**** BEGIN LOGGING AT Mon Sep 09 02:59:58 2019
Sep 09 05:56:03 <novski_> Im not sure if i have found some bugs in target linkit 76x8 does a developer have this board?
Sep 09 05:57:03 <novski_> Or is a person responsible for this target?
Sep 09 07:06:42 <jow> 'lo
Sep 09 07:09:49 <Tapper> Good morning
Sep 09 11:03:37 <jow> hm, what is needed to get a full wpa with wpa3 support?
Sep 09 11:04:05 <jow> allegedly "wpad" contains sae and owe support but  hostapd -vowe; echo $?   indicates otherwise
Sep 09 11:04:47 <hellsenberg> sanity check: do you use wpad or wpad-mini?
Sep 09 11:04:55 <jow> I use wpad, not mini
Sep 09 11:05:22 <jow> but it seems the feature indication patch was not properly updated
Sep 09 11:06:05 <hellsenberg> ack
Sep 09 11:06:20 * hellsenberg squeezed wpad into a 32/4 device to get 802.1x support
Sep 09 11:08:56 <gch981213> jow: there's a wpad-openssl and a wpad-wolfssl
Sep 09 11:09:19 <gch981213> Either one works.
Sep 09 11:09:24 <gch981213> *both
Sep 09 11:14:29 <jow> gch981213: ah indeed, the -openssl falvor workds
Sep 09 11:14:37 <jow> the package descriptions are missleading then
Sep 09 11:15:10 <jow> both wpad and wpad-openssl claim to be the "full featured IEEE 802.1x/WPA/EAP/RADIUS Authenticator and Supplicant"
Sep 09 11:22:05 <olmari> Jow: I think (not 100% sure) that until wpa3 came wpad was
Sep 09 11:23:35 <olmari> But yes, currently stuff isn't exactly crystal clear anymore regarding generally "how to wpa3 on owrt"
Sep 09 12:30:17 <stintel> anyone ever heard of https://pulpstone.pw/ ?
Sep 09 12:32:37 <stintel> apparently there's been some posts about it in the forum
Sep 09 12:32:57 <stintel> I don't see any sources for these build
Sep 09 13:13:25 <kristrev> 1000 types of USB modems, not bad
Sep 09 14:09:26 <southey> so i hate to be that guy but, what is happening with the 19.07 release now? was the branch just cut too early or something?
Sep 09 14:20:39 <Tapper> Hi southey the 19.07 branch is still short of a cuppel of fixes, but I think we should be ready for a RC soon from what I have read on the ML
Sep 09 14:21:37 <Tapper> There is some LUCI stuff that needs sorting out to
Sep 09 14:24:31 <southey> ah i see, thanks
Sep 09 14:27:45 <Tapper> southey mp.
Sep 09 16:45:20 <Hauke> jow: WPA3 is SAE and this uses ECDH which is not supported with the crypto layer inside of hostapd, so openssl or wolfssl are needed
Sep 09 16:47:16 <olmari> Hauke: yeah, I also don't think "why" was in the question directly, but more of basically no2 lying package description about "fully working" or what was the exact thing anyways :)
Sep 09 16:47:29 <olmari> s/no2/now
Sep 09 16:47:50 <Hauke> yes that should be fixed ;-)
Sep 09 16:49:23 <stintel> what about simply dropping the wpad variant and rename wpad-{open,wolf}ssl to wpad-full-{open,wolf}ssl ?
Sep 09 16:50:03 <olmari> I'm glad that I have nowadays just deasant enough devices as AP's where I can fit openssl in, with wpa3, uhttpd, and whatnot stuff that can use that too
Sep 09 16:50:20 <olmari> stintel: filesizes?
Sep 09 16:50:44 <Hauke> we should really clean up the hostapd packages
Sep 09 16:50:52 <stintel> I had to throw away some stuff for my uap-ac-pro for the image to be small enough to allow the jffs partition to be formatted
Sep 09 16:50:53 <Hauke> I think we have too mayn variants and it is confusing
Sep 09 16:50:59 <stintel> fully agree
Sep 09 16:51:15 <stintel> olmari: well those devices can use -basic or -mini variants
Sep 09 16:51:57 <olmari> I also agree that situation isn't optimal :)
Sep 09 16:53:30 <olmari> stintel: thing is that wpad-full is still plenty smaller totally than -openssl.. then again I don't know is that real issue...
Sep 09 16:53:59 <olmari> (I'm also not directly against any option, but opinions... man they are plenty and others suck ;D )
Sep 09 17:31:02 <mangix> jow: ping
Sep 09 17:35:41 <blogic> Hauke: and the wpad and wpas ..
Sep 09 17:35:55 <blogic> Hauke: i get cinfused all the time
Sep 09 17:40:54 <Tapper> It's all so not clear to me what you do and don't get with the wpad- packages!
Sep 09 17:41:32 <Tapper> + the hostapd  packages
Sep 09 17:41:51 <greearb_> anyone using ath10k-ct 5.2 driver?  If so, what all needs doing to compile that into openwrt?
Sep 09 17:43:14 <greearb_> It seems to have most of what is needed for ap-vlans, where 4.20 and earlier does not
Sep 09 17:44:29 <mamarley> greearb_: I am.  I'm running a patch you suggested quite some time ago that removes "if (WARN_ON(types & BIT(NL80211_IFTYPE_ADHOC) && c->beacon_int_min_gcd)) return -EINVAL;" in net/wireless/core.c, though I'm not 100% sure that is necessary anymore.
Sep 09 17:44:47 <greearb_> likely it is, don't think upstream fixed it
Sep 09 17:45:07 <greearb_> you had to pull down a different backports as well?
Sep 09 17:45:45 <mamarley> Yeah, I'm running backports 5.3-rc4 that I pulled from one of Hauke's trees at some point.
Sep 09 17:51:45 <Hauke> mamarley: backports-53-rc4 was pushed to master
Sep 09 17:52:08 <olmari> Tapper: general problem is that historically there is allways stuff that being added to hostapd, so getting bigger and bigger.. thus hostapd "mini" was done to cater only exact needs of average home user.. then fuller versions that has coporate stuff etc, then let's not forget mesh and whatnot stuff.. and now at "latest" the WPA3 that so far can only be done with wull openssl or wolfssl
Sep 09 17:52:10 <Hauke> you only have to modify the ath10k-ct Makefile and add this patch
Sep 09 17:53:02 <Tapper> olmari ok
Sep 09 17:53:27 <Tapper> what about wpad-  then?
Sep 09 17:54:20 <olmari> wpad is then hostapd and psk-supplicant multi-binary, to originally reduce size of both separately
Sep 09 17:54:23 <mamarley> Hauke: It was?  Sorry, I didn't notice.
Sep 09 17:54:29 <olmari> similar to busybox concept
Sep 09 17:55:48 <Tapper> So in my config for wrt3200acm hostapd is auto selected, but wpad is not.
Sep 09 17:57:11 <Tapper> btween hostapd and wpad I count 10 packages.
Sep 09 17:57:32 <Tapper> between*
Sep 09 17:58:11 <olmari> Tapper: I can't remember all the details, but in general indeed wpad is just both wpa-supplicant and hostapd in one, to save space (on the early 2000's routers not having any 😉 )
Sep 09 17:58:30 <Hauke> we have 20 variants of hostapd, wpa_supplicant and wpad
Sep 09 17:58:40 <Tapper> dam!
Sep 09 17:58:55 <olmari> it doesn't help nowadays that there indeed is kind of too many variations of hostapd and thus similar amounts of wpad
Sep 09 17:59:51 <Tapper> Sounds like it needs streamlining.
Sep 09 18:02:06 <olmari> Maybe the suggestion is okay, where remove some arbitary "mid-sized" packages and have -openssl called "full" or to be default or something along lines... maybe buildroot user could then choose more cherrypicking what methods is wanted if really caring to do that (but that needs proper menuconfig magic then)
Sep 09 18:08:21 <Hauke> I would like to upgrade hostpad to version 2.9 in master and backport the security fix patches to 19.07, or should I also upgrade this to 2.9?
Sep 09 18:40:47 <greearb_> mamarley, you happen to know how to setup and/or use the ap-vlan feature?  I think I have support enabled in my FW/driver now, but not sure a good way to test.
Sep 09 18:41:07 <mamarley> greearb_: Nope, this is the first I have heard of that, sorry.
Sep 09 18:43:04 <greearb_> no worries
Sep 09 18:44:00 <greearb_> if google can make customers do the testing, I guess I can too :)
Sep 09 18:47:14 <mamarley> https://en.wikipedia.org/wiki/List_of_burn_centers_in_the_United_States
Sep 09 18:52:08 <Hauke> greearb_: what is the ap-vlan feature?
Sep 09 18:52:52 <greearb_> I guess stations(s) can be grouped into vlans, and traffic segregated, maybe a way to do guest + others, or similar.
Sep 09 18:53:40 <mamarley> Like VLAN-tagging wireless traffic?
Sep 09 18:54:10 <greearb_> it has some crypt requirements, specifically need to be able to do tx of software encrypted frames, so I am updating my FW to advertise this feature, and backported the upstream patch
Sep 09 18:54:17 <greearb_> not vlan tagging wifi traffic I think
Sep 09 18:54:42 <greearb_> https://patchwork.kernel.org/patch/10352797/
Sep 09 18:55:06 <Hauke> I think multi SSID mode should already be supported
Sep 09 18:55:09 <greearb_> seem sebastian's comments were at least mostly ignored
Sep 09 18:55:26 <Hauke> but it is possible to assign the VLAN based on the RADIUS answer
Sep 09 18:55:48 <Hauke> or based on the PSK
Sep 09 19:49:40 <greearb_> Here is new ath10k-ct driver csum:  5e8cd86f90dac966d12df6ece84ac41458d0e95f
Sep 09 19:50:09 <greearb_> In case someone has time to test and patch it into openwrt.  Should enable AP-VLAN when used with my latest wave-2 firmware.
Sep 09 19:50:36 <greearb_> it only changes the 4.19 and 4.20 drivers, 5.2 already had the needed patch
Sep 09 20:26:12 <mamarley> Ah, I couldn't have tested it anyway then, because I have only Wave-1 hardware.
Sep 09 21:18:11 <Tapper> After talking about wpad and hostapd. What about the dif between dnsmasq and dnsmasq-full?
Sep 09 21:22:26 <olmari> Menuconfig did show those I think.. dnssec resolving support at the least
Sep 09 21:23:02 <olmari> Some 4-5 other options too, can't remember off memory
Sep 09 21:34:29 <pkgadd> Tapper: IPv6 support (replacing odhcpd, but not dealing that well with changing/ dynamic IPv6 prefixes) and tftpd
Sep 09 21:35:27 <Tapper> So would it not be best to switch to dnsmasq-full?
Sep 09 21:36:05 <pkgadd> it depends... those who are plagued with dynamic IPv6 prefixes (e.g. me) would curse you ;)
Sep 09 21:36:07 <Tapper> and drop odhcp
Sep 09 21:36:38 <Tapper> and get the changing/ dynamic IPv6 prefixes)  fixt?
Sep 09 21:36:56 <pkgadd> let's go back to that once it is fixed
Sep 09 21:37:03 <pkgadd> right now it isn't
Sep 09 21:37:05 * Tapper grins
Sep 09 21:37:17 <olmari> You don't need to use dnsmasq ipv6 (dhcp server) feature even if installing dnsmasq-full
Sep 09 21:37:39 <Tapper> OK, but OpenWrt could drop 2 more packages and just keep the one dnsmasq-full
Sep 09 21:38:07 <pkgadd> sure, but if you don't want to use those features, why install dnsmasq-full (instead of dnsmasq) in the first place
Sep 09 21:38:40 <olmari> But to get other features should you need or want (i like dnssec resolving)
Sep 09 21:38:41 <pkgadd> ...and for tftpd uses I install tftpd-hpa instead
Sep 09 21:39:00 <Tapper> when you install just dnsmasq odhcpd is installed anyway so why have 2 packages that can do the job of one
Sep 09 21:39:25 <Tapper> that would meen 3 packages now insted of one
Sep 09 21:39:37 <pkgadd> Tapper: because dnsmasq right now (and for the last 10 years) can't do some things odhcpd can do
Sep 09 21:39:55 <olmari> Menuconfig also allows cherrypicking featuresupports i  dnsmasq
Sep 09 21:40:07 <pkgadd> things that are needed if you're on a consumer contract with any ISP in, e.g., Germany#
Sep 09 21:41:27 <olmari> Yeah, can't change to totally single program if it effectively breaks stuff for peoples
Sep 09 21:42:21 <Tapper> Yeah I get that I don't want to break stuff
Sep 09 21:42:33 <olmari> I don't also know will it save overall flash space or not, but yeah..
Sep 09 21:44:14 <pkgadd> I don't think (although I'm not sure) that the situation with dynamic IPv6 prefixes is different in the UK either. so it's a rather common issue
Sep 09 21:45:02 <pkgadd> if you're on a business contract, you can get fixed IPs and prefixes. but for consumer contracts you basically only get dynamic IPs and prefixes in europe
Sep 09 21:45:34 <Tapper> I am going to ytry out a build now with dnsmasq-full
Sep 09 21:45:38 <Tapper> try*
Sep 09 21:45:49 <pkgadd> aside from some small/ regional ISPs who came early to the party, got their share of IPv4 addresses and address an enthusiast clientele
Sep 09 21:45:51 <Tapper> So I can remove odhcp?
Sep 09 21:46:18 <pkgadd> it depends.
Sep 09 21:46:27 <Tapper> ODHCPD*
Sep 09 21:46:28 <pkgadd> nothing will brick, if you remove it
Sep 09 21:46:33 * Tapper nods
Sep 09 21:46:57 <pkgadd> but if you /need/ IPv6 or if you have to deal with dynamic prefixes is something only you (or your ISP) can answer
Sep 09 21:55:51 <Tapper> When removeing odhcpd do i still nede odhcp6c?
Sep 09 22:02:07 <Tapper> I just had a thought, when openwrt supports wpa3 out of the box we will have to switch to using hostapd-full.
Sep 09 22:12:39 <pkgadd> no, you'd need to switch to either wpad-openssl or wpad-wolfssl - neither of which is an overly sensible default for devices with 8 MB flash or less
Sep 09 22:13:28 <pkgadd> hostapd-full, besides not covering some essential features of wpad to begin with, doesn't support WPA3 either
Sep 09 22:15:35 <pkgadd> and dnsmasq does not provide the functionality required for a DHCPv6 /client/, which is what odhcp6c provides
Sep 09 22:20:59 <Tapper> pkgadd I installed hostapd-openssl-full and wpa3 shows up inluci I did not get to test it out as I have know devices that have wpa3 in yet.
Sep 09 22:21:23 <pkgadd> hostapd-openssl-full is not the same as hostapd-full
Sep 09 22:22:17 <pkgadd> but in order to get feature parity with wpad-openssl, you'd have to installed both hostapd-openssl-full and wpasupplicant-openssl-full, which doesn't gain you anything from a feature perspective, but requires more flash space
Sep 09 22:22:36 <pkgadd> and neither of them is particularly viable to be preinstalled on a <= 8 MB flash device
Sep 09 22:25:40 <Tapper> pkgadd Christ!
Sep 09 22:25:55 * Tapper faceparms
Sep 09 22:25:57 <Tapper> lol
Sep 09 22:26:33 <pkgadd> if you have the space, install wpad-openssl (I do that as well) - bang, WPA3 here you come
Sep 09 22:27:08 <Tapper> pkgadd OK I will do that thanks for helping
Sep 09 22:30:05 <pkgadd> the distinction between wpa_supplicant and hostapd is rather pointless, but upstream -despite developing both in a single git repo- still thinks it makes sense to distribute them only in distinct upstream tarballs. despite them sharing a large percentage of common code (basically all security patches need to apply to both hostapd and wpa_supplicant), wpa_supplicant having gained partial AP support
Sep 09 22:30:11 <pkgadd> in the 0.7.x time frame (and even more with WiFi-Direct™) and hostapd requiring wpa_supplicant functionality for WDS/ 4addr
**** ENDING LOGGING AT Tue Sep 10 02:59:57 2019