**** BEGIN LOGGING AT Mon Aug 13 03:00:00 2018 Aug 13 04:37:29 jow: were you working with someone on hostapd packaging? Aug 13 04:37:37 i think I recall you discussing HIDDEN:=1 with someone... Aug 13 04:37:45 could you check https://forum.openwrt.org/t/build-on-r-pi-3-on-18-06-0-facing-an-error-with-hostapd-and-wpa-supplicant-p2p/18128 ? Aug 13 04:37:50 does it seem valid report? Aug 13 04:59:49 <|\n> hello, is it okay that after removing uci a lot of init scripts of services get broken not having uci onto their dependency list? Aug 13 05:12:26 Hi rmilecki if i remember rite jow is go on vacation. Aug 13 05:14:03 ok, thanks Aug 13 05:14:22 http://lists.infradead.org/pipermail/openwrt-adm/2018-August/000868.html reads a bit like ~until today Aug 13 05:14:30 Tapper: regarding OpenWrt-help, it's a trademark, so you may need to ask on openwrt-adm@ first Aug 13 05:15:24 rmilecki O crap Aug 13 05:15:27 lol Aug 13 05:16:00 O well if it is not wanted then I will just remove the account or hand over the password Aug 13 05:16:38 did I say it's unwanted? Aug 13 05:16:49 OpenWrt could do with all the people it can get! Aug 13 05:21:27 sorry rmileckiI did not mien to imply. Aug 13 06:09:37 congratulations openwrt-ers on the re-merge of LEDE! Aug 13 06:09:47 I have recently upgraded and discovered my strongswan VPN is broken :( Aug 13 06:10:16 I have a workaround but I'm wondering if anyone with experience with strongswan can explain how it's *supposed* to work, and why I seem to be having firewall difficulties Aug 13 06:29:59 aloha Aug 13 06:32:42 morning Aug 13 06:35:09 O jow I thought you were off on your hols! Aug 13 06:36:10 yo blogic Aug 13 06:36:13 hey jow Aug 13 06:36:17 hols in UK = vacation! Aug 13 06:41:24 mangix: https://patchwork.ozlabs.org/patch/956509/ these patches, please add a sane description Aug 13 06:41:52 should is no good and it does not explain what it fixes Aug 13 06:42:16 rmilecki: yes I did mention the idea of having a hidden common package, but I did not actively work on it Aug 13 06:47:36 KanjiMonster: when you request changes, please set the status :-) --> https://patchwork.ozlabs.org/patch/956479/ Aug 13 06:49:48 I'll do next time - if I remember to do it ;) Aug 13 06:50:06 cool, otherwise i'll do it Aug 13 06:52:29 any takes on this one --> https://patchwork.ozlabs.org/patch/956753/ Aug 13 07:05:03 blogic, the cosmetic patches can be removed if the corresponding files are rewritten to include the changes Aug 13 07:21:26 rmilecki: it was me and jow discussing whether hostapd-common should be hidden Aug 13 07:21:41 rmilecki: jow had only the hostapd-common selected and got a build error Aug 13 07:22:03 mkresin: is that the same error as in https://forum.openwrt.org/t/build-on-r-pi-3-on-18-06-0-facing-an-error-with-hostapd-and-wpa-supplicant-p2p/18128 ? Aug 13 07:22:50 rmilecki: not sure yet. just be careful with the forum user. he is known to post a lot of rubish Aug 13 07:23:05 oh Aug 13 07:23:10 thanks for letting me know! Aug 13 07:24:02 <|\n> hello, is it okay that after removing uci a lot of init scripts of services get broken not having uci onto their dependency list? Aug 13 07:24:16 rmilecki: first step would be to get the diffconfig.sh output from the guy Aug 13 07:24:31 good point Aug 13 07:25:06 |\n: uci is considered essential, as is busybox or libc Aug 13 07:25:17 <|\n> why isn't it on dependencies then? Aug 13 07:25:26 because its work Aug 13 07:25:39 <|\n> didn't understand the last statement Aug 13 07:25:40 busybox isn't on the dependency list either Aug 13 07:25:47 <|\n> why? Aug 13 07:26:00 because it is a lot of effort Aug 13 07:26:05 for very little gain Aug 13 07:26:25 <|\n> well everything keeps working after removal uci but init for me Aug 13 07:26:33 <|\n> how is it so vital then? Aug 13 07:26:54 init scripts require uci to translate /etc/config/* into native configuration Aug 13 07:27:05 if that is not possible, services cannot be started Aug 13 07:27:44 <|\n> where do i read on how exactly i must cope with things like firewall alongside with iptables and how do i use isc dhclient as default one and such, i'm just being afraid on overrides and it's unclear to me Aug 13 07:28:06 <|\n> yeah but the daemons themselves work fine Aug 13 07:28:39 |\n: sure, but the init scripts for those daemons are openwrt specific and rely on uci Aug 13 07:28:49 if you do not want to use it, you have to write your own init scripts Aug 13 07:29:41 if you want to use plain iptables, remove the firewall package Aug 13 07:29:55 <|\n> okay, what else would be safe to remove - how do i know? Aug 13 07:30:01 if you want to use isc dhclient you need to write your own network bringup scripts Aug 13 07:30:34 <|\n> anything else that is vital and doesn't fall under dependencies? Aug 13 07:30:47 among the default package selections, the things safe to remove are ppp, opkg, firewall and related kmods Aug 13 07:31:00 anything else is pretty much essential Aug 13 07:31:33 <|\n> thanks, jow Aug 13 07:42:25 I have know idea if this can be dun, but could OpenWrt put up a test of LUCI on the webpage? So people can log on and test out the interface and see how it works? Aug 13 07:44:14 Tapper: theoretically possible but lots of work Aug 13 07:44:29 k Aug 13 07:45:31 Would a open vm take up to much resources? Aug 13 07:48:21 no. maintaining it would Aug 13 07:49:19 it needs to be reprovisioned after logout, it needs to be frequently updated, there needs to be some queueing to support multiple user logins etc. Aug 13 07:57:07 jow what about making it have a read only fs? Aug 13 07:58:09 don't know how you would support multiple user logins tho. Aug 13 07:58:28 never mind! Aug 13 07:58:30 lol Aug 13 08:02:47 *bleh* Aug 13 08:03:44 * blogic looks up the phylink/sfp api Aug 13 08:04:02 if i recall correctly the kernel has proper SFP support these days ?! Aug 13 08:17:28 Hi. What is the recommended way for automated backups of OpenWrt/Lede without user interaction? Aug 13 08:20:42 And 2nd is there a solution for mass deployment and/or central configuration management? Aug 13 08:26:30 <|\n> theres rsync? Aug 13 08:28:49 I'm using a script that runs sysupgrade --create-backup /tmp/backup/\$(cat /proc/sys/kernel/hostname).tar.gz over SSH and then SCPs the tarbal Aug 13 08:29:14 central config management ... I've found some ansible stuff, but requires python afaik and that might be too big for the average device Aug 13 08:29:45 there is also openwisp, but I've never tried it Aug 13 08:34:45 is there a way for validating the tar.gz file? (eg the last 16 bytes of that file contain "OpenWrt is great") Aug 13 08:39:01 reiffert: you could pipe it through tar -xtz (t == list contents) Aug 13 08:39:10 sorry -tz Aug 13 08:39:25 and check for tar's exit value... Aug 13 08:39:29 exactly Aug 13 08:40:14 that would validate a working tar.gz file but not prevent a file full of empty files ... I better stop here. Aug 13 08:42:15 reiffert: true Aug 13 08:42:46 you can also stream the backup and verify it locally where better tools might be available Aug 13 08:43:11 ssh root@box '/sbin/sysupgrade --create-backup -' > /tmp/box-backup.tar.gz Aug 13 08:43:26 that's what I was just testing 5 seconds ago :) Aug 13 08:44:25 from looking into a backup.tgz file it appears that it's just a copy of /etc. Would that be a true statement for any "modern" openwrt device or would it also contain nvram in case the hardware/device requires it? Aug 13 08:46:09 its a copy of the files listed in /etc/sysupgrade.conf, /lib/upgrade/keep.d/ and opkg list-changed-conffiles Aug 13 08:46:17 there are no nvram backups Aug 13 08:46:51 openwrt mostly ignores nvram, only a very few selected entries are read Aug 13 08:48:51 any OS X user here? Aug 13 08:49:12 me Aug 13 08:49:51 reiffert: would you mind to do a clean openwrt build with CONFIG_SIGNED_PACKAGES enabled and see if it fails? Aug 13 08:50:25 target does not matter, package selection can be default Aug 13 08:52:22 jow: I am about to attend a birthday meal. I'll try to get a build started prior to leaving and would report upon my return Aug 13 08:52:30 that'd be great Aug 13 08:52:54 blogic: I think it has. But I am not sure what it should do. I think you have multipul options. 1. Detect and do nothing. 2. SFP readout the SFP module and setup the MAC and phy properly. Aug 13 08:53:07 I'm on Sierra 10.12.6 does that matter? Aug 13 08:53:31 reiffert: I guess not. The test is basically about the host build of package/system/ucert/ Aug 13 08:54:12 I need to know if it a) builds on clean tree (fresh git clone) b) ./staging_dir/host/bin/ucert is executable (prints usage) instead of dying with missing library references Aug 13 09:54:57 DonkeyHotei: I don't understand you comment in PR#1273. For me it doesn't have any useful content Aug 13 09:55:18 the last comment? Aug 13 09:55:24 DonkeyHotei: yes Aug 13 09:56:04 i can remove it Aug 13 09:56:16 mkresin: I'm trying to understand what you want to tell us Aug 13 10:11:28 hmmm so I saw these DCSP rules in /e/c/firewall: https://pastebin.com/aJzTBJNH (ldir posted that last week or so) Aug 13 10:11:39 but: Warning: Option @rule[57].target has invalid value 'dscp' Aug 13 10:15:59 ok I guess I need to patch fw3 :) Aug 13 10:19:40 stintel: you need to update the openwrt pacakge yet Aug 13 10:20:23 jow: yeah I figured, thanks! Aug 13 10:21:55 stintel: would appreciate if you do that Aug 13 10:22:05 otherwise I can do later Aug 13 10:24:29 jow: hi, any reason why you didn't update buildbot.git? Aug 13 10:24:45 f00b4r0: didn't get around to it yet Aug 13 10:24:56 ah ok. Was worried you had found some other bug ;) Aug 13 10:26:52 jow: speaking of which, dunno if you had caught my email comment about how nearly all target files have different checksum after rebuild. Including stuff like e.g uboot images which seems surprising Aug 13 10:27:58 ugh, I would like if make check FIXUP=1 did not reorder stuff in the Makefiles :/ Aug 13 10:28:00 many images carry a metadata trailer Aug 13 10:28:09 which contains the git revision Aug 13 10:28:46 and uboot probably embeds the git revision or buildtime/host by default and requires patching for solving this Aug 13 10:30:02 jow: i see. So it's not a surprise then :) Aug 13 10:31:33 jow: https://git.openwrt.org/a0642b23 Aug 13 10:31:39 I'll test it here and push to master later Aug 13 10:57:30 anyone have an idea why ncurses fails to build on CC with external buildroot? (long shot I know) https://zerobin.net/ Aug 13 10:57:40 sorry, https://zerobin.net/?5c147d7499f3c9b9#FVsMQoXLgBUXtAaM9xNdQznLZsEEXnKcPZfbJcqPkoQ= Aug 13 11:04:51 Does anyone know a good howto for Wireguard and Openwrt? if possible in German :) Aug 13 11:11:39 hsp: this one's in english: https://danrl.com/blog/2017/luci-proto-wireguard/ Aug 13 11:15:43 this is interface-setup only Aug 13 11:19:28 hsp: i also found this helpful when setting up wireguard on my router and computer: https://www.ericlight.com/wireguard-part-one-installation.html Aug 13 11:24:40 hsp: i'm running a road warrior setup, so if that's what you're trying to achieve i can try to help you out if you have any specific questions Aug 13 11:26:49 my problem ist the router-setup and correct firewall settings Aug 13 11:27:03 huaracheguarache, ^^ Aug 13 11:28:20 do you intend to set up wireguard as a vpn that you can connect to and tunnel your connection to the internet through? Aug 13 11:35:51 hsp: my wireguard interface has its own zone in the firewall, and i have forwarded port 51820 (default port, different if you've specified something else) from the wan zone to the wireguard zone to let peers connect Aug 13 11:41:39 hsp: i think i dc'ed Aug 13 11:41:51 you didn't miss anything Aug 13 11:42:06 ok =) Aug 13 11:51:08 jow: fyi, firewall3 doesn't build: https://pastebin.com/Txe6DySz Aug 13 11:54:28 huaracheguarache, sorry, my english is not good :) Aug 13 11:54:55 stintel: meh Aug 13 11:55:17 shouldn't have applied this patch Aug 13 11:55:36 jow: shall I revert it ? Aug 13 11:55:41 no, will fix it Aug 13 11:55:43 or are you going to try and fix it Aug 13 11:55:44 ok :) Aug 13 11:56:05 umm Aug 13 11:56:30 untested ? :) Aug 13 11:56:42 build tested Aug 13 11:56:49 apparently not Aug 13 11:56:55 unless.... I sent the wrong version Aug 13 11:57:30 which is 100% my bad Aug 13 11:57:41 forgot to commit the fixup? ;) Aug 13 11:59:42 umm, maybe Aug 13 11:59:54 I fixed it, but I was sure I sent the fixed patch Aug 13 12:00:30 nope, I suck, sorry Aug 13 12:01:24 stintel: fix pushed Aug 13 12:02:05 jow: thanks, I'll try and bump it in master later today Aug 13 12:02:32 ffs, should have spotted that Aug 13 12:04:42 mhh https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=e5b802b9c2711316e26402669bee9349f4c6ec65 breaks for me. Aug 13 12:04:54 https://www.irccloud.com/pastebin/o3aweDu1/ Aug 13 12:05:04 think I got the commit hash wrong when doing the diff Aug 13 12:09:30 I'm just gonna send PRs from now on, I keep fucking up send-email :D Aug 13 12:12:33 :P Aug 13 12:12:45 git send-email -1 ? Aug 13 12:14:07 what does that do? Aug 13 12:15:39 just sends the last commit Aug 13 12:15:44 oh Aug 13 12:15:58 well it was 2 commits coz I fixed that sprintf fuckup Aug 13 12:16:32 somehow managed to send only the first commit Aug 13 12:19:44 andy2244: mm, don't see that on lantiq Aug 13 12:19:58 I guess gcc 8 Aug 13 12:20:18 gcc version 8.2.0 (GCC) Aug 13 12:20:41 its a problem related to musl, mksercommfw.c is not musl compatible, so i get this under alpine Aug 13 12:20:47 aaah Aug 13 12:20:51 looking for a fix atm Aug 13 12:21:19 andy2244: the likely fix is to switch to stdint types Aug 13 12:21:25 andy2244: s/u_int/uint/ Aug 13 12:21:33 and make sure it #include's Aug 13 12:22:06 yeah but somehow u_int32_t should be defined somewhere under musl too, need to check includes Aug 13 12:23:56 jow: yeah its in #include ? So add the include or change all types? Aug 13 12:24:12 change the include, its less noise Aug 13 12:34:11 so umm, how do we fix ttylogin being ineffective during boot? I can't see a sensible way to fix it, other than inversing login.sh Aug 13 12:34:20 which may not be desirable either Aug 13 12:35:19 jow: oki here you go https://github.com/openwrt/openwrt/pull/1281 Aug 13 12:36:11 meh craop Aug 13 12:36:11 uh, it's less noise, but wow, that application should be fixed instead IMO. Aug 13 12:38:09 yeah but if you search for u_int32_t several other .c files have the same problem and all fix it by including sys/types.h Aug 13 12:38:49 (theyr'e all wrong) Aug 13 12:38:55 where did that toolcome from? Aug 13 12:39:22 not saying they are right :p that was the commit: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=e5b802b9c2711316e26402669bee9349f4c6ec65 Aug 13 12:39:37 notes netgear Aug 13 12:40:09 I feel it was copied from somewhere else, but I can't prove it Aug 13 12:40:38 + /* 7. pray that the updater will accept the file */ Aug 13 12:40:39 lol Aug 13 12:41:29 hey honest comment Aug 13 12:41:39 lol yes Aug 13 12:41:51 hope that isn't a vendor tool Aug 13 12:44:04 andy2244: are you building on alpine? Aug 13 12:44:39 yes still trying to get my docker/alpine based package compiler to work. Aug 13 12:45:36 https://blog.talosintelligence.com/2018/06/vpnfilter-update.html I give only for reading Aug 13 12:45:41 I tried setting up a buildbot on Gentoo Hardened musl someday, but I gave up Aug 13 12:46:05 heh Aug 13 12:46:14 I did have an alpine builder Aug 13 12:46:21 maybe I should make a new one Aug 13 12:46:51 well I got stuck on uboot-ar71xx Aug 13 12:47:15 too old, and porting our patches to the newer versions was over my head Aug 13 12:47:50 yeah alpine is nice to test if anything is missing or musl breaks on host, often things compile because no-one really checked if ubuntu/debian/fedora has it on host, while under alpine i need to add it explicitly, since there is nothing there... the base image of alpine 3.8 is 2 MB ... Aug 13 12:54:10 i clearly need to update from the snapshot im using.. my curl have stopped working, and i get "* opkg_download: Failed to download http://downloads.lede-project.org/snapshots/targets/mvebu/generic/packages/Packages.gz, wget returned 8." on the last file when running 'opkg update' Aug 13 12:55:06 btw this is also alpine related https://github.com/openwrt/openwrt/pull/1255 Aug 13 12:56:07 don't you need -fpic or -fPIC depending on arch, so in this case, depending on _host_ arch? Aug 13 12:56:48 I suggest to use $(HOST_FPIC) Aug 13 12:57:19 thats what i did in the PR? HOST_CFLAGS += $(HOST_FPIC) Aug 13 12:57:29 yeah, wrote it before looking at the diff Aug 13 12:57:42 ah np :p Aug 13 12:57:52 ah, didn't know HOST_FPIC existed yet :) Aug 13 12:58:07 * karlp wonders what the perf impact of just -fPIC all the time is. Aug 13 12:58:49 mmm, am I gonna regret it if I use inittab to run a script as a daemon? Aug 13 12:59:05 yes Aug 13 12:59:06 :) Aug 13 12:59:11 :D Aug 13 12:59:18 wanted to avoid adding cron Aug 13 13:00:12 just a simple script, posts a bunch of stuff from ubus to my API every 5 minutes Aug 13 13:00:45 why not just add cron? really? Aug 13 13:01:08 guess I could do Aug 13 13:01:21 it's in busybox, it's not like it's going to break the bank Aug 13 13:01:24 true Aug 13 13:05:04 you could probably abuse procd as well Aug 13 13:05:10 with appropriate respawn settings Aug 13 13:05:24 huh, I'd rather do that tbh Aug 13 13:05:24 that would not allow for exact every-N-seconds timing though Aug 13 13:05:42 I can just sleep in the script, I only really need something to spawn it and respawn if it goes wrong Aug 13 13:06:04 well then simply start your script as procd service and set it to respawn forever Aug 13 13:06:05 didn't even think about procd Aug 13 13:06:09 cron will surprise your (axe wielding) colleagues and successors less. Aug 13 13:06:30 they'd have to figure out the horrible way I'm building stuff first so np :D Aug 13 13:06:50 just call it unitfile and they'll be okay with it ;) Aug 13 13:06:55 haha Aug 13 13:07:26 its really just so CPE can checkin every now and again and I can spot reboots and/or errors etc Aug 13 13:07:34 so timing doesn't really matter Aug 13 13:07:51 isn't cron included by default anyway, or did you disable it? Aug 13 13:08:11 I didn't think it had been enabled by default since pre-lede days Aug 13 13:08:14 but maybe I'm wrong Aug 13 13:08:23 its not started by default when no crontab is installed Aug 13 13:08:27 aaah Aug 13 13:08:58 I'd have to remember how to crontab too, been spoilt by systemd timers :D Aug 13 13:11:14 ok, yeah procd works better as I can also use the triggers Aug 13 13:28:23 lo Aug 13 13:28:45 o/ Aug 13 13:28:57 weird arse day Aug 13 13:29:21 i was told i am holding a workshop at the prpl summit Aug 13 13:29:44 bradley now owes me a favour Aug 13 13:29:48 :-D Aug 13 13:30:00 blogic: did you decide on a hotel yet? Aug 13 13:30:01 the deal was they accept his talk if i hold a workshop Aug 13 13:30:13 jow: no, will do this coming week Aug 13 13:30:24 allright, can you give me a call when you do? Aug 13 13:30:26 i might not make it for the whole summit but only 1 day Aug 13 13:30:30 sure Aug 13 13:30:35 i'll find out this week Aug 13 13:30:49 might have some family matters around that time that were not anticipated Aug 13 13:30:51 :/ Aug 13 13:33:11 jow, came across this issue yesterday. hw: archer c7v2 with 1806. i commented line 65 in /lib/netifd/proto/dhcp.sh to avoid disclosing router hostname Aug 13 13:33:43 worked fine in every situation but one: if the wan interface is tagged, dhcp requests don't go through Aug 13 13:34:07 ofc, now i've set proto dhcp, option hostname instead Aug 13 13:37:01 sorry I don't follow Aug 13 13:37:07 can't you simply not set option hostname ? Aug 13 13:37:17 i did, once i encountered the issue Aug 13 13:37:39 if the wan uplink is untagged, commenting that line works fine Aug 13 13:37:52 merely commenting the line "${hostname:+-x "hostname:$hostname"} \" will not work Aug 13 13:38:14 as it will embed a sole "#" in the final commandline which probably cuases udhcpc to mishandle the passed arguments Aug 13 13:38:17 according to wireshark it did prevent the hostname from being disclosed Aug 13 13:38:28 yeah, and everything else after, too most likely Aug 13 13:38:36 jow: currently you can't not send an hostname since https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=abdf0dea3ab6470b596096635a60fbe2e8d0dfff Aug 13 13:38:54 then set it to something meaningless Aug 13 13:38:54 but if the wan uplink is tagged/trunk i could not dhcp request on that iface (switch tagging/untagging worked fine ofc) Aug 13 13:39:14 found that "option hostname ' '" (note: space) disabled sending it at all Aug 13 13:39:16 ntd: delete the line instead of commenting it Aug 13 13:39:27 to keep subsequent args intact Aug 13 13:40:15 dhcp should work regardless of tagged-ness of the underlying interface, as long you don't try to use mixed mode (tagged and untagged on the same interface; several switches don't support that) Aug 13 13:40:20 I assume that placing a "#" in front of "${hostname:+-x "hostname:$hostname"} \" will cause udhcpc to mis-handle $vendorid $clientid $broadcast $release $dhcpopts Aug 13 13:40:41 what i'm saying is that it worked just fine if wan is untagged Aug 13 13:40:52 if wan is tagged the dhcp requests did not go through upstream Aug 13 13:41:09 probably coincidence and not related Aug 13 13:41:26 maybe you forgot to adjust the ifname Aug 13 13:41:30 no Aug 13 13:41:57 i fired up the isp cpe to verify Aug 13 13:42:27 if wan is untagged: worked fine. tagged directly towards the media converter: no hoy Aug 13 13:42:29 no joy Aug 13 13:42:34 how is that realted to the ifname read from /etc/config/network? Aug 13 13:42:50 dhcp on tagged wan has worked fine for me whenever I needed it, so most likely there is a configuration error at your side, or you are trying something the hardware can't do Aug 13 13:43:02 you did at least three different things at the same time (change swconfig, change wan ifname, change dhcp script) and conclude that they relate to each other Aug 13 13:43:14 i'm saying this only happens if that line in dhcp.sh is commented :) Aug 13 13:43:28 and I am saying because it causes subsequent args to get improperly processed Aug 13 13:43:34 ofc, moved on to setting option hostname :) Aug 13 13:43:37 10-4 Aug 13 13:43:42 maybe udhcpc ignores the entire cmdline then and simply uses eth0 as default fallback Aug 13 13:44:15 as I wrote twice already, placing a "#" in that very line will produce a broken cmdline Aug 13 13:44:26 mm, what methods does ubus {log,system,uci} take? Aug 13 13:45:22 oh, system is info iirc? Aug 13 13:45:32 jwh: ubus *-v* list Aug 13 13:45:33 i was unable to prevent vendorid from being sent, blank defaults to udhcpc*** Aug 13 13:45:35 oooh Aug 13 13:45:44 that is awesome, thx jow Aug 13 13:46:47 so much awesome Aug 13 13:47:31 now I need to figure out if jshn can merge stuff Aug 13 13:48:37 jwh: if you do not mind merging it as array you can use jsonfilter Aug 13 13:48:44 jwh: (ubus call system info; ubus call system board) | jsonfilter -a -e '@' Aug 13 13:48:55 oooh Aug 13 13:48:58 that will do Aug 13 13:49:54 according to https://wiki.openwrt.org/toh/netgear/wnr2000, wnr2000v5 support was added in https://github.com/lede-project/source/pull/1256 Aug 13 13:49:57 no images though? Aug 13 13:50:41 jwh: you need to use "ubus -S call ..." to disable pretty printing, that ensures one json object / line Aug 13 13:50:47 yeah Aug 13 13:52:22 ntd: "4 MB" - likely just failed to build due to size constraints Aug 13 13:52:55 also, any headway towards getting Mikrotik CRS125-24G and the like working? Aug 13 13:53:03 reading https://forum.archive.openwrt.org/viewtopic.php?id=48706 Aug 13 13:53:09 jow: hm, no -a Aug 13 13:53:34 'cause a 24-port switch running owrt would be oh-so-sweet Aug 13 13:54:08 I bought one years ago hoping it may happen :D Aug 13 13:54:16 but I don't think anybody has figured out the switch yet Aug 13 13:54:27 jwh: ah, then jsonfilter is likely to old Aug 13 13:54:35 aaaaaaaaaalso, the 125 actually sucks pretty bad as everything (including the sfp port) is on the same 1G cpu port Aug 13 13:54:49 jwh: I would advise against jshn for larger data quantities, it'll get very slow and ram hungry Aug 13 13:54:50 rather than connecting the sfp at least to a seperate port Aug 13 13:54:55 jow: oh, hm Aug 13 13:55:00 still beats six consumer routers for the same job :) Aug 13 13:55:13 ntd: mmm Aug 13 13:55:35 jwh: its better/easier to simply do the wrapping array in shell: echo "["; ubus -S call system info; echo ","; ubus -S call system board; echo "]" Aug 13 13:56:00 jsonfilter - 2016-07-02-dea067ad-1 - OpenWrt JSON filter utility Aug 13 13:56:23 2018-02-04-c7e938d6-1 Aug 13 13:56:37 oh, thats on Reboot Aug 13 13:56:41 haven't updated it yet Aug 13 13:58:21 maybe a kickstarter for a device with several AR8327 switches glued together? Aug 13 13:59:12 why would you want everything going through the cpu anyway? Aug 13 13:59:19 you wouldn't Aug 13 13:59:32 if you are doing layer3 forwarding you don't have a choie Aug 13 13:59:33 choice Aug 13 13:59:47 wotcha gonna do, put 4x1G ports to the cpu? you think the cpu will be able to handle it jus because you connected it? Aug 13 13:59:59 buuut, if its in+out on seperate ports its still less terrible than in+out on the same port Aug 13 14:00:01 ofc, but it would still be a 8+ port switch running owrt Aug 13 14:01:23 and since it's a kickstarter, why not go with a not-terrible cpu? Aug 13 14:02:16 good luck. Aug 13 14:03:08 I mean, if you want purely a switch, then yes something like the cr125 is fine (or if you don't want decent throughput) Aug 13 14:03:20 but really for a router you want at least a cpu connected wan port Aug 13 14:04:35 it's being sold for small office routing right? so the wan port is as fast as you're gonna get upstream internet speed for most purposes, and you get fast local switching. Aug 13 14:04:53 it doesn't have a wan port, thats the point Aug 13 14:04:55 heh Aug 13 14:05:02 the only ports it has are on the switch Aug 13 14:05:17 so anything that isn't switched is in+out on an already slow cpu Aug 13 14:07:51 with sev AR8327 the link between each constituent switch would ofc be limited by cpu Aug 13 14:08:34 but each "segment" would be fast Aug 13 14:08:42 a box with a couple of switch chips and a link between each other as well as cpu ports would be nice Aug 13 14:08:56 maybe also some dedicated ports for optics etc also Aug 13 14:09:21 start with an "essential" model, see if there's a market Aug 13 14:09:37 does cisco et al not already provide these? Aug 13 14:09:46 with IOS? sure Aug 13 14:10:05 thats pretty much why I wanted the rb2011, it has 2 switches, one per cpu port, so at least downstream customers aren't hairpinning the same port as uplink Aug 13 14:11:08 is there rb2011 support? Aug 13 14:13:46 ntd: yes Aug 13 14:14:16 but the 2nd switch is 100Mbps only iirc Aug 13 14:14:26 halleluja Aug 13 14:28:08 jow: ping Aug 13 14:28:23 https://patchwork.ozlabs.org/patch/956753/ any takes on this one ? Aug 13 14:30:40 lots of stuff Aug 13 14:32:20 from turris Aug 13 14:32:33 but all of it is backportage Aug 13 14:32:56 wonder if this a "works on my machine" (TM) like that RTC path that broke ont he units with no battery Aug 13 14:33:18 or that other crypto thing we recently had to disable in dts because it broke ipsec Aug 13 14:33:23 I have a deja vu, isn't there also a PR for the same stuff? Aug 13 14:33:29 well, honestly not idea Aug 13 14:33:30 KanjiMonster: is there ? Aug 13 14:34:22 the problem is that after people got money to add the mvebu support they ran off leaving the target unmaintained Aug 13 14:34:42 blogic pasted that one earlier today, KanjiMonster are you just remembering it again? Aug 13 14:34:48 that might be it Aug 13 14:34:48 and although i can feel it itch under my nails i am reluctant to pick up yet another target Aug 13 14:34:52 my hunch is that the huge pile of crypto patches will make bumping kernels more difficult and occasionally lead to build errors Aug 13 14:35:04 -EOUTOFCOFFEE for earlier Aug 13 14:35:07 additionally it will spawn bug tickets whcih will not get worked on becausen oone actually uses them Aug 13 14:35:18 I presumed some of those patches were to try and make it easier to patch, as there's inidividual patches fixing typos in the comments Aug 13 14:35:33 doesn't Hauke have access to an espressobin board? Aug 13 14:35:34 karlp: yep Aug 13 14:35:43 KanjiMonster: wow :-) Aug 13 14:36:07 wow? Aug 13 14:36:16 one dev with a board !! Aug 13 14:36:34 at least one person that can actually test that patch ;) Aug 13 14:37:17 blogic: i do have an old armadaxp, but that's far from a 388 ;p Aug 13 14:37:22 blogic: well, the idea to stay on a specific kernel was to have some form of stability, not importing all the latest goodness in the form of patches Aug 13 14:37:49 wigyori: i have a 1900ac v1 Aug 13 14:38:01 jow: yep Aug 13 14:38:19 i wonder if this can be packaged as an external kmod Aug 13 14:38:28 blogic: ah, that too - the one with the broken cpufreq Aug 13 14:38:34 no it cant be Aug 13 14:38:39 wigyori: yes Aug 13 14:40:23 sooo Aug 13 14:40:38 we can conclude that we dont trust it, see rebaing complicated and have no means to verify the patch Aug 13 14:40:50 so we will nak it ? Aug 13 14:41:34 personally I'd prefer to let it trickle down through stable Aug 13 14:42:54 I mean its ~40 patches for one crypto driver of one board we support Aug 13 14:43:17 they might be backports but still... Aug 13 14:55:10 i'm not exactly sure why isn't someone online here from turris Aug 13 14:56:58 wigyori: because they dont care ? Aug 13 14:57:10 wigyori: they only pushed stuff upstream after being flamed for 2 years Aug 13 14:57:28 they made moeny using owrt and never had the decency to even send us an email, let alone some free HW Aug 13 14:57:36 and you are suprised ? :-D Aug 13 14:58:42 DonkeyHotei: ping, query? Aug 13 15:01:49 ok Aug 13 15:11:24 blogic: i'm guessing my rtc backports broke the wrt1900ac. i think the conclusion at the time was to disable it since there's no battery or crystal. Aug 13 15:14:50 mangix: correct Aug 13 15:22:05 since their repo is public, why don't we just lift changes? Aug 13 15:22:29 (re; upstreaming) Aug 13 15:22:39 jwh: the poitn is why should _we_ have to go out and reach for it all Aug 13 15:22:44 jwh: because thats not the way it works Aug 13 15:22:46 well absolutely we shouldn't, no Aug 13 15:22:49 but they're obviously shit Aug 13 15:22:58 so you want to reward them for being shit? Aug 13 15:23:00 that would be even supporting their business model Aug 13 15:23:06 mmm, I guess Aug 13 15:23:08 blogic: ping Aug 13 15:23:51 board support would be nice though heh Aug 13 15:23:59 jow: hi Aug 13 15:24:08 ugh, now I have a libftdi1 build error, even when I deselect it in menuconfig Aug 13 15:24:35 reading a one part of a conversation is always funny Aug 13 15:25:09 although I didn't consider that it would fund them Aug 13 15:27:28 blogic: i am here online from turris Aug 13 15:27:36 (sent the patches) Aug 13 15:27:41 sorry for not being here for the discussions Aug 13 15:29:20 the thing is that i want to support the newest turris router, mox, in bare openwrt, not just turrisos Aug 13 15:29:37 but of course the safexcel is not mandatory for that Aug 13 15:30:10 will you at least be open to accepting ~6 patches for mvebu kernel to support turris mox? i will send them once they will be accepted into mainline Aug 13 15:30:19 sure Aug 13 15:30:22 two of those are to support watchdog for armada 37xx Aug 13 15:30:26 40 patches is just a lot to backport Aug 13 15:31:34 yes, those 40 patches were sent to support safexcel on a37xx, i backported all needed patches from mainline kernel so that it worked on 4.14 Aug 13 15:32:32 basically most of them are some bug fixes and cosmetic fixes Aug 13 15:32:54 only one is big enough to worry, i think: crypto: inside-secure - EIP97 support Aug 13 15:32:58 that one is the biggest Aug 13 15:35:06 although now when i think about it, for the full support of turris mox there will be needed some more patches to 4.14, which were just recently merged into net-next (converting DSA and mv88e6xxx phylink, so that a SFP can be connected to a dsa port) Aug 13 15:35:33 i think you would not be very happy with those as well, since they can break things Aug 13 15:35:48 but i can test them on omnia as well, which is a 32bit mvebu board Aug 13 15:35:53 does anyone here have clearfog? Aug 13 15:36:34 a what ? Aug 13 15:36:43 mvebu is only used by belkin and turris Aug 13 15:37:03 both have a track record of not interacting witht he project, using the name and not providing any HW Aug 13 15:37:22 no offence meant and we know it was not your decision and value your interaction Aug 13 15:37:39 but yeah, mvebu is essentially unmaintained with no one really caring about it Aug 13 15:38:03 OpenWrt mishandles access control in /etc/config/rpcd Aug 13 15:38:06 could you create a git tree somewhere with all you pacthes so that we can have a look at the whole lot please ? Aug 13 15:38:08 CVE-2018-11116 Detail Aug 13 15:38:11 https://nvd.nist.gov/vuln/detail/CVE-2018-11116 Aug 13 15:39:17 Tapper: hmmz, seen that before Aug 13 15:39:22 https://www.solid-run.com/marvell-armada-family/clearfog/ Aug 13 15:39:45 blogic is it fixt? Aug 13 15:40:01 or is it anything to get worked up about? Aug 13 15:40:03 not sure Aug 13 15:40:03 blogic: i think if i told them at work to send you some boards to test on they would be willing to... Aug 13 15:40:25 kab-el: we could do with several boards i guess Aug 13 15:40:37 jow: would most likely want one Aug 13 15:40:39 wigyori: aswell Aug 13 15:40:41 Hauke: also Aug 13 15:40:49 mkresin: will surely take one Aug 13 15:41:03 ldir aswell, but he is not online Aug 13 15:41:07 and probably others aswell Aug 13 15:42:58 I cant find what build of openwrt that cve is from Aug 13 15:43:52 is it safe to kill rpcd? what is it used for? Aug 13 15:44:14 Tapper: you can read that as, "root users can do root things, behaves as designed, if you want more acls, write them" Aug 13 15:44:38 default install is only a root webuser, so yes. root webuser can do root things... Aug 13 15:44:45 Yeah I was just thinking that Aug 13 15:45:31 but yes, they may mean that some of the acls are "*" not "root" ? Aug 13 16:09:07 last friday I was making json-rpc calls from my own luci page without explicitly logging in, I thought it was just handling the fact that I was logged in to luci, today I'm just getting 403s. is there some luci page that logs me in automatically that I overlooked? Aug 13 16:09:19 I don't really have to make json-rpc auth calls and maintain them do I? Aug 13 16:19:43 i guess it's possible I tried it once from the command line and it got saved as me logged in somehow? Aug 13 16:38:47 karlp: that is what i recall Aug 13 16:38:59 that the bug is basically that we run everything as root Aug 13 16:51:22 well, that's very much not what the cve says. Aug 13 16:51:48 hrm, even if I did login from the cli using curl, that shouldn't have made my browser js do rpc calls properly. Aug 13 16:51:52 and they definitely worked. Aug 13 16:52:04 somehow my browser got authed to rpcd. Aug 13 16:55:26 ok Aug 13 16:55:41 i am failing to follow the cve and will have a look tomorrow Aug 13 17:04:37 KanjiMonster: yes I hve a espressobin Aug 13 17:23:20 blogic: kenrel 4.15 has phylink support for SFPs, it is backported for the marvell target Aug 13 17:28:44 sysupgrade -n is failing due to inuse device? https://zerobin.net/?36936cf5ab3abb56#5zi4/lLpiYEX9Jk3s5WPfk/b6bWG4r9isOLOfJQXH3U= what would cause that? Aug 13 17:30:38 Tapper: blogic:karlp: That CVE was already mentioned in the forums: https://forum.openwrt.org/t/rpcd-vulnerability-reported-on-vultdb/16497 Aug 13 17:30:38 jow even commented about it Aug 13 17:31:07 From jow: The reported issue is completely bogus. The name of the ACL group "hac425": { has nothing to do with the associated user. The list read '*' and list write '*' options in his /etc/config/rpcdconfiguration are whats granting the hac425 ACL to the account. Aug 13 17:31:22 K thanks luaraneda Aug 13 17:33:00 kab-el: the phylink patches for mvebu are already in OpenWrt, if you want to update them to better match upstream it would be nice Aug 13 17:34:46 kab-el: I am also intrested in a turris mox, I have a wrt1200ac and a expressobin and use them to test the mvebu target **** BEGIN LOGGING AT Mon Aug 13 17:38:01 2018 Aug 13 17:39:16 Hauke: ok Aug 13 17:40:15 Hauke: do you know about phylink ? Aug 13 17:40:23 is there an associated userland tool ? Aug 13 17:49:12 Hauke: I tried updating the mvebu patches with what actually made it upstream. They require either modification or extra patches to be backported Aug 13 17:57:20 blogic: mangix: I just took the patches for kernel 4.13 from russel king and ported them to 4.14 to gt the mvebu target working with kernel 4.14 Aug 13 17:57:29 then KanjiMonster tetsed it and fixed some bugs Aug 13 17:57:51 I did had a closer look at it, but it looks intresting, just need a device at home which uses it ;-) Aug 13 17:58:10 russel added it upstrea Aug 13 17:58:35 I think it is good that turris is finally adding support for their device supstream Aug 13 17:59:23 kab-el: Hauke: i agree Aug 13 17:59:35 Hauke: so we have the ubnt mt7621 device with sfp Aug 13 17:59:41 Rene__: is working on it Aug 13 17:59:50 blogic: I think some mediatek devices also have a EIP-97 , did you had a look at it? Aug 13 17:59:51 i just pinged [florian] about phylink Aug 13 17:59:57 yarp Aug 13 18:00:05 magic glue magic Aug 13 18:00:39 right, kids in the bathtub Aug 13 18:00:43 need to wash the hair Aug 13 18:00:48 bbiab or tomorrow Aug 13 18:01:33 blogic: see you Aug 13 18:02:18 actually this is the fun part of the day Aug 13 18:02:50 i'll spend the next hour+ reading mia&me episode 3 books ;-) Aug 13 18:03:06 :D Aug 13 18:14:34 the turris omnia situation with SFP is horrible though. Aug 13 18:15:09 it probably will not work for a long timw as it switches between SFP and eth2 depending on which is plugged it Aug 13 18:15:12 *in Aug 13 18:15:26 anyway Aug 13 18:15:45 I may revisit refreshing the patches again Aug 13 18:16:42 I threw that work away as I noticed an unexplained performance drop, that I later realized was because I was using a USB 2.0 cable on the gigabit ethernet adapter Aug 13 18:30:50 mangix: I really wonder who thought that would be good idea. It's almost on the same level as mikrotik sharing a single gpio both as a button-input and I think mdio gpio clock output line or so Aug 13 18:33:56 KanjiMonster: hmm? using the switch for LAN and eth2 for WAN seems simpler Aug 13 18:36:53 mangix: don't they have two eth's going to the switch and one to wan/sfp? Aug 13 18:37:49 the clearfog pro has a reasonable setup with one eth for lan/switch, one eth for eth-wan, and one eth for sfp Aug 13 18:38:04 yeah they basically took the wrt1900ac design and added another ethernet port Aug 13 18:38:28 the other ethernet port is used for WAN Aug 13 18:38:49 one side benefit if this is DSA without the slowdown from only 1 port Aug 13 18:40:10 but it isn't a dedicated wan port, it's just the way the switch ports are setup Aug 13 18:41:06 the second port in the switch? Aug 13 18:42:49 the second cpu port is connected to the second eth Aug 13 18:43:04 fun fact: dsa still doesn't support more than one cpu port Aug 13 18:45:25 hrm Aug 13 18:45:59 Hauke: I have a working version. But SFP port is connected to the switch. I was hopping that it can talks to 2nd GMAC. Aug 13 18:46:22 back when the turris omnia patch was using swconfig, I swore LAN was connected to eth0 and eth1 with WAN being eth2 Aug 13 18:46:43 and SFP not working of course Aug 13 18:47:55 and yes DSA doesn't support two CPU ports. But because of the design, I still get gigabit speeds Aug 13 18:48:56 mangix: right, I misremembered, it just has both eth's to the switch for lan Aug 13 18:49:10 wan and sftp share one eth Aug 13 18:52:24 Rene__: if the sfp is connected to a switch port, then the best bet is DSA where the switch port is exposed as a virtual ethernet port, so the normal mdio probing etc works (or should work), and no need to tie it to any physical ethernet interfaces Aug 13 18:52:28 mangix: i was in contact with rusell king and andrew lunn about those problems of omnia Aug 13 18:52:57 mangix: once i am free from my work on mox i am going to work on those Aug 13 18:53:42 mangix: supporting 2+ CPU ports in DSA is not that hard, according to Andrew Lunn, most of the work is done for that Aug 13 18:54:04 mangix: the SFP vs wan port is different Aug 13 18:54:15 mangix: there is no abstraction yet in phylink to support something like that Aug 13 18:54:28 mangix: so this will be more difficutl Aug 13 18:54:33 *difficult Aug 13 18:55:06 kab-el: blogic was working on 2 CPU ports for DSA. Something about upstream constantly being a moving target Aug 13 18:55:23 so nothing got merged Aug 13 18:55:27 yes, i saw the patches proposed by blogic Aug 13 18:56:19 that's how i know that most of the work is done Aug 13 18:56:33 and also andrew told me Aug 13 18:57:12 the problem is how to connect each cpu port to each lan port by default (which to which) Aug 13 18:57:52 KanjiMonster: SFP port is connected to external phy at8033. But the ephy, switch port5 and 2nd GMAC share pins. You have a choice when you know which bits to set. 2nd GMAC <> sw p5 (talks to P0 or P4) or sw P5 <> ephy or 2nd GMAC <> ephy. Aug 13 18:58:04 huh Aug 13 18:58:09 andrew proposed that the default should be alternating (lan0-cpu0, lan1-cpu1, lan2-cpu0, lan3-cpu1, ...) Aug 13 18:58:22 is that a static or dynamic assignment? Aug 13 18:58:49 Rene__: so is there a sfp cage or not? Aug 13 18:58:58 some other guy proposed that the default connection should be specified in device tree, but that is of course unacceptable Aug 13 18:59:22 KanjiMonster: yes it has a cage. Aug 13 18:59:51 Rene__: just wondering where the at8033 comes from Aug 13 19:00:19 KanjiMonster: at8033 is a sgmii to rgmii converter. Aug 13 19:00:32 kab-el: ideally if the switch supports bonding, both eths could be just bonded, couldn't they? Aug 13 19:00:34 kab-el: what's wrong with specifying in DTS? Aug 13 19:01:20 * mangix never considered bonding Aug 13 19:01:22 hmmmmm Aug 13 19:02:05 let the switch take care of load balancing between the eths ;) Aug 13 19:02:39 oh i see Aug 13 19:02:40 broadcom switches support that, and I would be surprised if marvell switches don't Aug 13 19:02:57 mangix: device tree should only specify how each hardware parts are connected to each other, not how their software should behave Aug 13 19:03:06 mangix: that is why something like that wont be accepted Aug 13 19:03:43 is that not currently the case with lan1-5 and wan? Aug 13 19:03:50 KanjiMonster: i dont think those switches support bonding Aug 13 19:04:26 mangix: no, nowhere in dts is specified which of those ports are connected to which cpu port... Aug 13 19:05:17 messing around with DSA is no way to play. bond that bitch of a switch like fifty shades of gray! Aug 13 19:05:23 lol Aug 13 19:05:51 basically dts should define in a tree like structure how hardware parts are connected. Something which can be then changed in software (for example which cpu port in switch should be connected to which lan port) should not be defined in device tree, since it can be changed by software Aug 13 19:06:02 I dont even know what I am on about but sounded cool in my head! Aug 13 19:07:21 kab-el: that makes no sense. the omnia switch design is the same as the linksys WRT series. It just has wan renamed to lan5 Aug 13 19:07:25 * Tapper thinks I need some sleep! Aug 13 19:08:27 there's nothing different from a hardware point of view about it Aug 13 19:13:10 anyway, this sounds like it should be based on the switch design. Either bond or specify 1 for WAN and the other for the LAN ports. And in the case of omnia, ¯\_(ツ)_/¯ Aug 13 19:20:43 blogic: is "kernel: add a RPS balancer" the one you asked me to test on an SMP system some time ago? Aug 13 19:21:31 o/ stintel Aug 13 19:21:55 Borromini: o/ Aug 13 19:21:56 * Borromini is going to roll a master build for his wndr3700 on ath79 <3 Aug 13 19:22:10 ah my Unifi AP AC Pro is already running it Aug 13 19:22:19 unfortunately ath10k still pooping itself Aug 13 19:22:34 so I'm going to try -ct again Aug 13 19:22:48 :( Aug 13 19:23:05 i don't hear my brother complain so no idea if 18.06 is any better on that front Aug 13 19:23:10 he has the Pros as well Aug 13 19:23:57 people suggest it might be 11w related Aug 13 19:24:14 stintel: Which radio is in those again? Aug 13 19:25:04 [ 58.657695] ath10k_pci 0000:00:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043202ff sub 0000:0000 Aug 13 19:25:04 kab-el: at least the 88e6171 supports port trunking/load balancing (which AFAICT on a first glance would basically allow both eths used as one 2 gig interface to the switch) - I would assume the 88e6176 does as well Aug 13 19:25:57 [ 11.888025] ath10k_pci 0000:00:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043202ff sub 0000:0000 Aug 13 19:26:08 stintel: I haven't been able to upset mine for, well, ages. Aug 13 19:26:15 looks like it's exactly the same in UAPACPRO and DAP2695 Aug 13 19:26:28 stintel: btw - what is your overlay formatted as on your APU2? Aug 13 19:26:28 stintel: I just got a UAP-AC-PRO and mine seems to work fine with ath10k-ct and the -ct-htt FW. Aug 13 19:26:40 Monkeh: once I connect my Gemini PDA (Android, mediatek) -> crash within 24h Aug 13 19:26:56 About that ath10k thing, I'm thinking on activating 11w to at least have more data/statistics. I have 2.4 GHz and 5GHz radios (IPQ4019), and have been stable for some time Aug 13 19:26:56 I have two (working) HH5As which I haven't been able to trip over for a while now Aug 13 19:27:21 Monkeh: Is that also with the -ct FW? Aug 13 19:27:22 * Borromini hasn't dared switching on 11w Aug 13 19:27:30 mamarley: Yes Aug 13 19:27:41 ah but you're running -ct Aug 13 19:27:55 mamarley: Upstream is holding a hand grenade with the pin out Aug 13 19:28:01 stintel: Yes, because upstream fw is useless Aug 13 19:28:19 well I tried -ct but in all combinations it was unusable (couldn't stream 720p video in bedroom, iperf was like 20x slower) Aug 13 19:28:40 but I'm going to try -ct again, do some testing, report to Ben Aug 13 19:28:45 Which I cannot reproduce Aug 13 19:28:56 I actually get slightly better performance out of -ct Aug 13 19:29:03 So yeah, work with greearb Aug 13 19:29:29 I can get 170mbps to my phone with an unobstructed path to the WAP. I don't have any laptops with AC to test. Aug 13 19:30:15 At the far end of my house, it falls to 60ish, which is about the same amount I get with a direct line-of-sight on 2.4. Aug 13 19:36:06 I have found, however, that at least with the ath79 build for UAP-AC-PRO, the LED brightness seems to be inverted (0 is on and 255 is off). Aug 13 19:36:23 mine is blinking blue all the time Aug 13 19:37:13 The default mode seems to be blinking to indicate activity, but I found that distracting, so I wanted to set it steady on. To achieve that, I actually had to set it steady off. Aug 13 19:38:30 But other than that, it works great so far. Aug 13 19:39:25 I even wrote a crude band-steering script for it that boots clients off of 2.4gHz if they have been seen before on 5gHz and have a good enough dBm on 2.4gHz to indicate they are within the 5gHz coverage area. Aug 13 19:40:07 (Otherwise, my phone would always connect to 2.4gHz when as I approached my house and got into the zone with 2.4gHz and no 5gHz.) Aug 13 19:40:59 So, how do I check if 11w is enabled? anything particular in /var/run/hostapd-phyX.conf? Aug 13 19:41:15 luaraneda: grep ieee80211w /var/run/hostapd-phyX.conf Aug 13 19:41:50 stintel: Thanks Aug 13 19:42:55 stintel: On ath10k-ct, was your performance problem cause by 11w? Aug 13 19:43:05 mamarley: no idea Aug 13 19:44:05 ugh, looks like I'm unable to build again Aug 13 19:44:13 hope it's not that libftdi1 problem here as well Aug 13 19:44:30 it's being built even when it's disabled in .config Aug 13 19:45:01 as a dep for sth else? Aug 13 19:45:13 stintel: could you tell me what FS your APU2 overlay is using? Aug 13 19:45:30 cause i'm having problems with mine retaining settings between sysupgrades Aug 13 19:45:34 Borromini: oh sorry I missed your question due to 3 hilights at the same time :P Aug 13 19:45:42 Borromini: ext4 - it's how I noticed the ext4 corruption bug Aug 13 19:45:46 yeah i figured :P Aug 13 19:45:48 no worries :) Aug 13 19:46:00 stintel: ok so you're using combined-ext4? Aug 13 19:46:04 da Aug 13 19:46:07 yes* Aug 13 19:46:15 mine is F2FS for some reason. Aug 13 19:46:18 overlay i mean. Aug 13 19:46:19 that's normal Aug 13 19:46:28 if you use squashfs? Aug 13 19:46:31 yeah. Aug 13 19:46:48 ext4 doesn't use an overlay ;) Aug 13 19:46:51 i tried reverting to combined-ext4, settings don't stick there anymore either. Aug 13 19:46:55 ok Aug 13 19:46:56 weird Aug 13 19:47:01 yeah very much so :-/ Aug 13 19:47:11 annoying as well because that means no remote upgrades anymore. Aug 13 19:47:11 are you changing partition sizes between flashes maybe? Aug 13 19:47:24 no, always the same images being flashed Aug 13 19:47:27 8/250 M Aug 13 19:47:29 because I recall a bug, if the partition layout changes, it does a full flash -> bye bye settings Aug 13 19:47:51 i reset the partition settings to default (16/256) and will see if that improves any Aug 13 19:48:28 since the sysupgrade backup's a tarball, i figure once you restore it, there shouldn't be any FS issues in play when you upgrade from squashfs to another squashfs etc Aug 13 19:48:55 yeah but the backup is saved in the boot partition Aug 13 19:49:05 oh Aug 13 19:49:08 i didn't know that Aug 13 19:49:12 and then restored during next boot Aug 13 19:49:17 hmm Aug 13 19:49:25 i also already just dd'ed the SSD Aug 13 19:49:49 took it out, put it in another system, dd'ed the squashfs image to it, put it back into the APU2, issue persisted Aug 13 19:49:59 maybe 8 M is a bit too small Aug 13 19:50:13 (since 16 is default it seems) Aug 13 19:50:17 depending on what you have that needs to be saved, that might very well be Aug 13 19:50:20 my /boot is 256MB Aug 13 19:50:33 ok :) my setup is pretty lean Aug 13 19:50:38 because domoticz Aug 13 19:50:59 and thus a big bunch of settings? Aug 13 19:51:00 and maybe some stuff in /tftpboot Aug 13 19:51:10 7.8M /tftpboot/ Aug 13 19:51:18 5.7M /var/lib/domoticz/ Aug 13 19:51:20 etc :) Aug 13 19:51:22 3 out of 8M used on /boot Aug 13 19:51:36 well you could sysupgrade -b /tmp/blah.tgz Aug 13 19:51:39 ah yes everything you want to keep gets dumped in /boot? Aug 13 19:51:41 and check its size Aug 13 19:51:51 yeah should do that. thanks for the pointers. Aug 13 19:51:53 np Aug 13 19:52:37 going to build my ath79 profile for all my old ar71xx stuff again. Aug 13 19:52:43 Another thing I like about these UAPs is that they are dirt simple to "debrick", just hold down the reset button while powering on and TFTP. Aug 13 19:53:04 mamarley: my DAP-2695 has a DB9 serial port Aug 13 19:53:08 > UAP :) Aug 13 19:53:22 stintel: Did it come like that or did you add it? Aug 13 19:53:24 and 6 external antennas Aug 13 19:53:27 mamarley: stock Aug 13 19:53:33 jow: what do you think of https://github.com/openwrt/packages/pull/6752? Aug 13 19:53:53 it's the reason I bought it, even though it was at least twice the price of the UAP Aug 13 19:54:04 That's pretty impressive. Aug 13 19:54:05 maybe even 3x Aug 13 19:54:34 and then I was able to buy a 2nd one for 60 euro or so Aug 13 19:54:44 The main reason I got the UAP though is because it is good-looking enough to be discreetly ceiling-mounted without one's family complaining about it. Aug 13 19:54:45 a friend ordered it for a client but they weren't happy with it :) Aug 13 19:55:56 Is hnyman ever on IRC? What's his handle? Aug 13 19:56:22 philipp64: i don't think so, although he is ubiquitous on github/the forum Aug 13 19:59:09 "21:07:20 mangix │ kab-el: that makes no sense. the omnia switch design is the same as the linksys WRT series. It just has wan renamed to lan5" Aug 13 19:59:18 mangix: what doesn't make sense? Aug 13 19:59:25 Borromini: thanks. Aug 13 19:59:41 mangix: i was talking about device tree, not omnia/linksys Aug 13 20:02:18 mamarley: if the dsa driver in kernel were written in a way that it would be possible/mandatory to specify *in DTS* which cpu port of a given switch should be, inside the switch, connected to which lan/wan port, it would be against the idea of what a device tree is Aug 13 20:02:18 mamarley: sorry that message was not for you :) Aug 13 20:02:18 mangix: ^^ Aug 13 20:02:19 philipp64: yw Aug 13 20:09:33 o_O Aug 13 20:09:34 /home/build/lede/staging_dir/toolchain-mips_24kc_gcc-7.3.0_musl/bin/../lib/gcc/mips-openwrt-linux-musl/7.3.0/../../../../mips-openwrt-linux-musl/bin/ld: cannot find -ltirpc Aug 13 20:09:37 what the Aug 13 20:10:17 ah, that was added as dep to lsof Aug 13 20:10:35 but I need to scripts/feeds install it first Aug 13 20:12:46 stintel: just checked, tarball is 25KB... can't be the issue :P Aug 13 20:15:05 night gents. Aug 13 20:15:44 Is Etienne ever on IRC? Aug 13 20:18:15 stintel: Do you have ieee80211w set to 1 or 2? Aug 13 20:24:30 mamarley: 1 Aug 13 20:24:44 Thanks! I have just set that and I will see how it works. Aug 13 20:26:06 lynxis: what is this prototype fund? Aug 13 20:29:53 lynxis: found this: https://prototypefund.de/en/ Aug 13 21:34:53 I don't know what's going on my c7-v2 has bin chugging along for 5 days no bother. Then about 5 o'clock It just started to drop clients from 5 GHZ and it's still doing the same after reboots! Aug 13 21:34:56 Monkeh: https://github.com/greearb/ath10k-ct/issues/31 Aug 13 21:35:30 Monkeh: with -ct firmware -> performance drops with more than 50^ Aug 13 21:35:34 50% Aug 13 21:35:50 and with -ct-htt it's almost with 90% Aug 13 21:38:42 -ENOREPRODUCE Aug 13 21:38:43 :P Aug 13 21:38:53 I am starting to think my C7 mite have a fault! Aug 13 21:41:02 Monkeh: apparently -ct-htt does not like 11w Aug 13 21:41:14 Tell that to mine? Aug 13 21:41:30 if I disable it, performance is on par with stock Aug 13 21:42:30 Monkeh: are you running -ct-htt or just -ct firmware Aug 13 21:42:49 greearb: ping ^ Aug 13 21:42:55 -ct-htt. Aug 13 21:43:01 ok Aug 13 23:06:10 stintel: I can't reproduce either, sorry. Even with 11w on, I am still getting good numbers. In fact, I just maxed out my Internet downlink over WiFi for the first time ever. :( Aug 13 23:06:23 mamarley: Are you certain the client was using .11w? Aug 13 23:06:34 I just double checked myself on that.. and proceeded to confirm the issue. Aug 13 23:06:41 Monkeh: How can I be certain of this? Aug 13 23:07:03 mamarley: iw dev station dump - look for MFP Aug 13 23:08:23 Monkeh: Just a sec, I can't do that on Android, so I have to figure something else out. Aug 13 23:08:33 mamarley: On the AP Aug 13 23:08:43 Ah, OK. One sec… Aug 13 23:09:31 "MFP: no" darn Aug 13 23:23:14 It doesn't look like any of the devices I own (besides the WAP) actually support 11w. Aug 13 23:38:46 ath5k, ath9k, ath10k should (tested), ipw2200 doesn't Aug 13 23:43:42 All my devices except for the WAP and my phone have various Intel wireless chipsets. Aug 14 00:11:43 mamarley: both android and networkmanager need to be fairly recent to support 11w Aug 14 00:11:51 even though wpa_supplicant supports it for ages Aug 14 00:55:39 * mamarley has a Pixel XL with Android 9. **** ENDING LOGGING AT Tue Aug 14 03:00:01 2018