**** BEGIN LOGGING AT Tue Apr 05 02:59:58 2011 Apr 05 03:00:13 just the directory or fsck.sh as well? Apr 05 03:00:24 no, just the dir Apr 05 03:00:32 it's empty Apr 05 03:00:47 nbd: yeah, that's expected Apr 05 03:01:00 nbd: but I'm wondering if and empty fsck dir is the problem Apr 05 03:01:11 before it was only created if there was something in it Apr 05 03:01:24 nbd: but that causes a warning message Apr 05 03:01:42 nbd: so I'm thinking include is breaking because it's empty Apr 05 03:05:06 yep Apr 05 03:05:07 that's it Apr 05 03:05:24 damn. Stupid trivial fixes Apr 05 03:05:43 * cshore grumbles Apr 05 03:10:48 btw. a few more days and i can start testing netifd on a device Apr 05 03:11:17 hey cool, that means it's getting close to deployment Apr 05 03:11:33 not yet, the tests will be limited to mostly static stuff Apr 05 03:11:41 but the structure is mostly there Apr 05 03:11:56 but making progress Apr 05 03:12:01 yeah, definitely Apr 05 03:12:22 and i like where the abstractions that i put in there are going Apr 05 03:12:35 i hardly ever see a segfault when i write and test new code Apr 05 03:12:55 it's high level enough that most bugs that show up are logic errors Apr 05 03:14:14 nbd: that means I'll definitely have to look at the code, so I can improve my skills Apr 05 03:16:49 btw. when this is done, it'll be able to handle config changes automatically really well Apr 05 03:17:00 i.e. you can even hand-edit /etc/config/network and tell it to reload its settings Apr 05 03:17:07 and it'll only bring down affected interfaces Apr 05 03:17:49 excellent; that's something I wanted to work on ages ago, but forgot about. Apr 05 03:19:17 cshore * r26476 /trunk/package/block-mount/Makefile: [package] block-mount: Revert 26468: it causes a kernel panic due to pi_include failing due to the included directory being empty. Apr 05 03:19:41 why not fix pi_include instead? Apr 05 03:20:01 nbd: I will, but I'm in middle of something else Apr 05 03:20:06 ok Apr 05 03:21:51 thanks cshore Apr 05 03:22:20 got_milk: np, sorry for the trouble Apr 05 03:23:17 no worries, it happens to the best of us Apr 05 03:23:40 I'm fully aware trunk can be quite unstable at times :P Apr 05 03:31:50 cshore: another cool thing about the network interface daemon is it even allows you to safely cancel the bringup of an interface Apr 05 03:32:21 e.g. if it's in the middle of waiting for a process to launch, then the interface-down command could be handled in a way that simply allows it to kill the process that's being started and running some cleanups Apr 05 03:32:55 protocol handlers can choose whether they want to do stuff quickly and immediately (but then they must not block for any noticeable amount of time) Apr 05 03:33:03 or they could just schedule stuff asynchronously Apr 05 03:33:05 nbd: so no more uncancellable hung network startup Apr 05 03:33:10 right Apr 05 03:34:31 how early in init will it be available? Apr 05 03:34:51 well, it only depends on ubus and having /etc/config/network available Apr 05 03:34:54 i.e. will we be able to coldplug when we start hotplug? Apr 05 03:35:04 sounds like yes Apr 05 03:35:22 yeah Apr 05 03:35:31 it probably won't depend on external hotplug events Apr 05 03:35:41 i can probably grab all the necessary events from rtnetlink Apr 05 03:36:06 nbd: what happens to the network hotplug events - do we no longer use them? Apr 05 03:36:26 they will be supported, but not needed by the core Apr 05 03:36:43 i plan on keeping existing scripts compatible (to a degree) Apr 05 03:36:52 i.e. the structure of the hotplug events will remain the same Apr 05 03:37:03 build #0 of mpc52xx is complete: Failure [failed compile_4] Build details are at http://tksite.gotdns.org:8010/builders/mpc52xx/builds/0 Apr 05 03:37:05 but scripts might need to be adjusted for loading the network state Apr 05 03:37:13 because the main issue with coldplugging right now is that the network has issues when coldpluggin in init.d/boot Apr 05 03:37:17 as i plan on moving the network runtime state out of uci Apr 05 03:37:41 yeah, most of those issues will simply go away Apr 05 03:37:59 you could even start the daemon with a preliminary /etc/config/network (e.g. for failsafe) Apr 05 03:38:00 that's good...it was temporary measure anyway Apr 05 03:38:04 and then tell it to reload with the real one later Apr 05 03:38:18 and it'll figure out what needs changing Apr 05 03:38:35 that's cool...that will help for people who want network rootfs Apr 05 03:38:41 yeah Apr 05 03:39:13 ifup and ifdown will simply be trivial shell scripts that send ubus messages Apr 05 03:39:18 (i already have prototypes for those) Apr 05 03:39:31 that makes sense Apr 05 03:40:11 I imagine that's similar to how init will work too? Apr 05 03:40:22 haven't really thought about the structure of init yet Apr 05 03:41:37 hrm, why am I not getting tired? it's 5:40am already ;) Apr 05 03:42:19 insomniac tonight? Apr 05 03:42:46 good thing i can usually force myself to sleep when i want to Apr 05 03:43:41 and i should probably do that now... gn8 ;) Apr 05 03:44:28 g'night Apr 05 05:40:19 Kaloz: ping Apr 05 06:57:32 xMff: ping Apr 05 06:58:47 any firewall guru's around? I had a question about port relocation on the wan side... for ssh. Apr 05 07:19:26 philipp64|laptop: why not start ssh on the correct port ? Apr 05 07:19:34 might be easier than fiddling with the firewall Apr 05 07:19:57 or even start it on 2 ports and only open the on ein the higher range and keep 22 for lan ?! Apr 05 07:20:37 blogic: because I want it on 22 on lan side and 22001 on wan side. Apr 05 07:21:10 the firewall supports port redirection... I just can't figure out the right syntax. Apr 05 07:27:12 philipp64|laptop: i think that is port forwarding to a lan ip Apr 05 07:27:15 but not sure Apr 05 07:27:29 the firewall has been changed about 100 times since i originally wrote it Apr 05 07:27:42 who owns it now? Apr 05 07:34:39 * philipp64|laptop wanders off to bed. Apr 05 07:47:42 build #0 of brcm63xx is complete: Failure [failed compile_6] Build details are at http://tksite.gotdns.org:8010/builders/brcm63xx/builds/0 Apr 05 09:40:39 obsy * r26477 /packages/net/proftpd/Makefile: [packages] proftpd: update to 1.3.3e Apr 05 10:28:10 ping nbd Apr 05 10:30:42 cshore * r26478 /packages/net/miniupnpd/files/miniupnpd.init: [net] Firewall: miniupnpd: Fixed miniupnpd attaching to shell when extra logging enabled. Fixed duplicated log messages when doing extra logging and removed unnecessary eval. Apr 05 11:37:08 ping jow_laptop Apr 05 12:03:09 ping nbd Apr 05 12:13:12 cshore * r26479 /trunk/package/ (base-files/files/etc/functions.sh block-mount/Makefile): Apr 05 12:13:12 [package] block-mount base-files: Added additional check to pi_include to Apr 05 12:13:12 ensure that a directory used with pi_include actually contains files matching Apr 05 12:13:12 the souring pattern because if not the shell dies due to an empty string in for Apr 05 12:13:12 statement. Added /lib/functions/fsck as an empty dir to block-mount. This Apr 05 12:13:12 combination fixes a warning which generates a lot of bug reports, without Apr 05 12:13:12 panicking the kernel like the last attempt. Apr 05 12:18:29 anybody with a wndr3700 who can do a "quick" test (build an image and test it) for me? Apr 05 12:20:27 i probably can Apr 05 12:20:31 after i've had some lunh Apr 05 12:20:35 lunch* Apr 05 12:22:03 as long as it doesn't need serial - haven't got the bits for that here. Apr 05 12:24:10 well, it has the potential of "bricking" - I want to find out if the realtek phy driver is actually necessary, so it might become unavailable over wired ;) Apr 05 12:26:49 it's a non-critical device here, so if it does i can bring serial in tomorrow.. or just use the bootloader tftp :P Apr 05 12:27:26 i found a problem with busybox - but its seems like its a problem with the generation of dependecies of openwrt - it seems that the option BUSYBOX_CONFIG_PLATFORM_LINUX - that is need for linux applets - when you go to busybox->configuration->Busybox Settings the option doesnt show up altough its selected in .config . when an option in Busybox Settings is selected doesn matter which one it shows up as selected and all packages that depend Apr 05 12:27:26 on it - like udhcp and lots of others - i think there are two options here - fix the generation of dependencies in menuconfig or remove the option at all as only linux is used in openwrt Apr 05 12:28:20 BUSYBOX_CONFIG_PLATFORM_LINUX - hides applets that depend on linux when its not selected Apr 05 12:30:11 bbiab Apr 05 12:36:51 tripolar: pong Apr 05 12:39:50 nbd did you read what i wrote? Apr 05 12:39:57 some lines above Apr 05 12:40:41 yes Apr 05 12:40:43 can you reproduce it? Apr 05 12:40:46 i saw the same yesterday Apr 05 12:41:05 it seems like its a problem with the generation of dependecies Apr 05 12:41:09 i tried tracking it down, but couldn't find the source of the bug Apr 05 12:41:19 me too Apr 05 12:41:35 i dont think the bug is inside the Config.in files Apr 05 12:41:39 my plan is to rip out scripts/config and replace it with a new version from latest linux Apr 05 12:41:43 i'm sure the bug is not in the Config.in files Apr 05 12:41:57 the behaviour is too weird for that Apr 05 12:48:13 /win 2 Apr 05 13:07:28 nbd or just remove the BUSYBOX_CONFIG_PLATFORM_LINUX lines this would also fix the "bug" Apr 05 13:07:35 at least for busybox Apr 05 13:08:05 nah, i'm not interested in hiding the bug at this point Apr 05 13:08:11 this probably affects more than just busybox Apr 05 13:10:15 jow * r26480 /packages/net/openvpn/Makefile: [packages] openvpn: fix paths to ifconfig, ip and route utilities (#9184) Apr 05 13:32:02 xMff: what's the proper make for command for cleaning a single package Apr 05 13:34:08 Olipro make package/feeds/packages/{packagename}/clean - or if the package is in package - make package/{packagename}/clean Apr 05 13:36:50 it's always make package/{packagename}/clean Apr 05 13:38:42 yes Apr 05 13:38:55 yeah, I'm in the process of updating the znc package Apr 05 13:39:10 ahh it seems - make package/openssh/clean and make package/feeds/packages/openssh/clean Apr 05 13:39:10 both work Apr 05 13:39:20 I've already inadvertently nuked the linux kernel obj files >_> Apr 05 13:39:24 KanjiMonster: i have returned. Apr 05 13:39:29 have pity on me Apr 05 13:39:41 who's the chap who maintains ZNC? Apr 05 13:39:48 he de-OpenWRTified it recently didn't he? Apr 05 13:40:20 KanjiMonster Apr 05 13:41:48 oh dear, I did something bad Apr 05 13:41:54 Olipro: he working on making it an *option* to not use the uci config if you don't want it, but the default is to use it Apr 05 13:42:02 make has over 3300 processes going >_> Apr 05 13:42:15 don't use make -B to force a build Apr 05 13:42:46 and this is taking quite a while to wind down after I ctrl +C'd it Apr 05 13:43:44 cshore: can't say I understand why you would use it Apr 05 13:44:10 Olipro: we noticed Apr 05 13:44:27 thank you for your terseness Apr 05 13:44:38 but in all honestly, it's rather illogical Apr 05 13:44:47 would you want to run an OpenWRT image with a squashFS only Apr 05 13:44:48 noted. Apr 05 13:47:07 Olipro: I am Apr 05 13:47:27 znc 0.98 came out Apr 05 13:47:33 yeah, I know Apr 05 13:47:42 no plan to update it yet? Apr 05 13:47:48 yet/at all Apr 05 13:48:20 currently waiting for thepeople to update my account's public key so I can actually use it (I forgot my original password after waiting four month for the account ;) Apr 05 13:49:03 as soon as I can actually commit, I'll push an update ;) Apr 05 13:49:04 heh Apr 05 13:49:10 hm, this is rather strange Apr 05 13:49:23 make package/znc/clean works as you'd anticipate Apr 05 13:49:37 but it still says "package/znc" is up to date when I try to build Apr 05 13:49:39 wtf Apr 05 13:50:03 not selected? Apr 05 13:50:19 * Olipro does make menuconfig Apr 05 13:50:41 nope, still no dice Apr 05 13:51:43 EqUaTe: I can give you a precompiled image with the changes, if you tell me if you have a v1 or v2 ;) Apr 05 13:55:55 cshore * r26481 /packages/net/miniupnpd/ (3 files in 2 dirs): [net] Firewall: miniupnpd: Newer upstream. Dropped patches now included upstream. Apr 05 13:57:12 KanjiMonster: how old is that line that disables the web interface? Apr 05 13:58:23 Olipro: old (was already there when I started working on it), but the last time I checked (with 0.096) enabling it still broke compilation Apr 05 13:58:29 dang Apr 05 14:06:28 Olipro: btw, my plan is to support more than one znc section, with each having a config path or a user to run as (the latter requires having either su or sudo installed) - if neither is specified, then rest the uci configuration is used to create a znc config Apr 05 14:06:58 I hope that way everyone is happy ;) Apr 05 14:07:02 ah, now that would be perfect Apr 05 14:10:55 KanjiMonster: it's a v1, but i'm happy enough to build.. though i'll need to update my source tree :P Apr 05 14:12:21 EqUaTe: I have them already built ;) Apr 05 14:15:24 hehe Apr 05 14:16:28 KanjiMonster: yeah, it won't build because there's a problem with the uClibc++ include headers Apr 05 14:17:06 (the webadmin module) Apr 05 14:18:40 haven't really looked into it yet Apr 05 14:19:45 you could get it working if you build it against g++ Apr 05 14:34:30 Olipro: I'm not quite convinced if pulling in the libstdcpp dependency is worth it Apr 05 14:34:53 well, znc is a bloaty package anyway Apr 05 14:35:02 plus, at least on my router, I have to have libstdcpp Apr 05 14:35:43 could always make it an option Apr 05 14:35:48 since the webadmin is a module anyway Apr 05 14:36:20 so at least then you've got a choice; if libstdcpp isn't being used on your router, you may choose to save space and forego the webadmin Apr 05 14:36:25 and if not, pick it Apr 05 14:41:39 ping nbd Apr 05 14:41:54 pong Apr 05 14:42:13 someone posted a fix for the circular dep on librpc busybox Apr 05 14:42:18 and this seems to fix the problem Apr 05 14:42:20 [OpenWrt-Devel] [PATCH] fix recursive dependency in busybox config Apr 05 14:42:23 in the ml Apr 05 14:42:26 in=on Apr 05 14:43:03 yeah Apr 05 14:43:08 now the option show up Apr 05 14:43:12 but i don't want to merge this patch as-is Apr 05 14:43:16 i'm writing a response right now Apr 05 14:43:22 okay Apr 05 14:43:27 what's the correct dir to use if you're going to compile and link against libstdcpp? Apr 05 14:54:08 KanjiMonster: so, I just rejigged it to compile against libstdcpp, and it's fine Apr 05 14:54:16 I'm wondering Apr 05 14:54:23 oh noes Apr 05 14:54:35 shush you Apr 05 14:54:39 :P Apr 05 14:54:51 you could conceivably build everything else against uClibc++ Apr 05 14:54:58 and the webadmin module against libstdcpp Apr 05 14:55:04 so that'd cut down on most of the bloat Apr 05 14:55:21 whats the actual issue with webadmin? Apr 05 14:55:40 with uClibc++ it fails to build Apr 05 14:55:46 due to something being horribly wrong with the headers Apr 05 14:55:51 specifically, Apr 05 14:56:07 those headers are very old, and have probably become incompatible Apr 05 14:56:45 Olipro: yeah, that would be the way I would try to do it (or fix the uclibc++ headers, but I don't know enough c++ to trust myself do that correctly) Apr 05 14:57:09 I think it's just where g++ has evolved and changed and those headers have become incompatible Apr 05 14:57:17 seems uClibc++ gets no love Apr 05 14:57:41 yeah Apr 05 15:00:57 actually, I think you'd need to write a wee patch for ZNC since even though the webadmin is sort of a module, they stick it in the main binary Apr 05 15:09:38 acinonyx * r26482 /trunk/package/hostapd/files/hostapd.sh: (log message trimmed) Apr 05 15:09:38 [package] hostapd: add accounting configuration to hostapd uci script Apr 05 15:09:38 Hello Apr 05 15:09:38 This patch add accounting configuration in hostapd.sh Apr 05 15:09:38 It also change "server, port, key" to "auth_server, auth_port, auth_secret" but keep backward compatibility Apr 05 15:09:38 Please patch backfire & trunk Apr 05 15:09:39 Thanks in advance. Apr 05 15:09:44 acinonyx * r26483 /trunk/package/base-files/files/etc/init.d/boot: Apr 05 15:09:44 [package] base-files: fix minor problem in init.d/boot Apr 05 15:09:44 The script tests for the existance of /dev/root with test -e which fails if Apr 05 15:09:44 /dev/root is a dangling symlink making the call to ln fail. Apr 05 15:09:44 Signed-off-by: Justus Winter <4winter@informatik.uni-hamburg.de> Apr 05 15:09:48 acinonyx * r26484 /trunk/package/madwifi/files/lib/wifi/madwifi.sh: [packages] madwifi: Always escape SSID parameter Apr 05 15:09:56 acinonyx * r26485 /trunk/package/base-files/files/etc/init.d/boot: [package] base-files: Use -h instead of deprecated -L for symlink check Apr 05 16:10:26 build #1 of at91 is complete: Failure [failed compile_4] Build details are at http://tksite.gotdns.org:8010/builders/at91/builds/1 Apr 05 16:19:28 build #1 of ubicom32 is complete: Failure [failed compile_3] Build details are at http://tksite.gotdns.org:8010/builders/ubicom32/builds/1 Apr 05 16:26:13 i've followed http://wiki.openwrt.org/doc/howto/build to have a local copy of OpenWrt, now I want to modify a file in the linux kernel but I don't where it is... do I have to download it separately? Apr 05 16:26:27 *don't know Apr 05 16:26:41 http://wiki.openwrt.org/doc/devel/patches#adding.or.editing.kernel.patches Apr 05 16:27:12 xMff: thx Apr 05 16:32:46 xMff: I'm very lost.. would you please lend a hand? I'm trying to do the modifications that were explained to me in the devel-list: http://permalink.gmane.org/gmane.comp.embedded.openwrt.devel/9182 Apr 05 16:33:24 xMff: I couldn't do first part because 'mtd fix' was not recognized. Apr 05 16:33:41 well just edit target/linux/brcm63xx/base-files/etc/uci-defaults/brcm63xx_fixcrc.sh Apr 05 16:34:18 like he wrote Apr 05 16:34:21 xMff: Yesterday I could modify files as explained without success, I was still getting kernel panic on CPVA502+ board no recognized Apr 05 16:34:25 its a script not even related to the kernel Apr 05 16:34:36 well then his proposed change does not work Apr 05 16:34:46 xMff: yes but later he told me to modify a kernel file Apr 05 16:34:59 xMff: in the Linux kernel source is this file arch/mips/bcm63xx/boards/board_bcm963xx.c Apr 05 16:35:20 xMff: It is that file than I don't find now Apr 05 16:35:20 yeah Apr 05 16:35:33 cd build_dir/linux-*/linux-2.* Apr 05 16:35:44 like written in the wiki article above Apr 05 16:37:18 acinonyx * r26486 /packages/libs/nacl/Makefile: Apr 05 16:37:18 [packages] nacl: Update NaCl to version 20110221 Apr 05 16:37:18 Signed-off-by: Matthias Schiffer Apr 05 16:37:20 I've made svn co svn://svn.openwrt.org/openwrt/trunk/ but I don't have build_dir/ Apr 05 16:37:23 acinonyx * r26487 /packages/net/quicktun/Makefile: Apr 05 16:37:23 [packages] quicktun: Update QuickTun to version 2.1.6 Apr 05 16:37:23 Signed-off-by: Matthias Schiffer Apr 05 16:37:30 acinonyx * r26488 /packages/net/quicktun/files/quicktun.init: Apr 05 16:37:30 [packages] quicktun: Improve QuickTun init script Apr 05 16:37:30 The new init script won't fail if quicktun takes more than 1 second to start. Apr 05 16:37:30 Signed-off-by: Matthias Schiffer Apr 05 16:37:34 acinonyx * r26489 /packages/net/quicktun/Makefile: [packages] quicktun: Add dependency to kmod-tun Apr 05 16:37:37 zenutrio: well you have it after you built openwrt Apr 05 16:37:56 zenutrio: it will download, patch and compile the sources Apr 05 16:38:15 zenutrio: openwrt does not host foreign source code, we just ship patches and makefiles Apr 05 16:38:21 xMff: then I modify files and make againg? Apr 05 16:38:24 *again Apr 05 16:38:26 yes Apr 05 16:38:32 thats the aproach Apr 05 16:38:57 xMff: ok, I though I had to download it before building Apr 05 16:39:00 thx Apr 05 16:39:16 no, just do make menuconfig, select brcm63xx Apr 05 16:39:23 then run "make V=99" Apr 05 16:39:31 it might take a while, up to an hour Apr 05 16:39:44 subsequent builds are quite fast then Apr 05 16:39:49 xMff: ok Apr 05 16:40:55 acinonyx * r26490 /packages/ (libs/nacl/Makefile net/quicktun/Makefile): [packages] {nacl,quicktun}: Add missing copyright notices Apr 05 17:59:44 Is it possible that I modify a .c file by hand and after make the modifications are reversed? Apr 05 18:00:10 linux/arch/mips/bcm63xx/boards/board_bcm963xx.c Apr 05 18:01:36 yes Apr 05 18:01:48 you should patch the file Apr 05 18:01:55 like explained on the wiki page I posted you a while ago Apr 05 18:05:17 xMff: ok, I thought that I had to obtain a patch after modifying the file and testing it Apr 05 18:13:18 zenutrio: and if you enable ccache Apr 05 18:13:25 it's faster++ Apr 05 18:14:31 Olipro: thx but I don't understand, where can I learn about it? Apr 05 18:14:45 it's just an option you enable in menuconfig Apr 05 18:14:54 Olipro: ok Apr 05 18:50:50 xMff: still there? Apr 05 19:04:05 nbd * r26491 /trunk/ (4 files in 2 dirs): add a new package metadata variable MDEPENDS for specifying local menuconfig dependencies that do not propagate to other packages Apr 05 19:04:09 nbd * r26492 /trunk/package/librpc/Makefile: librpc: use MDEPENDS instead of DEPENDS for @USE_UCLIBC to fix recursive busybox dependencies Apr 05 19:04:13 nbd * r26493 /trunk/package/busybox/Config.in: busybox: get rid of the useless extra menu Apr 05 19:04:17 nbd * r26494 /trunk/package/mac80211/patches/560-ath9k_fix_reported_signal_strength.patch: ath9k: fall back to the default noise floor if the calibrated one is not available, fixes signal strength display in initial scan Apr 05 19:05:10 nbd: ping Apr 05 19:05:19 philipp64|laptop: pong Apr 05 19:05:51 sent some patches that were committed last week in netdev... not sure how long things usually take to make their way into released linux. Apr 05 19:06:19 I'm hoping they'll be in 2.6.38.3. but they probably won't be backported to 2.6.37.x Apr 05 19:06:31 did they have a Cc: stable@kernel.org? Apr 05 19:06:44 errr.... no, forgot that. Apr 05 19:07:03 I've not submitted kernel patches in 10 years or more. Apr 05 19:07:03 ok, then wait for them to hit linus' tree and then poke greg Apr 05 19:07:05 or something like that Apr 05 19:07:19 how long does that usually take? Apr 05 19:07:36 greg is greg k, right? CareBear\ ? Apr 05 19:07:45 gregkh Apr 05 19:07:47 who's CareBear? Apr 05 19:07:56 isn't that his IRC handle? Apr 05 19:08:04 dunno, never talked to him on irc Apr 05 19:08:35 I think the same patches I sent can also be put in target/linux/generic/patches-2.6.37/ Apr 05 19:09:00 do I need to do anything special for that? and does svn support hard-linking? Apr 05 19:09:24 huh? hardlinking? Apr 05 19:10:08 talking about http://patchwork.midlink.org/patch/850/ ... the patches were new files for target/linux/generic/patches-2.6.38/ ... but the same files could also be put into 2.6.37 Apr 05 19:10:32 hardlinking does not make any sense there Apr 05 19:10:45 they can be copied to 2.6.37 Apr 05 19:11:45 ok... that might make more sense, since they will eventually be in 2.6.38 anyway. Apr 05 19:12:57 was reading the wiki section on Firewall, but it doesn't mention how to do port relocation on the firewall itself. Say I want a service listening on port X locally to be addressable as port Y on the public side. Apr 05 19:13:41 I thought the 'redirect' section would handle that, but I'm not figuring it out. might need to poke around the scripting. Apr 05 19:14:15 ended up having to do the same for Arno's IPtables Firewall 3-4 years back. Apr 05 19:14:37 hopefully I can still remember how. Apr 05 19:16:18 was hoping that right about now xMff would chime in and say "oh, that's easy to do, here's how...." :-) Apr 05 19:25:34 would it make sense to have a uci/host target so that people could do easy testing of scripts on their build host? Apr 05 19:26:25 not sure this would help much Apr 05 19:26:31 uci is already easy to compile on the host Apr 05 19:26:35 why? Apr 05 19:27:35 what kind of tests do you have in mind? Apr 05 19:27:36 I mean why don't you think it would help much? Apr 05 19:29:16 well, I'm trying to figure out why the firewall directives I have aren't generating the "iptables" commands that are necessary to do what I want, so I thought coming up with a small config and running the script locally with tracing on might be helpful... Apr 05 19:29:47 well, most of the time these scripts depend on having stuff available in specific locations anyway Apr 05 19:29:50 of course, having a "trace" mode in the firewall where it shows the commands it would execute without executing them would be equally handy.... Apr 05 19:29:53 so it's better to just run the script with sh -x on the device Apr 05 19:30:40 i think most of the time having a special 'trace' mode is completely unnecessary Apr 05 19:30:50 sh -x is usually more useful Apr 05 19:31:27 well, if your test box is also your production connection to the internet... Apr 05 19:31:34 then test in qemu instead Apr 05 19:40:34 philipp64|laptop: if there is no support for port redirection in uci then you can always put that in /etc/firewall.user Apr 05 19:56:11 might be easier just to add scripting support for it so others can use it. Apr 05 19:56:57 there should Apr 05 19:57:16 someone sent a patch for that and I incorporated it ages ago Apr 05 19:57:24 and it even worked in my tests Apr 05 19:57:51 it relied on a "feature" that the dest ip can be omitted in dnat targets which makes it work like REDIRECT Apr 05 19:58:23 if it does not work for you this little trick apparently does not work anymore Apr 05 19:58:36 here's what I was trying: http://pastebin.com/1WDdTUT0 Apr 05 19:58:38 or you made the common mistake of trying it from within your lan Apr 05 19:59:07 no, I went to an external host and connected back from there... Apr 05 19:59:09 yes, what is it translated to? check FW_TRACE=1 fw reload Apr 05 20:00:46 hmmm ... http://pastebin.com/UdPUgNne Apr 05 20:01:15 line 103.... Apr 05 20:02:49 jep, that Apr 05 20:03:02 and previously it behaved like -j REDIRECT --to-ports 22 Apr 05 20:03:21 but I get a "connection refused" when connecting... Apr 05 20:03:35 is the rule matched? Apr 05 20:03:37 do I also need to add a rule to open the port? Apr 05 20:03:41 no Apr 05 20:03:48 well Apr 05 20:03:51 not sure :) Apr 05 20:04:11 yes Apr 05 20:04:15 let's see... "iptables -xvnL" isn't showing me the rule... Apr 05 20:04:30 seems it does not construct an "open port" rule if you use this kind of syntax Apr 05 20:04:42 due to no dest ip Apr 05 20:05:01 I tried it with a dest_ip of 127.0.0.1 too... no joy. Apr 05 20:05:06 please try this: iptables -I INPUT -p tcp --dport 22001 -j ACCEPT Apr 05 20:05:10 and retry Apr 05 20:05:19 without the 127.0.0.1 stuff, it won't work Apr 05 20:06:17 but... INPUT gets hit after natting, right? so by the time it hits input the port # will already have been renumbered. Apr 05 20:06:43 would be handy to have per-port logging to trace the packet... Apr 05 20:07:22 http://pastebin.com/YnK4v6PT Apr 05 20:07:39 and yes, zone_wan_prerouting shows the DNAT rule as being hit. Apr 05 20:07:42 for normal redirects an appropriate filter rule is automatically created Apr 05 20:07:51 but not for this special case without a dest ip Apr 05 20:08:12 I can fix that but right now you have to open the port manually Apr 05 20:08:17 maybe we should add special case support for that? Apr 05 20:08:23 using the extra rule abovwe Apr 05 20:08:27 yes, will look Apr 05 20:10:41 tried it, no joy... did a "/etc/init.d/firewall reload" Apr 05 20:10:54 I need the trace Apr 05 20:13:01 here ... http://pastebin.com/Gm6eLVKP Apr 05 20:17:56 philipp64|laptop: http://pastebin.com/QPF1qdsx Apr 05 20:19:32 heh yeah Apr 05 20:19:43 but it renders the whole rule pointless :) Apr 05 20:19:49 you have to allow port 22 Apr 05 20:20:33 I had a similar request elsewhere and used firewall marks Apr 05 20:20:50 a dnat/redirect rule from some port to 22 Apr 05 20:21:09 a firewall set mark on traffic for some port Apr 05 20:21:23 an accept rule that allowed 22 only for connections carrying the mark Apr 05 20:21:39 so that it effectively only allows traffic that passed the dnat Apr 05 20:21:57 in any case what you want is not possible with uci firewall Apr 05 20:22:18 and its nearly impossible to implement within the current architecure Apr 05 20:28:15 nbd * r26495 /branches/backfire/package/mac80211/patches/560-ath9k_fix_reported_signal_strength.patch: ath9k: fall back to the default noise floor if the calibrated one is not available, fixes signal strength display in initial scan (backport of r26494) Apr 05 20:52:49 xMff: I'll look at it when I get back... it wasn't that hard to do in AIF, as I remember. Apr 05 21:10:37 okay, that's a little odd Apr 05 21:10:58 my libX11 patch was in patchwork, has disappeared Apr 05 21:14:20 russell--: http://patchwork.midlink.org/patch/847/ ? Apr 05 21:15:22 acinonyx set it to not applicable Apr 05 21:15:46 um, why? Apr 05 21:16:19 i generated it from git Apr 05 21:20:35 not sure Apr 05 21:20:46