look at the values in hex, but I can't figure out the structure.
<hadam88>
Thanks!
<hadam88>
Adam
swex has quit [Quit: swex]
swex has joined #openwrt-devel
<hadam88>
Why do all columns 0 and 8 start with 0x10?
<hadam88>
Why is there only real data in columns 3 and 11?
<hadam88>
Why is there 0x01 in columns 2 and 10 from row 0x00000010?
fork has quit [Read error: Connection reset by peer]
ecloud has quit [Write error: Connection reset by peer]
zjason has quit [Read error: Connection reset by peer]
early has quit [Ping timeout: 265 seconds]
meffe has joined #openwrt-devel
Katana_St has joined #openwrt-devel
EqUaTe has quit [Ping timeout: 265 seconds]
yuvadm has quit [Ping timeout: 265 seconds]
EqUaTe_ is now known as EqUaTe
DeX77 has joined #openwrt-devel
hsp_ has joined #openwrt-devel
yuvadm has joined #openwrt-devel
Grommish has quit [Read error: Connection reset by peer]
Oddstr13 has quit [Ping timeout: 240 seconds]
hsp has quit [Ping timeout: 240 seconds]
Floppe__ has joined #openwrt-devel
Floppe has quit [Read error: Connection reset by peer]
lucenera has quit [Ping timeout: 240 seconds]
lemmi has quit [Ping timeout: 240 seconds]
qdel has quit [Ping timeout: 240 seconds]
Katana_Steel has quit [Ping timeout: 240 seconds]
lucenera0 is now known as lucenera
qdel has joined #openwrt-devel
Oddstr13 has joined #openwrt-devel
lemmi has joined #openwrt-devel
dorf has quit [Remote host closed the connection]
dorf has joined #openwrt-devel
<guidosarducci>
ldir: you're on the right track regarding dnsmasq: it's a memory accounting issue at root, usually manifesting with large blocklists. I was burned by this a few years back and worked through the details, but never had time or knowledge of dnsmasq internals to follow up with the right solution. All the "fixes" I've seen proposed are kludges that just move goalposts without resolving anything. Let me try to reload my memory
<guidosarducci>
and post a suggestion to the ML. Or if you know the internals and want to try some changes let me know.
Radu-Mamy has quit [Remote host closed the connection]