**** BEGIN LOGGING AT Tue May 04 03:00:01 2010 May 04 07:21:22 good morning May 04 07:33:46 florian * r21347 /trunk/package/acx/patches/006-netdev_ops.patch: [package] fix acx compile error with VLYNQ support (#7281) May 04 07:34:01 florian * r21348 /branches/backfire/package/acx/patches/006-netdev_ops.patch: backport r21347 to backfire May 04 07:39:01 florian * r21349 /trunk/target/linux/adm5120/router_le/config-2.6.32: [adm5120] let 802.1q support be built-in (#7280) May 04 07:39:39 florian * r21350 /branches/backfire/target/linux/adm5120/router_le/config-2.6.32: backport r21349 to backfire May 04 08:02:00 nbd * r21351 /trunk/package/mac80211/patches/550-ath9k_no_multi_desc_frames.patch: ath9k: fix filtering out multi-descriptor frames, which can cause issues with 11n links because of bogus rx status data May 04 08:07:42 florian * r21352 /trunk/target/linux/brcm63xx/ (2 files in 2 dirs): [brcm63xx] revert r21085, fixes #7282 May 04 09:12:15 ping xMff May 04 09:28:01 sorry offline for a sec.....ping xMff? May 04 11:35:39 pong cshore May 04 14:49:51 nico * r21353 /trunk/package/grub/Makefile: package/grub: only disable graphics on host grub May 04 15:36:31 nbd * r21354 /branches/backfire/package/ (46 files in 6 dirs): [backfire] backport mac80211 and hostapd from trunk May 04 17:36:20 nico * r21355 /branches/backfire/include/host.mk: [backfire] merge r21304 May 04 18:07:20 acoul: ping May 04 18:37:06 ping xMff May 04 18:40:05 xMff: it looks like a forwad (lan | othernet) isn't enough if othernet is set to REJECT for Input May 04 18:40:20 Manually doing individual rules works May 04 20:17:48 pong cshore May 04 20:20:39 cshore: you refer to ppp* ? May 04 20:59:26 jow * r21356 /trunk/target/linux/generic-2.6/ (228 files in 44 dirs): [generic-2.6] update OCF framework to version 20100325 May 04 21:00:20 jow * r21357 /trunk/target/linux/generic-2.4/ (226 files in 42 dirs): [generic-2.4] add OCF 20100325 support to brcm-2.4 May 04 21:01:32 jow * r21358 /trunk/package/kernel/modules/crypto.mk: [package] kernel: package ocf hifn7751 and hifnHIPP drivers, allow OCF on brcm-2.4 May 04 21:02:38 jow * r21359 /trunk/package/openssl/ (3 files in 2 dirs): [package] openssl: update OCF userspace part to version 20100325 May 04 21:10:59 xMff: no firewall in general May 04 21:11:09 xMff: over pptp actually now that I think of it May 04 21:11:31 cshore: did you notice any problems with default routes? May 04 21:12:06 xMff: yes, the pptp didn't have a route at all for the network on the other side May 04 21:12:17 xMff: that because I don't use default routes May 04 21:12:31 xMff: it's a additonal network May 04 21:15:02 cshore: hmm but pppoe did work? May 04 21:15:05 xMff: I had to add a static route for the network on the other side through the pptp interface May 04 21:15:08 xMff: yes May 04 21:15:20 xMff: but for pppoe I use default route May 04 21:15:37 there are some people who have issues with their default routes (none gets set) and if they set one, all pings just time out May 04 21:15:46 was not able to verify it May 04 21:15:54 or reproduce May 04 21:16:28 hmmm....I've not had that problem May 04 21:16:40 me neither May 04 21:23:24 xMff: but just to be clear, even once I had a route I still had to add a specific firewall rule to allow the traffic...the forwarding didn't work for IMAP at the least May 04 21:24:02 cshore: is the pptp interface even added to the firewall? May 04 21:24:15 hmmmm.....let me check May 04 21:24:31 cshore: you can try to add option iface 'pppoe-wan pptp-wan' to the network config May 04 21:24:42 then the firewall hotplug handler should stuff it into the wan zone May 04 21:26:10 actually it adds it May 04 21:26:25 the pptp-vertical is there May 04 21:26:45 and the ruels for zone_vertical_ACCEPT and so on May 04 21:26:53 hmm May 04 21:27:18 let me check something May 04 21:29:55 I lied, the rule wasn't necessary, it was the route May 04 21:37:01 cshore: okay May 04 21:40:35 Hmmm....any reason wlan shouldn't be able to get a DHCP address when part of the lan network and lan gives addresses fine? May 04 22:05:07 cshore: no reason apart from bugs I think May 04 22:05:12 its bridged, right? May 04 23:58:08 ping xMff May 04 23:58:30 pong May 04 23:59:53 It turns out the specific rule for IMAP _is_ necessary....the reason I thought it didn't is I removed the rule and it and could telnet to the IMAP port, but I might have done that from the router....it's from the lan that I can connect to the IMAP server on the other side of the pptp tunnel without the specific rule May 05 00:00:41 Marc's got the same problem I was having and he added the static route May 05 00:01:17 I think the firewall might consider the IMAP connection already established, which is why removing from the firewall didn't matter...but it has to be added in t he first place May 05 00:01:38 let me try a reboot of the router without the rule May 05 00:01:48 and hoW does this specific rule looks like? May 05 00:02:02 lan to vertical port 143 May 05 00:02:22 tcp May 05 00:03:08 there is a forwarding rule for lan to vertical as well, which used to work (before the update) May 05 00:09:57 xMff: ok, rebooting the router without the rule results in the connection being refused May 05 00:10:16 from you to vertical? May 05 00:10:22 yes May 05 00:10:31 but with the rule it works May 05 00:10:40 how does iptables -nvL look like right now? May 05 00:12:53 http://openwrt.pastebin.com/xaWXT5Qv May 05 00:13:23 this is without the rule May 05 00:13:45 can you paste the /e/c/firewall too? May 05 00:13:50 and /e/c/network May 05 00:13:51 wait. let me check if vertical came up May 05 00:13:57 (without credentials) May 05 00:14:10 yep it did May 05 00:14:11 ok May 05 00:14:27 you mean /etc/config/firewall? May 05 00:14:37 yes May 05 00:14:47 I assume you defined pptp as an extra interface? May 05 00:14:55 yes May 05 00:15:29 I noticed that without the rule the firewall is missing the vertical interface May 05 00:15:34 yes May 05 00:15:49 looks like the firewall ifup event was not triggered for the pptp iface May 05 00:16:28 this should happen in /etc/ppp/ip-up May 05 00:16:35 is that executed for pptp ? May 05 00:18:22 maybe I broke something in the pptp script May 05 00:18:50 http://openwrt.pastebin.com/13WVdpUh May 05 00:19:48 Well I'm not sure....I don't use ip-up, however I have to use a special script to ifup vertical on boot because it doesn't come up automatically on boot otherwise May 05 00:20:10 pp(t)pd itself should call ip-up May 05 00:20:19 ip-up will trigger the ip setup stuff May 05 00:20:27 setup_interface pp*p* May 05 00:20:33 setup_interface_pp*p* May 05 00:20:59 well the rest of the interface is find....let me check what else it does that might not be done May 05 00:22:58 maybe it's because I'm not using peerdns and PPP_IPPARAM checks for a value from last value which dns May 05 00:23:23 oh hmm May 05 00:24:14 that would be indeed bad May 05 00:24:28 make the whole bringup depend on dns server entries... May 05 00:25:27 no May 05 00:25:32 ipparam is passed through as-is May 05 00:25:40 ok, not, I'm reading that wrong May 05 00:25:53 it is passed on pppd launch and usually contains the logical iface name "vertical" in your case May 05 00:26:00 ah, ok May 05 00:27:00 should the uci network state have those values for uci show then? May 05 00:27:28 uci -P /var/state show network.vertical should contain the correct ipaddr and ifname at least May 05 00:27:40 and gateway too May 05 00:27:44 maybe dns May 05 00:27:45 yes, it does May 05 00:28:02 no dns, but I have no peerdns set May 05 00:28:21 and vertical is marked up May 05 00:28:27 so if-up happened May 05 00:28:38 run this: env -i ACTION="ifup" INTERFACE="vertical" DEVICE="pptp-vertical" PROTO=ppp /sbin/hotplug-call "iface" May 05 00:28:44 then logread May 05 00:28:53 is the iface added to the vertical zone? May 05 00:29:57 no messages in logread from that May 05 00:30:02 hmmm May 05 00:30:30 ah May 05 00:30:37 maybe because it is marked "up" already May 05 00:30:46 let me check the firewall code May 05 00:32:08 yep May 05 00:32:31 heh May 05 00:32:39 00-netstate sets up=1 May 05 00:32:50 and 20-firewall does (later on) up=1 && return 0 May 05 00:34:03 I'll get the other bugs (in those cases, with fixes) done up soon....I've had my computer freeze a couple times in the Ubuntu May 05 00:34:10 new May 05 00:34:27 can you try: mv /etc/hotplug.d/iface/00-netstate /etc/hotplug.d/iface/90-netstate May 05 00:34:47 then: uci -P /var/state set network.vertical.up=0 May 05 00:35:01 and finally the hotplug command again May 05 00:36:42 then old firewall had two procedures for that May 05 00:36:42 well nothing in logread but it looks like there are vertical rules....let me dump the firewall again May 05 00:38:42 hmmm. there is still not vertical rule in the forward chain, but there are other vertical rules May 05 00:39:23 http://openwrt.pastebin.com/DPyNAmG7 May 05 00:40:13 ok, so no, no change May 05 00:40:43 I misinterpreted the code May 05 00:40:55 it returns if it is _not_ marked up May 05 00:41:00 obviously May 05 00:41:12 heh, I'm not the only one May 05 00:41:32 but I don't have ppp interfaces in my ruleset either May 05 00:41:38 inestigating... May 05 00:46:20 build #66 of atheros is complete: Failure [failed compile_2] Build details are at http://tksite.gotdns.org:8010/builders/atheros/builds/66 May 05 00:46:22 build #69 of ppc40x is complete: Failure [failed compile_2] Build details are at http://tksite.gotdns.org:8010/builders/ppc40x/builds/69 May 05 01:35:24 cshore: found it May 05 01:35:34 excellent...what is it? May 05 01:35:39 moment May 05 01:36:27 http://paste.tksite.gotdns.org/d2ede058f May 05 01:37:20 in /etc/hotplug.d/20-firewall May 05 01:37:24 lol....I hate those bugs that take a while to find but are really so minor May 05 01:38:10 /etc/hotplug.d/iface?/20-firewall? May 05 01:38:16 yep May 05 01:39:14 well, now there' s a message in logread May 05 01:40:00 and the firewall works as expected May 05 01:40:13 as long as that doesn't break other people, that's what we need May 05 01:43:12 jow * r21360 /trunk/package/firewall/files/firewall.hotplug: [package] firewall: fix bug in iface hotplug handler May 05 01:44:22 http://paste.tksite.gotdns.org/d7e4dbaab for the ppp default route fix May 05 01:44:47 and peerdns May 05 01:44:56 hmm May 05 01:45:25 my fear is that dns entries will accumulate over time if the resolv.conf.auto is not truncated May 05 01:45:30 if you don't say nodefaultroute it tries to create a default route May 05 01:45:39 the default route thing is okay May 05 01:45:47 the problem is that truncating removes pppoe entries May 05 01:45:50 when doing pptp May 05 01:45:59 hm right May 05 01:46:01 and there are peerdns to be used May 05 01:46:12 *no May 05 01:46:29 yep looks fine May 05 01:46:44 ok May 05 01:48:47 jow * r21361 /trunk/package/ppp/files/ppp.sh: [package] ppp: pass "nodefaultroute" if defaultroute is 0, don't unconditionally truncate resolv.conf, thanks cshore May 05 01:50:34 awww....you beat me to it....I was going to test my new commit powers ;-) May 05 01:50:50 oh sorry May 05 01:51:25 tomorrow I need to look into the shutdown May 05 01:51:31 ... of pppd May 05 01:51:39 it works not as reliable as I want it to May 05 01:51:47 hmmm....I never shutdown, so I don't notice May 05 01:52:05 but if you want me to help, I should be around May 05 01:52:07 I want that "ifdown foo" takes down the corresponding pppd instance as well May 05 01:52:18 right May 05 01:52:42 adn killall pppd isn o option May 05 01:52:56 nico * r21362 /trunk/ (3 files in 3 dirs): images: rename CONFIG_TARGET_ROOTFS_FSPART to CONFIG_TARGET_ROOTFS_PARTSIZE May 05 01:52:59 right....because you may have sessions you still want open May 05 01:53:09 correct May 05 01:53:23 the webinterface will do ifdown/ifup if you choose reconnect there May 05 01:53:37 but that'll only work if the underlying stuff works reliably May 05 01:53:40 right May 05 01:54:39 I don't suppose there is any way to associate a pptp session with the the pppoe or ethernet it's on top of? May 05 01:54:50 yeah May 05 01:55:05 there is no way to implement "interface relations" right now May 05 01:55:30 but now that the pppoe code is cleaned up, we can start to extend the alias handling to allow proto ppp May 05 01:55:54 I did a proof of concept a while ago but it had issue, primarily due to the unit counting May 05 01:56:09 ok....I'm available for testing that too May 05 01:56:20 then you could define pptp as alias of wan May 05 01:56:45 but why do you want that? because of the firewall? May 05 01:57:05 the relation I mean May 05 01:57:15 so that when you take down wan it takes down both (not just leaves it to give up because of no connection) May 05 01:57:27 ah May 05 01:57:28 and when you bring it up it brings up the pptp on boot May 05 01:57:41 we could (mis)use uci state vars May 05 01:59:45 nico * r21363 /trunk/target/linux/rb532/image/Makefile: target/rb532: use -combined suffix for kernel+rootfs images May 05 01:59:47 I think the aliases would be better. May 05 02:04:03 build #61 of avr32 is complete: Failure [failed compile_4] Build details are at http://tksite.gotdns.org:8010/builders/avr32/builds/61 May 05 02:06:30 xMff: what about http://openwrt.pastebin.com/BWjPJMiM for now? May 05 02:07:16 whooops May 05 02:07:39 http://openwrt.pastebin.com/pC4H1kQ0 May 05 02:07:40 nico * r21364 /trunk/target/linux/x86/image/ (Config.in Makefile): target/x86: use common config items for options shared between generic and olpc targets May 05 02:08:55 the pptp.sh is what I've been using here...I just did the Makefile change now May 05 02:09:04 hmm May 05 02:09:12 ah May 05 02:09:23 you still need to start pptp manually? May 05 02:09:27 yes May 05 02:09:43 no hotplug event May 05 02:09:56 yeah because its base interface is virtual itself May 05 02:10:11 right May 05 02:10:59 That's why I think aliases would be good in the long run May 05 02:11:18 nico * r21365 /trunk/target/linux/x86/image/Config.in: target/x86: cleanup image config options May 05 02:15:31 nico * r21366 /branches/backfire/ (package/grub/Makefile target/linux/x86/image/Makefile): [backfire] merge r21305 & r21353 May 05 02:20:16 xMff: so what do you think? May 05 02:20:42 I'd rather fix it it properly May 05 02:20:48 ok May 05 02:20:56 but I have no idea how long that will take :) May 05 02:21:17 that's why I was thinking of this in the interim May 05 02:23:41 btw there are a couple of packages like sudo that need suid root....probably a uci-defaults script would be best? May 05 02:25:51 <{Nico}> cshore: imho, we'd better get rid of the hacks that are resetting perms to 0644/0755 before generating images May 05 02:26:33 {Nico}: I thought the problem was permission on the build filesystem May 05 02:27:19 {Nico} since the build is run as a regular user May 05 02:28:24 <{Nico}> cshore: you can create a suid binary as a regular user May 05 02:28:52 would it get converted to suid root when making the image? May 05 02:28:57 <{Nico}> and its uid/gid will get changed by the fs generation tool May 05 02:29:04 ah, ok May 05 02:29:15 {Nico}: then I agree May 05 02:29:39 <{Nico}> well, it actually needs to be tested :) May 05 02:37:30 nico * r21367 /branches/backfire/package/grub/Makefile: [backfire] package/grub: disable curses support May 05 02:43:25 build #62 of ar71xx is complete: Failure [failed compile_4] Build details are at http://tksite.gotdns.org:8010/builders/ar71xx/builds/62 May 05 02:50:23 build #60 of brcm63xx is complete: Failure [failed compile_4] Build details are at http://tksite.gotdns.org:8010/builders/brcm63xx/builds/60 May 05 02:58:59 build #57 of brcm47xx is complete: Failure [failed compile_4] Build details are at http://tksite.gotdns.org:8010/builders/brcm47xx/builds/57 **** ENDING LOGGING AT Wed May 05 02:59:56 2010