<guidosarducci>
Grommish_: can you post your log of the eBPF error? Also curious about the clang version requirement, since it's been quite featureful for years.
<Grommish>
guidosarducci: I only know what the Suricata folks have told me. That the error issue was referencing the clang --version
danitool has quit [Quit: Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos]
hbug___ has joined #openwrt-devel
hbug__ has quit [Ping timeout: 240 seconds]
<Grommish>
guidosarducci: I'll look into it more eventually
ashkan has quit [Ping timeout: 240 seconds]
tobleminer-tSYS has quit [Quit: AS4242423214]
tobleminer-tSYS has joined #openwrt-devel
hsp_ has quit [Quit: WeeChat 3.1]
hsp has joined #openwrt-devel
victhor has quit [Remote host closed the connection]
Grommish has quit [Ping timeout: 268 seconds]
Grommish has joined #openwrt-devel
poljar1 has joined #openwrt-devel
poljar has quit [Ping timeout: 268 seconds]
zkrx has quit [Ping timeout: 268 seconds]
zkrx has joined #openwrt-devel
zkrx has quit [Ping timeout: 260 seconds]
Grommish_ has joined #openwrt-devel
zkrx has joined #openwrt-devel
Grommish has quit [Ping timeout: 268 seconds]
swex_ has joined #openwrt-devel
swex has quit [Ping timeout: 240 seconds]
hadam88 has quit []
Grommish_ is now known as Grommish
valku has quit [Remote host closed the connection]
black_ant has joined #openwrt-devel
black_ant has joined #openwrt-devel
black_ant has quit [Changing host]
nitroshift has joined #openwrt-devel
goliath has joined #openwrt-devel
Tost has joined #openwrt-devel
caiortp has joined #openwrt-devel
DirkS has quit [Ping timeout: 240 seconds]
kakaka has quit [Remote host closed the connection]
kakaka has joined #openwrt-devel
decke has joined #openwrt-devel
DirkS has joined #openwrt-devel
csrf has quit [Ping timeout: 260 seconds]
csrf has joined #openwrt-devel
rsalvaterra has quit [Quit: Leaving.]
rsalvaterra has joined #openwrt-devel
rsalvaterra has quit [Client Quit]
rsalvaterra has joined #openwrt-devel
ivanich has joined #openwrt-devel
<rsalvaterra>
Hm… Is there an easy way to do a treewide refresh of all kernel configs?
danitool has joined #openwrt-devel
dorf has joined #openwrt-devel
damex has joined #openwrt-devel
brickfat has joined #openwrt-devel
ashkan has joined #openwrt-devel
* ldir
likes rsalvaterra's question - I was also going to ping Hauke so he could explain what I had done wrong (and how to do it right) with my missing kernel symbol patch
<rsalvaterra>
Yeah… I'd basically like to decrazify the ubifs compression configuration… but I'm too lazy to do it by hand. :)
Tapper has joined #openwrt-devel
<rsalvaterra>
I need to fix the generic target and let it propagate to all other targets.
<ldir>
is there a way you can take the 'update_kernel' script as a start?
<rsalvaterra>
I thought about something like that… haven't looked at the script, though.
<rsalvaterra>
Hmm… surprisingly concise.
<rsalvaterra>
I could probably get by with a couple of sed-fu chops…
<rsalvaterra>
ldir: I believe that part I grok. What do you want to do? :)
<ldir>
ok, let's say I've just done a kernel bump to 5.10.27 and I want to make sure that I'm not going to get any 'missing symbol' prompts. I'm building for my apu2 so x86_64
<ldir>
and as a harder problem - can you explain how a 3 human seater sofa has been completely occupied by 1 supposedly small spaniel!
caiortp has quit [Ping timeout: 260 seconds]
<Grommish>
ldir: As a spaniel, small or not, demands and receives respect and admiration. Simple But I'm sure it would share if you asked nicely and provided a small treat ;p
<rsalvaterra>
ldir: Well, x86 has both target and subtarget. After updating the kernel, you should probably start by making kernel_oldconfig CONFIG_TARGET=target, followed by make kernel_oldconfig CONFIG_TARGET=subtarget. That should take care of the common symbols.
<rsalvaterra>
As for the spaniel issue, just be thankful it's a dog, and not a cat… :P
<guidosarducci>
rsalvaterra: don't think there's
<rsalvaterra>
guidosarducci: Yeah, I thought so… :)
<guidosarducci>
rsalvaterra: .. a CONFIG_TARGET=target (oops)
<ldir>
Grommish: oh it knows all about small treats :-) Currently on its back, legs & tail outstretched, totally comfy and relaxed, no stress here at all - I'm relegated to sofa2... I know my place!
<guidosarducci>
ldir: stress is for humans!
<rsalvaterra>
guidosarducci: Ah, that I'm sure there is. ;)
<rsalvaterra>
guidosarducci: It's actually in the link ldir pasted.
<rsalvaterra>
ldir: Sofa, so good. :P
<guidosarducci>
rsalvaterra: wiki =/= source code though..
<guidosarducci>
rsalvaterra: if you find CONFIG_TARGET=target let me know then :^)
<rsalvaterra>
guidosarducci: Hmm… maybe it just ignores CONFIG_TARGET when it's set to target and refreshes the target by default? In any case, it does what's expected. :)
<ldir>
waits for his build to finish and then will have a play.
<ldir>
how does the generic 'target/config' relate to all this
<rsalvaterra>
It's a hierarchy, I guess.
<rsalvaterra>
Targets inherit the generic configuration and change what they need, subtargets inherit the target configuration and change what they need.
<guidosarducci>
nbd: russell-- : I tripped over some NLS fixes for packages you maintain. Appreciate if you could have a look at https://github.com/openwrt/openwrt/pull/4038 when you can.Thanks!
Grommish_ has joined #openwrt-devel
<nbd>
guidosarducci: LGTM
<ldir>
guidosarducci: thanks for your thoughts on the dnsmasq thing
brickfat has quit [Quit: Leaving]
danitool has quit [Quit: Cubum autem in duos cubos, aut quadratoquadratum in duos quadratoquadratos]
<guidosarducci>
nbd: so you don't think the ICONV needed to be there either? And testing glibc + musl is enough? No weird corner cases?
Grommish has quit [Ping timeout: 260 seconds]
<guidosarducci>
ldir: I'll send Simon a mail tomorrow, pretty sure I know the right fix.
<ldir>
guidosarducci: as I've said the OOM thing for me is an 'interesting' distraction
<rsalvaterra>
guidosarducci: For the TCP DoS?
<rsalvaterra>
You guys found the root cause?
<guidosarducci>
ldir: 'annoying' is more the word I was thinking of, became less of an issue once stared using banIP and ipsets.
<ldir>
guidosarducci: I'm more concerned by the 20 simultaneous TCP connections limit and the implied DoS
<guidosarducci>
rsalvaterra: yes, I think so, it's an old problem and I'm guessing others have also tried to beat it up.
<guidosarducci>
ldir: you mean someone holding the connections open? I assume there's timeout... connection exhaustion would still be an issue with a threaded dnsmasq too, right? Have to pick *some* limits...
<rsalvaterra>
guidosarducci: I suggested implementing a proper event loop, based on libevent or libv. :)
caiortp has joined #openwrt-devel
<ldir>
I am not a proper programmer - a threaded implementation would avoid the OOM 'false' positive - and yes there has to be some limit. Best I can come up with is a limit per query source IP address... you can DoS yourself and hopefully not break TCP DNS for others.
<ldir>
threading would likely be a big architectural change.
<guidosarducci>
ldir: that's the essence of "DNS fairness" :)
<nbd>
guidosarducci: i think if iconv was needed, it likely would have complained in your build tests
<guidosarducci>
ldir: and yes, I believe that's why Simon has stayed away from suggestions to do threading in the past.
<guidosarducci>
nbd: yeah, me too. Just wanted to check since I didn't know what linking errors you had when making your previous fix.
<rsalvaterra>
It's probably high time for dnsmasq to be dragged to the 21st century…
caiortp has quit [Ping timeout: 240 seconds]
<rsalvaterra>
Also, it would be great if dnsmasq had a way to do per pool/host DNS forwarding… having two dnsmasq instances running feels a lot like a big hammer.
<guidosarducci>
nbd: thanks, just need russell-- to have a looksee too. Will head off and try again later.
<karlp>
rsalvaterra: why? so much simpler, processes aren't that big a deal. you're asking for all sorts of extra software instead. it's not like you need a 10000 processes vs 10 processes
<rsalvaterra>
karlp: On a limited system, 20 process can be too much.
<ldir>
What I'm still not clear on are the implications on reported free memory on process fork.
<karlp>
rsalvaterra: perhaps you've dreamt up a networking solution that requires bigger hardware, no matter what?
<karlp>
that thread doesn't seem related to "having two instances feels like a hammer" ?
<rsalvaterra>
I didn't say it was related… ;)
<ldir>
in that forum thread we can see that 'free -m' is reporting free memory reducing by 'dnsmasq' size for each fork of dnsmasq (dnsmasq forks to handle TCP based dns queries)
<ldir>
simple question, is it normal/expected to see free memory reduce by parent process size for each child if each child is simply a fork of the parent and hasn't changed any pages yet.
<ldir>
I'm assuming yes, and I'm assuming that's because the OS is being pessimistic and assuming each child could turn into a completely different process.
gromero_ has joined #openwrt-devel
gromero has quit [Ping timeout: 240 seconds]
<plntyk>
guidosarducci, regarding NLS changes - there might be some case missing with C++ software - CXXFLAGS isnt set in include/nls.mk but CXXFLAGS is used in cmake.mk
<karlp>
does dnsmasq only fork itself for tcp requests? not for udp?
<ldir>
karlp: correct
fblaese_ has quit [Quit: bye]
<ldir>
there's a compile time limit of 20 simultaneous TCP handling children
<karlp>
explains why this has ~never been an issue before...
<karlp>
turning the process limit down is going to just result in, "internet is slow, appears dns resoluion perforamnce is terrible" pretty quickly I'd imagine...
<karlp>
DoH doesn't touch this, so what's driving all these tcp dns requests?
<karlp>
some domain results getting too big out of the box now or what?
<ldir>
IDK
<ldir>
brb
fblaese_ has joined #openwrt-devel
caiortp has quit [Read error: Connection reset by peer]
dangole has joined #openwrt-devel
<rsalvaterra>
dangole: Hi! You don't know a way to treewide-refresh all the kernel configurations, do you? :P
<rsalvaterra>
I could *really* use something like that now… :)
<ldir>
rate limiting as such on its own is not the solution for a denial of service protection let alone OOM - best I can think of is limit number of concurrent queries by source IP address.
<aparcar[m]>
rsalvaterra: how do you test the kernel bumps?
<aparcar[m]>
I'd create a CI which builds all kernels for all targets once, or do you perform complex runtime tests?
<rsalvaterra>
aparcar[m]: I usually do the bump, run-test on my current device.
<aparcar[m]>
ok
<aparcar[m]>
mhh, so qemu could test that too>
<rsalvaterra>
But I was talking about kernel config refreshes, not version bumps.
<aparcar[m]>
rsalvaterra: k nevermind
ivanich has quit [Quit: Konversation terminated!]
<Hauke>
rsalvaterra: ldir: I am doing the generic kernel configuration stuff normally manually
<Hauke>
except for sorting
<rsalvaterra>
For example, I'd like to treewide enable zstd (and disable zlib and lzo) for ubifs. This would be incredibly easier if I could refresh the kernel configs in one fell swoop.
<Hauke>
many target configurations have manuall changes or do not refresh cleanly
<Hauke>
this is always risky
<rsalvaterra>
Hauke: How do you specify the target/subtarget you want to refresh, when it's different from the one in the current .config?
<Hauke>
I change the .config
<rsalvaterra>
Ugh… right. :P
Tost has quit [Ping timeout: 268 seconds]
<Hauke>
I would move the options for CONFIG_UBIFS_FS to the generic kernel config and then only have CONFIG_UBIFS_FS=y in the target config
<Hauke>
if needed
<Hauke>
then we can easily edit it
<rsalvaterra>
Hauke: Yes, I already done that. ;)
<Hauke>
rsalvaterra: nice
<rsalvaterra>
*did
<rsalvaterra>
Ok, I can do the changes for the targets/subtargets I own, but can't vouch for the others… :/
<rsalvaterra>
Would that be acceptable?
Borromini has joined #openwrt-devel
dedeckeh has joined #openwrt-devel
<rsalvaterra>
Hauke: How do you do the sort? I'm doing insertion eye-sorting. :P
<Hauke>
if you only touch the UBI_FS settings, you can add the generic settings and then remove the specific settinsg fro all target
<Hauke>
then list on which boards you tested it
<Hauke>
even if it is not all of them
<Hauke>
when the UBI_FS settings are now common a refresh of the configuration should not be neede, it should be at least not worse then before
<rsalvaterra>
Ok, that's what I'm doing, but I wanted to make sure.
<guidosarducci>
aparcar[m]: Hi Paul, wondering if you had a chance to look at buildbot config after the libelf-dev/libdw-dev discussion? Anything else I can do/test? Thanks.
Grommish has quit [Ping timeout: 260 seconds]
ivanich has quit [Remote host closed the connection]
ivanich has joined #openwrt-devel
shibboleth has quit [Quit: shibboleth]
<ldir>
guidosarducci: care to elucidate further on the dnsmasq OOM thing? I suggested a sysctl that I thought would help but alas no :-(
<guidosarducci>
plntyk: none of the packages my PR updates with NLS fixes use C++ or cmake. Different problem?
<guidosarducci>
ldir: where was this? I didn't see anything posted.
<ldir>
it was in the openwrt forum thread.
<ldir>
I fear I don't understand the problem.
<ldir>
the behaviour suggests that the child process really ARE as big as the parent thus you need 20*n where n is the size of the parent process to be able to satisfy dnsmasq's memory potential.
<ldir>
that doesn't quite square with how I thought fork worked.
<guidosarducci>
ldir: ahh, OK, wasn't following that, just the dnsmasq ML. Let me finish the mail and I'll cc you. It's painful on IRC, and need to step away. Cheers, bbl.
<ldir>
that's 240MB on my system which is fine on my 4GB equipped APU
<ldir>
guidosarducci: thank you
Borromini has quit [Quit: Lost terminal]
dansan_ has quit [Quit: The C preprocessor is a pathway to many abilities some consider to be unnatural.]
<rsalvaterra>
… but all kconfigs need to be refreshed. :/
<Hauke>
rsalvaterra: could you split this into two commits, one moving the changes to the generic kernel config and then a 2. one doing the actual change
<Hauke>
I would not refresh the target configurations, that would introduce too many changes and probably new problems
<Hauke>
sometimes there are manuall changes in there
<rsalvaterra>
Sure, that's an easy one. :)
<Hauke>
or the result of the refresh depends on the sub target which is seletced
systemcrash has joined #openwrt-devel
<systemcrash>
Hi! Can someone please help explain the difference between NDP-Proxy relay and hybrid modes? What is the subtlety which makes the two distinct modes necessary? Trying to document them.....
Tapper has joined #openwrt-devel
muhaha has quit [Quit: Connection closed]
Rene__ has joined #openwrt-devel
<philipp64>
where do the /etc/config files get installed?
<philipp64>
"opkg search /etc/config/*" only turns up collectd as owning /etc/config/collectd ... am I doing something wrong?
lukedashjr has joined #openwrt-devel
luke-jr has quit [Ping timeout: 240 seconds]
rmilecki has quit [Ping timeout: 240 seconds]
<pkgadd>
philipp64: it depends a lot on the individual files, some are shipped inside the package as conffiles, some are created on firstboot or hotplug events (and not technically part of a package)