**** BEGIN LOGGING AT Thu Jun 21 03:00:01 2018 Jun 21 04:20:00 can I submit pull requests on github still? Jun 21 04:23:23 of course Jun 21 04:25:38 build #51 of gemini/generic is complete: Success [build successful] Build details are at http://phase1.builds.lede-project.org/builders/gemini%2Fgeneric/builds/51 Jun 21 05:01:15 should I branch my change from master or openwrt-18.06? Jun 21 05:04:58 landwork: changes always go in via master Jun 21 05:05:11 thanks Jun 21 05:09:28 I was recently reading about DNS rebinding attacks and was please to find that when I attempt to connect to my OpenWRT router's public v4 address from inside my network I wasn't greeted with a LuCI interface. Jun 21 05:10:21 Something I did notice is that connecting to the public v6 address for that same router leads me directly to a LuCI interface. Jun 21 05:11:16 voxadam: simple fix is to stop uhttpd listening on [::]:80 Jun 21 05:11:41 the same rebind filter does not work for ipv6 unfortunately since there is no (stateless) disitinction of internal and external ip addresses Jun 21 05:11:56 however dnsmasq (the dns server)has further rebind mitigations built in Jun 21 05:12:14 openwrt utilizes multiple mitigations together to prevent rebind attacks: Jun 21 05:12:29 1) the rfc1918 filter in uhttpd (reject ipv4 http requests from private ips to the public ip) Jun 21 05:13:05 2) session tokens in luci (no actions possible without secret session token, even if browser happened to be logged in) Jun 21 05:13:16 Good information. Jun 21 05:13:31 3) rebind protection in dnsmasq (reject upstream DNS responses containing private IP addresses) Jun 21 05:14:31 to increase security you can still disable ipv6 listening in uhttpd though, by removing the "listen [::]:80" and "listen_https [::]:443" lines Jun 21 05:16:26 Reconfiguring uhttpd seems like the most foolproof solution for now. Jun 21 05:17:30 It's not exactly ideal as I'd like to make my home network v6 only in the future but for now it's a reasonable solution. Jun 21 05:18:26 Moving to v6-only is on my list but not likely to happen super soon. Jun 21 08:27:52 * ldir wanders in Jun 21 08:34:04 sup Jun 21 08:46:38 morning Jun 21 08:47:07 yo Jun 21 08:47:58 o/ Jun 21 09:44:01 so ... today will be the last day to make cherry-picking requests for 18.06, correct? Jun 21 09:46:00 blogic: https://github.com/openwrt/openwrt/pull/597 is this going to be in 18.06 ? Jun 21 09:48:14 so, in a deeply selfish and "affects only me" manner, I would like to request for commit 644f65afe1d4f11f7c878404640da8f8b014a446 to be cherry-picked into 18.06 Jun 21 09:52:17 unless I'm reading the commit log worng and it's already in there. Jun 21 09:53:42 uh, okay, I think it is in there. never mind me then. Jun 21 11:02:10 Is it possible to determine the distance of two wifi devices by measuring the passed time signal took to fly over? Jun 21 11:03:13 aparcar: some apps do that.. WiFiAnalyzer on android does that IIRC Jun 21 11:03:21 not the most accurate but gives a general idea Jun 21 11:03:38 not aware of tools on router itself though Jun 21 11:07:46 abenz thanks! Do you know if the distance is based on signal strength or time of flight? Jun 21 11:08:46 I'm looking for a general idea, 50-100m +- wouldn't matter Jun 21 11:09:29 I don't know what method they use to calculate Jun 21 11:11:22 build #37 of mediatek/mt7623 is complete: Success [build successful] Build details are at http://phase1.builds.lede-project.org/builders/mediatek%2Fmt7623/builds/37 Jun 21 12:05:32 build #900 of ixp4xx/generic is complete: Success [build successful] Build details are at http://phase1.builds.lede-project.org/builders/ixp4xx%2Fgeneric/builds/900 Jun 21 13:00:37 jow: will lighttpd help in dns-rebinding-attack case? Jun 21 13:04:02 aparcar: there's a world of patents on various methods there too. Jun 21 13:13:51 ausjke: no Jun 21 13:16:00 karlp: could you please give me some pointers? Jun 21 13:16:49 not really, it's a big field. Jun 21 13:17:00 are you really not finding anything? Jun 21 13:17:06 horst reporting rssi? Jun 21 13:20:42 I just realised I was in #openwrt not #openwrt-devel so apologies for cross-posting. I meant to post it here originally: Jun 21 13:20:47 fought with chrome last night, that thing uses 8.8.8.8/8.8.4.4 internally and can actually ignore my resolv.conf and dnsmasq when it talks with its own websites such as google.com/youtube.com etc Jun 21 13:20:57 Hi all, a couple of questions hope someone can help me. I've got a computer science background so when I start to enter the electronic engineering boundary my knowledge gets a little shakey and somethings confuse me. Hopefully someone can help me out :) Jun 21 13:21:07 Firstly the SPI bus connects to the main bus (ISA bus?). To communicate with controllers connected to the SPI bus you need to access the SPI bus registers and use the SPI protocol? Is it correct that you don't have direct access to the registers of the devices connected to the SPI bus? Jun 21 13:21:08 ausjke: just redirect 53 to local Jun 21 13:21:11 on your openwrt router Jun 21 13:21:26 Also one other thing how can SPI NOR memory be execuatble? The memory surely can't be memory mapped as you have to use the SPI protocol to access it? Jun 21 13:21:37 Finally how to embedded system devices that are memory mapped know what their memory address range is? Is this hardcoded into the chips or to they figure it out at runtime? Jun 21 13:21:47 thanks for the help Jun 21 13:22:27 stintel: yes did that, not reliable for whatever reason, i disabled quic first, then forced all 53 to my router's dnsmasq(iptables redirect), then i added address=/8.8.8.8/127.0.0.1/ on the router for force google's dns into openwrt's dnsmasq Jun 21 13:23:10 dnsmasq should by default fetch its upstream dns, i.e my ISP's DNS, now things mostly work, but youtube's image domain such as s.ytimg.com or i.ytimg.com is unreachable Jun 21 13:23:42 i can ping them on the router, buy my PC could not get its IP, very strange Jun 21 13:25:16 karlp: nothing I like. Will continue the search Jun 21 13:27:14 stintel: hold on, what do you mean by 'direct 53 to local' on the router, isn't all 53 from internal gets its IP from router:53 already? Jun 21 13:27:34 Neighbor1111111: some socs know how to use spi themselves to do so. Jun 21 13:27:53 stintel: i actually run a second dnsmasq on 5353 port and iptables-redirect my testing PC's 53 requests to router:5353 Jun 21 13:29:09 all works fine except could not reach [si].ytimg.com from the testing PC, router has no problem, so somehow PC is not getting dnsmasq cache from the router Jun 21 13:30:55 ahh that makes sense karlp thanks for clearing that up Jun 21 13:32:13 ausjke: how did you configure the redirect? Jun 21 13:35:47 anyone know which module provides 'phy0tpt' led trigger ? Jun 21 13:35:58 validation s.ytimg.com is BOGUS, maybe i should turn off dnssec... Jun 21 13:37:09 ah, I actually had problems with DNSSEC as well when using my ISP's nameservers Jun 21 13:37:40 stintel: -A zone_lan_prerouting ! -s 192.168.1.1/32 -p udp -m udp --dport 53 -m mac --mac-source B8:EE:65:D3:9F:1B -m comment --comment "!fw3: prdns" -j DNAT --to-destination 192.168.1.1:5353 Jun 21 13:39:07 stintel: it really should be "iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 5353", but openwrt's firewall rule is complex for human to read Jun 21 13:39:39 i used luci to do that as "simplicity" Jun 21 13:39:48 s/as/for/ Jun 21 13:40:56 ausjke: oh I actually threw it in /etc/firewall.user - mind pastebin the relevant entry from /etc/config/firewall somewhere? Jun 21 13:41:57 just commented out the dnsmasq-dnssec and now s.ytimg.com, i.e. youtube.com is back Jun 21 13:42:53 stintel: https://pastebin.com/9AR7rLCM Jun 21 13:43:19 very simple changes to iptables as you can, that's the only addition to firewall config, for A/B testing purposes Jun 21 13:43:54 thanks to dnsmasq's log-queries as it hints dnssec is not working... Jun 21 13:44:17 s/as you can/as you can see/ Jun 21 13:44:22 can't type these days Jun 21 13:44:38 or dnssec *IS* working and the replies *ARE* insecure. Jun 21 13:44:53 ah, it doesn't result in a rule using -j REDIRECT but you're doing effectively the same with that DNAT rule Jun 21 13:44:54 from google? that's strange Jun 21 13:45:02 ausjke: MITM :) Jun 21 13:45:15 maybe your ISP is injecting adds into youtube! :) Jun 21 13:45:25 or trying to at least Jun 21 13:45:55 there are still many resolvers that manage to innocently mangle replies enough to break dnssec Jun 21 13:46:04 stintel: in fact i failed to do '-j redirect' via luci, i will just put '-j redirect' into firewall.user instead now Jun 21 13:46:32 could not find the right place under luci, i'm alreadying blocking QUIC in firewall.user anyways Jun 21 13:46:34 ausjke: dnssec needs tcp to work reliably Jun 21 13:46:47 a bit unfortunate that DNAT uses "config redirect" in /etc/config/firewall :) Jun 21 13:46:48 (just barging, half read backlog) Jun 21 13:46:58 o_O Jun 21 13:46:58 oh good catch Jun 21 13:47:07 redit tcp too Jun 21 13:47:17 redir Jun 21 13:47:21 jwh: i redirect udp+tcp for 53 yes Jun 21 13:47:25 ah Jun 21 13:47:32 you only posted the udp bit :P Jun 21 13:48:04 jwh: oops, luci does tcp+udp by default but yes i should have copies both _long_ lines Jun 21 13:48:14 heh Jun 21 13:48:27 pastebin does show i'm doing both though :) Jun 21 13:49:24 heh Jun 21 13:49:27 yes 'redirect' is ambiguoius to say the least Jun 21 13:49:55 could mean two things in iptables, to me, DNAT and the local port redir Jun 21 13:50:11 pastebin doesn't show it unless i'm blind Jun 21 13:50:41 i'm not sure how well (or not) DNAT works where REDIRECT should be used Jun 21 13:51:06 f00b4r0: i think if i don't put 'proto udp' in the rule then it defaults to 'proto udp+tcp' Jun 21 13:51:24 don't rely on expectations ;P Jun 21 13:51:41 anyway luci did it for me :) Jun 21 13:51:44 i'm not sure i understand what you're trying to do Jun 21 13:52:14 redirect local connections on port 53 to port 5353 or "transparent proxying"? Jun 21 13:52:51 i believe the latter is guaranteed not to work with dnssec Jun 21 13:53:14 f00b4r0: kind of, to try dnsmasq with a unique pc without disturbing others Jun 21 13:54:41 from what i experienced it won't surprise me one day chrome uses its internal vpn to talk with its own servers(google.com,etc) Jun 21 13:54:56 we need keep firefox alive Jun 21 13:55:06 chrome has dns over http support btw Jun 21 13:55:09 has for a long time Jun 21 13:55:15 https Jun 21 13:55:29 you can probably disable it Jun 21 13:55:56 ^ Jun 21 14:01:10 hey Jun 21 14:01:32 Does anyone know what happened to the openwrt security announcements mailing list Jun 21 14:07:43 bike riding weather I think, ttfn! Jun 21 14:08:24 gonna get harassed by geese :( Jun 21 14:27:10 hey does anyone know what happened to the security announcements mailing list Jun 21 14:53:12 mkresin: ping - tommy calling fritz, come in fritz :-) Jun 21 14:55:47 ldir: was you phy trigger question already answered? Jun 21 14:56:16 no, but the question sort of went away Jun 21 14:57:24 you had a question about the DGN3500... that I now can't remember.. remind me please :-) Jun 21 14:57:40 ldir: anyway, the triggers are provided by the wireless driver. the *tpt is implemented only by some of the wireless drivers Jun 21 14:57:53 ldir: yeah, does it still work with k4.9 Jun 21 14:58:01 ldir: ehm 4.14 Jun 21 14:58:20 ldir: including the dsl stuff. there was a strange bug report recently Jun 21 14:58:36 he he - it certainly appears to do so. Jun 21 14:59:07 ldir: https://bugs.openwrt.org/index.php?do=details&task_id=1590 Jun 21 14:59:19 the dsl came up nicely for me... was having a play with it about 30 minutes ago. Jun 21 15:00:48 but then I did just test with 'native' PPPoA vc-mux, no bridge ETH/AAL5/ATM instances Jun 21 15:01:30 keep in mind the bugreport is about 17.01 Jun 21 15:04:24 I'm going to have to go upstairs and get it out of its box again aren't I? Jun 21 15:05:34 the 'option payload 'routed'' bugs me for some reason. Jun 21 15:16:37 dedeckeh: any idea http://dpaste.com/0K7BEZQ ? Jun 21 15:25:21 mkresin: yep, the normal forwarding mode for an eth/atm bridge is.... bridge (well there's a shock). A ppp(oe) instance on a routed eth/atm bridge sounds errr, interesting. Jun 21 15:26:44 stintel:no idea atm; first time I see this Jun 21 15:29:57 dedeckeh: reported by Zero_Chaos on #openwrt Jun 21 15:30:24 make clean didn't help Jun 21 15:30:30 no idea myself atm Jun 21 15:44:11 stintel:https://bugs.openwrt.org/index.php?do=details&task_id=1573&order=id&sort=desc Jun 21 15:44:51 dedeckeh: thanks Jun 21 15:45:51 maybe it might make sense to create a wrapper search around github/forum/flyspray/whatamiforgetting search functions :) Jun 21 15:46:45 indeed can be very helpfull Jun 21 15:59:20 How can I compile a program in Go for my router? Jun 21 15:59:29 The program is kcptun. Jun 21 16:13:03 anyone know anything about the Tenda W368R? it is based on BCM5357 but I don't see a generic image I can flash to it. Jun 21 16:13:28 the images for BCM53xx are all specific to models of other routers with the exception of the Tenda A9 I think. Jun 21 16:13:41 Is there a way to build a generic image that may work with this thing? Jun 21 16:14:07 the firmware on it is so crappy, I honestly don't care bricking it, but wouldn't mind having it doing something usefull. Jun 21 16:14:49 javi404 You can send your router to one of OpenWRT developers for study. Jun 21 16:14:59 They may be able to create a firmware. Jun 21 16:15:32 Keep in mind that Wi-Fi won't work on OpenWRT for this router because it's Broadcom. Jun 21 16:17:02 Linksys WRT3200ACM is a good device for OpenWRT, ZBT WG2626 is also a good device. Jun 21 16:17:26 I recommend replacing your router with a device that works with OpenWRT out of a box. Jun 21 16:23:31 koops: there are images for other routers with the 53xx SOC Jun 21 16:23:44 koops: not worth sending it out, this is just some 300N junk that was laying around. Jun 21 16:24:13 These won't help without a router for testing and sample firmware. Jun 21 16:24:23 https://downloads.openwrt.org/releases/17.01.4/targets/bcm53xx/generic/ Jun 21 16:24:24 got it Jun 21 16:24:47 oh well, I don't need another router at the moment, but thanks. Jun 21 16:25:08 if anyone wants the stock firmware for analysis, ill be happy to provide it. Jun 21 16:27:44 last question for now, are there major changes from CC 15{latest} and the LEDE 17 versions? Jun 21 16:27:48 worth an upgrade? Jun 21 16:28:14 Yes, definitely. 15.05 is no longer supported and has unpatched security vulnerabilities. Jun 21 16:28:16 asking specifically about an ar71xx target Jun 21 16:28:30 mamarley: sysupgrade procedure is the same? Jun 21 16:28:45 download bin, check md5, flash from cli? Jun 21 16:29:29 It should work, but I didn't specifically try it myself because I use trunk builds. I would recommend taking a backup of your configuration first in any case. Jun 21 16:31:21 mamarley: sounds good, thanks. Jun 21 16:31:32 I'll test later today and report back. Jun 21 16:31:41 have 2 devices with CC on them. Jun 21 17:02:44 hello guys Jun 21 17:03:31 What does ¿ mean in hardware table? Jun 21 17:04:55 @Florian: if you have 1 min - pls contact me Jun 21 17:05:24 its about mwan3 -> the diagnostic -> ping functions didn't find all interfaces ... Jun 21 17:05:42 seems to be the method in the mwan3.lua file is not the best choice Jun 21 17:06:00 this was working on old version fine (not sure, since when there is that bug Jun 21 17:06:05 but i found it ... Jun 21 17:06:07 line: Jun 21 17:06:25 file: /usr/lib/lua/luci/controller/mwan.lua Jun 21 17:06:43 zeile: 141 local uci = require "luci.model.uci".cursor(nil, "/var/state") - local device = uci:get("network", interface, "ifname") + --camel - different method to get *device* name + local device = ut.trim(sys.exec("uci -q -p /var/state get network." .. interface .. ".ifname")) Jun 21 17:07:06 but maybe this fix (to use the old method from 2017 is not "very clean" Jun 21 17:07:21 zeile: 141 Jun 21 17:07:35 local uci = require "luci.model.uci".cursor(nil, "/var/state") Jun 21 17:08:00 - local device = uci:get("network", interface, "ifname") Jun 21 17:08:06 + local device = ut.trim(sys.exec("uci -q -p /var/state get network." .. interface .. ".ifname")) Jun 21 17:08:11 please don't try and paste diffs here. Jun 21 17:08:25 send them as a PR, or an rfc pr, or share a link Jun 21 17:08:30 not sure, if that helps to fix or to find another method to get the real "device" Jun 21 17:08:46 @karl: ok Jun 21 17:09:09 or even just as comments on a bug report, but that doesn't format for anyonehere Jun 21 17:09:33 hmm, well, not sure, as the mwan3 is a package ... Jun 21 17:09:43 anyhow ... i will wend it via email .. we will see Jun 21 17:09:47 thx Jun 21 17:11:44 you can file a ticket on the packages repo too. Jun 21 17:14:00 jow: ping Jun 21 17:21:39 Can I have both symbols: CONFIG_PACKAGE_luci-app-qos=m Jun 21 17:21:39 and CONFIG_PACKAGE_luci-app-sqm=m in .config file ? Jun 21 17:43:47 ? -3 cores = Pi zero? Can work with all 4 cores? L2TP witout encripton. If DCHP the same core, one core used. Pi 2 L2TP Phttps://ufile.io/fxfmn DHCP https://screenshots.firefox.com/ugaBB0dGTkYpQvFG/null Jun 21 17:44:27 If DCHP the same, one core used Jun 21 17:44:54 https://ufile.io/fxfmn Jun 21 17:45:20 en not my lang Jun 21 17:50:28 one core ~95-100% Jun 21 18:00:31 Any plans for OpenWRT to support ASUS Blue Cave? Hardware seems good (no Broadcom parts): https://wikidevi.com/wiki/ASUS_Blue_Cave Jun 21 18:06:11 koops: I think there might be some basic support for the GRX350, but afaik there's nothing at all for the wifi Jun 21 18:08:09 Monkeh: so no? Jun 21 18:09:09 Pretty much Jun 21 18:09:46 Weird looking thing. Jun 21 18:10:11 mkresin: You aware of any work towards support for those chipsets? Jun 21 18:12:09 are the devs gonna keep up naming releases after drinks? Jun 21 18:12:30 was always helpful when wanting to annoy the bartender Jun 21 18:12:44 ofc, everyone knows what a white russian is Jun 21 18:13:04 speaking of releases, what's holding 1806 back? Jun 21 18:16:39 42 Jun 21 18:18:58 huaracheguarache That guy is back and he's worried that his motherboard gets enough power from CMOS battery to be able to listen to/attack other devices over wireless. Jun 21 18:19:00 LUL. Jun 21 18:20:15 Is Chaos Calmer an actual drink lol? Jun 21 18:21:55 https://wikidevi.com/wiki/ASUS_RT-AC53 Jun 21 18:22:45 Monkeh What about this? MediaTek MT7620A, U-Boot. Jun 21 18:23:05 OpenWRT already supports routers with same SoC. Jun 21 18:23:54 afaik there's no driver for the 5GHz chip and nobody wants more MT7620s. Jun 21 18:24:55 Monkeh Something wrong with this chip? Jun 21 18:25:13 Yes, the old wifi core sucks and the drivers for it aren't all that reliable. Jun 21 18:26:06 koops: jesus Jun 21 18:26:25 I suggested him to start taking Risperidone. Jun 21 18:26:53 he should talk to a shrink lol Jun 21 18:27:42 shrink? Jun 21 18:27:50 psychiatrist Jun 21 18:29:02 Ah. Jun 21 18:29:11 lol. British slang? Jun 21 18:30:03 I'm not sure, but to me it sounds more American. Jun 21 18:32:53 He said that Bluetooth Low Energy for example can work from a CMOS-like battery for years. Jun 21 18:33:43 I tried to explain that the power drain is orders of magnitude higher for Wi-Fi. He simply said the mobo would have to pull energy from the battery harder. Jun 21 18:33:47 gosh... Jun 21 18:34:06 There's no point arguing with people who don't understand physics. Jun 21 18:34:19 hmm, creating energy from nothing... nice Jun 21 18:35:25 hmm, but a mobo can compromise a BLE-supporting phone. He's kinda right. Jun 21 18:35:49 However, the part about pulling energy from battery harder... Jun 21 18:36:02 yeah. physics facedesk. Jun 21 18:38:02 Another gem: "Extremely advanced AI that can make decisions on it's own will can fit in 1MB" Jun 21 18:45:28 Monkeh: there was a patchset recently send by intel to add some GRX500 support Jun 21 18:45:58 hi Jun 21 18:46:58 Monkeh: https://patchwork.linux-mips.org/project/linux-mips/list/?series=1144&state=%2A&archive=both Jun 21 18:47:03 Borromini: \o Jun 21 18:47:57 hey :) Jun 21 18:49:53 mkresin: Anything for the wifi? Jun 21 18:53:03 Monkeh: nope. it might be possible to find the lantiq/intel code for the wifi, but it requires a patched hostapd and so on Jun 21 18:53:14 nngh. Jun 21 18:53:45 Monkeh: I'm in doubt that anyone will write a upstreamable driver without $$$ Jun 21 18:58:50 Well, code ain't free, especially if you have to reverse someone else's crap first Jun 21 18:58:52 Is Qualcomm Atheros QCA9980/9984 a good CPU? Jun 21 19:01:20 it's a wireless chip afaik. Jun 21 19:02:23 Isn't it a SoC? Jun 21 19:03:13 nope, sold as wireless chip. Jun 21 19:03:14 if i compiled wrt with CONFIG_PACKAGE_luci-app-qos=m, how can I enable this package? Thanks Jun 21 19:03:35 It's Qualcomm IPQ8065 then. Jun 21 19:03:42 koops: yes Jun 21 19:03:48 versus Marvell 88F6820. Jun 21 19:04:04 both speed and OpenWRT compatibility wise. Jun 21 19:04:26 muhaha: =m means build the ipkg but doesn't include it in the image Jun 21 19:05:10 mkresin: oh.. so one more time with =y Jun 21 19:05:33 muhaha: or copy the ipkg from your bin dir to the router and install via opkg Jun 21 19:07:12 mkresin: Is possible to have both CONFIG_PACKAGE_luci-app-qos=y Jun 21 19:07:12 CONFIG_PACKAGE_luci-app-sqm=y ? Jun 21 19:07:49 I dont know which one is better and I can not install it from opkg, cuz it ccomplains about kernel dependency... Jun 21 19:10:01 Marvell Armada 385 vs Qualcomm Atheros IPQ8065/QCA9984, which is better speed and OpenWRT compatibility-wise? Jun 21 19:10:36 Marvell Armada 385 88F6820 Jun 21 19:13:22 muhaha: there's no 'better', but SQM is meant to replace QoS Jun 21 19:15:01 Ok, thank you Jun 21 19:15:04 Borromini: thanks, I failed to parse the question at all and would have never noticed qos vs. sqm Jun 21 19:15:28 mkresin: happy to help ;) Jun 21 19:31:37 hi, libopkg calls md5sum, but I cannot find the definition/header the code comes from. Jun 21 19:31:46 maybe someone has a clue Jun 21 19:34:11 koops: qualcomm has given up on ipq806x AFAIK Jun 21 19:35:17 mangix What do you mean? Jun 21 19:35:30 Are these discontinued? Jun 21 19:35:33 no upstream progress Jun 21 19:35:45 I have no idea what that means. Jun 21 19:35:48 they're focused on ipq4 it seems Jun 21 19:35:54 linux kernel Jun 21 19:35:58 lower-end ones? Jun 21 19:36:10 sure Jun 21 19:36:31 ipq8 is overengineered AFAIK Jun 21 19:36:37 mangix: how so? Jun 21 19:36:39 making it difficult to upstream Jun 21 19:36:41 I wanted a quite high-end router that can run VPN fast. Jun 21 19:36:54 koops: why not x86 then Jun 21 19:36:59 And of course OpenWRT compatible with all features working on OpenWRT. Jun 21 19:37:00 can someone with an ipq8064 tell me how should i sysupgrade on trunk? Recently the kernel partition was enlarged to 4MB, will sysupgrade "just work"? I don't care about keeping stuff Jun 21 19:37:14 Expensive, requires more power. Jun 21 19:37:32 koops: doesn't necessarily eat more power than a high end ARM solution afaik. Jun 21 19:37:41 koops: mvebu would be your best bet right now. having said that, ipq8 is getting better, not worse because of some local openwrt development Jun 21 19:37:50 marvell? Jun 21 19:37:53 yeah Jun 21 19:38:10 Is Marvell trustworthy company? Jun 21 19:38:10 downside to marvell is the wifi Jun 21 19:38:27 from a linux perspective, yes Jun 21 19:38:43 Wistron NeWeb too. Jun 21 19:38:47 they upstream pretty much everything Jun 21 19:38:51 I never heard of either. Jun 21 19:39:12 never heard of marvell? Jun 21 19:39:58 Yeah, I know such company exists but never actually seen anything made by it. Jun 21 19:40:13 I knew it makes semiconductors, that's it. Jun 21 19:40:23 linksys WRT series are the most popular Jun 21 19:40:30 And Wistron NeWeb is complete mystery. Jun 21 19:41:06 They could have backdoored all their products and no one would find out. Jun 21 19:41:11 marvell makes plenty of chips Jun 21 19:41:16 Not Marvell Jun 21 19:41:19 but Wistron Jun 21 19:41:20 koops: maybe you better disconnect from the internet right now. Jun 21 19:41:47 this again... Jun 21 19:41:53 i'm sure the NSA doesn't mind having an in on those all american companies either. Jun 21 19:42:03 lol. I have a friend who is also worried about this stuff, he seems fine being on the internet. Jun 21 19:42:14 But worried about buying random hardware. Jun 21 19:42:46 Ah, fuck this I will probably buy it. Seems most high-end non-x86 router possible. Jun 21 19:44:32 Ah, what's about MediaTek MT7621AT? Jun 21 19:45:14 weak Jun 21 19:45:16 avoid Jun 21 19:45:36 * mangix is tired of headaches resulting from mt7621 Jun 21 19:45:54 I guess we all have to live with the chance that any hardware you buy may be backdoored and no one will find out because no one reverse-engineers random hardware to look for backdoors. Jun 21 19:47:00 we also have to live with the chance that a meteor will hit the earth and wipe out civilization Jun 21 19:47:27 Weak as in weak cpu or weak wi-fi signal? Jun 21 19:47:32 cpuu Jun 21 19:47:36 *CPU Jun 21 19:47:52 the multithreading is also totally broken Jun 21 19:48:31 Qualcomm Atheros QCA9563? Jun 21 19:48:37 abandoned too? Jun 21 19:48:55 i don't think so Jun 21 19:49:32 there's work on upstreaming that currently Jun 21 19:49:38 mangix: what's with the mt7621? Jun 21 19:49:41 k Jun 21 19:49:52 how is multithreading broken? (i haven't noticed) Jun 21 19:50:05 do this Jun 21 19:50:17 run rsync on the router Jun 21 19:50:22 then try doing something else Jun 21 19:50:27 in parallel Jun 21 19:50:34 the whole router locks up Jun 21 19:50:41 :-/ Jun 21 19:50:52 even though it has 3 extra CPUs Jun 21 19:50:58 technically 1 Jun 21 19:51:15 :) Jun 21 19:51:16 yeah HT Jun 21 19:51:47 the HT is useful for openssl benchmarks Jun 21 19:51:49 that's it Jun 21 19:52:23 hillarious since there's silicon to accelerate AES and whatnot, but no driver Jun 21 19:52:50 well they're a younger company than american silicon makers i reckon... Jun 21 19:53:04 rsync is also super slow Jun 21 19:53:06 5MB/s Jun 21 19:53:14 not that that would be an excuse. is their ARM stuff better? Jun 21 19:53:17 I use Shadowsocks and have only 100 Mb/s connection so I guess Marvell 88F6820 is overkill. Jun 21 19:53:17 yes Jun 21 19:53:30 mediatek's arm stuff is all upstream Jun 21 19:53:36 their MIPS stuff is abandoned Jun 21 19:53:54 I guess anything can handle 100 Mb/s Shadowsocks with chacha20-poly1305. Jun 21 19:54:27 I want it to handle gigabit LAN though. Jun 21 19:55:40 * mangix will be back in 30 minuutes Jun 21 19:58:10 * Borromini is off, goodnight Jun 21 20:12:20 why my internal PC violates dnsmasq cname on my router? once a while, for about 5-6 seconds, then it returns to whatever dnsmasq set for Jun 21 20:13:18 run 'watch dig dns-site' and its CNAME/DNS name will change once a while for a few seconds, so dnsmasq is not very strict Jun 21 20:20:10 dnsmasq will returm what it gets upstream Jun 21 20:20:25 liw ttl and cnames are common lb techniques Jun 21 20:20:46 lb? Jun 21 20:20:47 low ttl Jun 21 20:20:53 load balancing Jun 21 20:21:15 less likely to be cached Jun 21 20:23:41 checking unbound now, hope it is not too heavy Jun 21 20:24:11 What do you think about Asus RT-AC58U for OpenWRT? Jun 21 20:25:34 Unbound itself isn't too big, but it pulls in OpenSSL, which is quite big if you are on a space-constrained device. Jun 21 20:26:46 in that case i'm fine as I'm already running openssl, 16MB seems safe Jun 21 20:27:42 8MB is tight, 16MB can have lots of packages, ...can't help but thinking amazon is squeezing android into echo dot Jun 21 20:28:00 it should use a 4MB openwrt instead... Jun 21 20:30:50 while unbound is a full resolver, what about I put force dnsmasq to use reslov.conf with 8.8.8.8 etc so it won't get those ads trash from isp, will that be near identical to what unbound can provide, i believe by default dnsmasq uses its cloest upstream dns server Jun 21 20:31:02 s/put force/force/ Jun 21 20:32:02 but then, dns is resilient-built-in, if it fails to reach a dns server it will likely try others nearby Jun 21 20:32:40 maybe that's why my PC got leaked dns-result from dnsmasq Jun 21 20:35:56 it leaks once per ~ 10 minutes, for each leak(wrong dns from what dnsmasq set up for) takes about 6 seconds to correct itself(back to what dnsmasq requires) Jun 21 20:43:47 Can I download in build single package from another branch? Jun 21 20:48:09 not directly, but you can use package source overrride Jun 21 20:48:53 https://openwrt.org/docs/guide-developer/packages?s[]=package&s[]=source&s[]=override#working_on_local_application_source Jun 21 20:49:08 one of those options would work enough Jun 21 20:55:48 Or can anyone merge this https://github.com/openwrt/luci/pull/1422/ to lede-17.01 branch? Jun 21 21:07:23 mkresin: https://github.com/openwrt/openwrt/pull/1087 Jun 21 21:30:31 rotanid: uhm, yes? Jun 21 21:31:20 mkresin: would be great to get feedback (if you have time, of course, as always) Jun 21 21:31:51 rotanid: spotted already some issues. is it your PR? Jun 21 21:32:00 no, friend of mine Jun 21 21:32:24 Brother_Lal: <-- Jun 21 21:34:33 rotanid: Brother_Lal: focus on getting the factory image working first. we have a dgn3500 firmware util in the tree, which generates a sercom/netgear firmware as well Jun 21 21:35:04 rotanid: Brother_Lal: maybe you can spot something that is missing in your util Jun 21 21:35:07 mkresin: define "working"? it is working, just not using the WebUI Jun 21 21:35:33 but maybe that can be solved lookg at the dgn3500 firmware util you just mentioned Jun 21 21:35:40 *looking Jun 21 21:35:59 rotanid: Brother_Lal: in the end I would like to get rid of the (ugly) dgn3500 util and use a more common mksercommfw Jun 21 21:36:22 rotanid: what is nmrpflash? Jun 21 21:37:12 mkresin: https://github.com/jclehner/nmrpflash Jun 21 21:37:24 "uses Netgear's NMRP protocol to flash a new firmware image to a compatible device" Jun 21 21:39:38 mkresin: dgn3500 seems to be a lantiq device from 2013, are you sure this would help in this case? Jun 21 21:40:57 mkresin: the nmrpflash was also mentioned in 2017 when the sister device r6220 was merged by you: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=38bee61dab029a7608088f64da71c19cfc8cf267 Jun 21 21:43:54 rotanid: yea, as the lantiq device has at least a similar header (if not the same) Jun 21 21:44:23 ok, i'll tell him your thoughts if he doesn't read them here himself. thanks so far! Jun 21 21:45:28 mkresin: any hint on the other question he asked regarding the led mapping? Jun 21 21:51:00 where is luci-app-lxc in 18.06 ? https://github.com/openwrt/packages/blob/lede-17.01/utils/luci-app-lxc/Makefile vs https://github.com/openwrt/packages/blob/openwrt-18.06/utils/luci-app-lxc/Makefile ? Jun 21 21:58:20 rotanid: should be answered by now Jun 21 21:58:48 great Jun 22 00:07:23 Good, downloading began to load more than one core, but I didn't do anything for this https://ufile.io/lwg7l Jun 22 00:08:04 pi 2 Jun 22 00:10:36 torent with encription, l2tp witout encription Jun 22 00:38:48 https://screenshots.firefox.com/PteZUuczPawW5ZjM/null Jun 22 01:28:32 pi 2 + USB Ethernet Adapter wan (kmod-usb-net-rtl8152) Jun 22 02:23:57 usb ethernet adapters are horrible Jun 22 02:29:57 build #544 of sunxi/cortexa53 is complete: Success [build successful] Build details are at http://phase1.builds.lede-project.org/builders/sunxi%2Fcortexa53/builds/544 **** ENDING LOGGING AT Fri Jun 22 03:00:01 2018