**** BEGIN LOGGING AT Thu Oct 24 02:59:57 2019 Oct 24 07:19:25 for some it's vue :p Oct 24 07:22:15 Heiho, does anybody has some rather concrete idea, about the performance of tinc or OpenVPN when used for layer-2 tunneling (no crypto) on cheap wifi routers (e.g. TL-WR841n) Oct 24 07:23:00 I guess, its around 200 KByte/s when using crypto, but I'ven't done a benchmark using no crypto yet Oct 24 08:03:21 yanosz: which version of TL-WR841n? Oct 24 08:03:32 I don't care Oct 24 08:03:50 I need a gut feeling, not a perforamce study ;) Oct 24 08:04:29 I could build a network by myself, but if anybody did it and has some values, that'd be great Oct 24 08:04:48 +- 100Kbyte/s is totally fine Oct 24 08:05:19 I did a chacha20-poly1305 raw benchmark with a TL-WR841n-V13 with a mt7628 mips soc Oct 24 08:06:19 ... is that cipher actually in OpenVPN? Oct 24 08:06:43 .. guess, they're still bound to CBC for payload Oct 24 08:07:01 https://justus.berlin/2016/02/performance-of-tunneling-methods-in-openwrt/ is interesting, but still includes crypto, imho Oct 24 08:08:48 ups, no ssl-packages Oct 24 08:08:51 sorry, problem solved Oct 24 08:08:54 .nvm Oct 24 08:11:47 Raw benchmark data: chacha20poly1305_decrypt: 64 bytes, 9.826 MB/sec Oct 24 08:12:03 chacha20poly1305_decrypt: 1440 bytes, 23.894 MB/sec Oct 24 08:12:17 It doesn't help to have benchmarks for ciphers, that I can't use ;) Oct 24 08:12:25 on a mt7628 mips. Oct 24 08:12:56 You can using wireguard then it is standard. Oct 24 08:13:44 I cannot neither use IPsec nor wireguard in this setup Oct 24 08:13:51 in fact, wireguard is not even layer2 Oct 24 08:15:20 vxlan ? Oct 24 08:15:37 dude, its out of question Oct 24 08:15:54 one side is an avm fritzbox 7312 running stock firmware, kernel 2.6.32 Oct 24 08:16:12 there's no kernel module for any l2-tunnel Oct 24 08:16:22 its userspace Oct 24 08:16:56 yanosz: sorry, I was try think in other directions you can take to tunnel L2 Oct 24 08:17:08 nvm ;) Oct 24 08:39:14 does anyone know if the Ubiquiti AP nanoHD can be easily supported by OpenWrt? apparently it's mediatek based, AC Wave2 Oct 24 08:39:24 but I haven't found much info yet Oct 24 08:41:25 maybe I should just buy one and try :) Oct 24 08:46:55 rr123: feel free to do it in react.js, I won't Oct 24 08:47:02 the nodejs ecosystem is a volatile ghetto Oct 24 08:57:42 lynxis: you can find the manual to install prplWrt on the RAX40 here: https://git.prpl.dev/prplwrt/prplwrt/wikis/getstarted Oct 24 09:13:38 stintel: is openwrt superior to ubiquiti fw? srs question, just curious Oct 24 09:25:34 jow: keycdn also offered to host the downloads, any preference for fastly? Oct 24 09:28:48 -j24... I want those buildservers... Oct 24 09:56:09 aparcar[m]: no preference, keycdn sounds nice Oct 24 10:00:57 They want to be on the website, should they appear somewhere on downloads.o.o? Oct 24 10:06:08 oh, nice, they're from switzerland Oct 24 10:10:27 aparcar[m]: how do they want to appear? I think its no problem to add some "[logo] Served by KeyCDN" to the footer of each download page Oct 24 10:10:43 together with a link to their site Oct 24 10:11:18 some frontpage news item can be probably done as well Oct 24 12:24:12 there is an other public CVE: https://www.cvedetails.com/cve/CVE-2019-15513/ Oct 24 12:24:21 https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf Oct 24 12:29:19 uci dos Oct 24 12:31:33 I don't get the score ratings Oct 24 12:33:36 ynezz: the higher the better for the reporter Oct 24 12:33:44 and they decide Oct 24 12:34:14 I saw this in a presentation, we really need some monitoring of this as this idiots do not notify us Oct 24 12:42:37 hmz. I'm getting this error on sysupgrade on my cns3xxx boards (19.07) https://pastebin.com/raw/iwDPKRAJ Oct 24 12:45:29 it says authentication not required though? Oct 24 12:46:20 that's a problem of the web api on that device, not a libuci problem. Oct 24 12:49:33 xback: this is on latest and greatest? Oct 24 12:49:53 yes. latest 19.07 state Oct 24 12:50:11 it only seems to occur on devices with MTD Oct 24 12:50:19 i'm not seeing issues on devices using UBI Oct 24 12:50:32 last week it was still good Oct 24 12:57:55 ynezz: will you fix the CVE, otherwise I will look at it on my way back Oct 24 13:10:57 xback: it seems like image passed to mtd write is corrupted Oct 24 13:12:20 xback: you've image in /tmp ? Oct 24 13:16:31 ynezz: yeah. the full checkout, build and flash process to devices is automated here Oct 24 13:17:14 and you're preserving config? Oct 24 13:17:58 yeah. it also automated. stored in a git repo here Oct 24 13:18:36 I have a script which downloads all sources, applies configs etc. it never changed in 2 years now Oct 24 13:18:46 except for refreshing the configs once in a while Oct 24 13:19:05 I mean during sysupgrade :) Oct 24 13:19:16 how do you run sysupgrade which has failed Oct 24 13:21:41 sysupgrade /tmp/openwrt....bin Oct 24 13:22:04 I'm pretty sure the flashing method is OK, as it's also fully automated since a few years and didnt change Oct 24 13:22:27 everything is scripted to avoid human error Oct 24 13:23:06 I'll check these 2 commits: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=4abf456b4a828b2aa4094f8fd505741541bbacb7 Oct 24 13:23:14 https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=5e9aae9ef069912edea21f807be5512249971127 Oct 24 13:30:57 ok, just don't seems to be related Oct 24 14:15:45 Hauke: 1. they don't specify version 2. it's unclear to me how to reproduce it Oct 24 14:15:55 Hauke: I've just tried following http://paste.ubuntu.com/p/pFDcsrgc5K/ Oct 24 14:35:04 openwrt should collect router models and version running to get a vague idea on popularity data like debian does Oct 24 14:39:10 https://openwrt.org/meetings/hamburg2019/start#statistics patches are welcome :) Oct 24 14:40:33 ynezz: i hope i have the skill set for that, when should this be run? at install/sysupgrade time, or after login luci and toggle some option Oct 24 15:03:49 rr123: there's been a lengthy discussion about telemtry collection in the majority of users didn't want it Oct 24 15:13:13 ok then, maybe the central server can get some download statistics per package/arch/release, but I don't know how many of us are downloading from openwrt.org these days, still, could be better than nothing Oct 24 15:15:28 by the way SDK does not bundle the real STAGING_DIR for external package build, is this intentional? I have to point STAGING_DIR back to my build tree, would prefer SDK can be used independently Oct 24 15:28:05 you're supposed to build the dependencies with the sdk Oct 24 15:28:16 then you'll also have a proper STAGING_DIR Oct 24 15:30:24 I built the sdk, after untar it, only host and toolchain are under sdk/staging_dir actually, so all those headers are not included in the SDK, do I need turn on other flags in additino to enable SDK build at menuconfig Oct 24 15:31:37 you need to to build the libraries you want to have headers for with the SDK Oct 24 15:31:58 the SDK will only bundle the most essential parts to build packages Oct 24 15:33:14 even the default packages with InstallDev headers that are correctly put under ipkg-install and build-topdir/staging_dir/target-whatever are nowhere to find in SDK Oct 24 15:33:23 yes Oct 24 15:33:31 again, you need to build these libraries with the SDK Oct 24 15:34:11 arrhh...then what's the difference just link STAGING_DIR back to build-topdir/staging_dir/target-of-myown Oct 24 15:34:30 which has all libraries built already, and I can also just copy them into SDK? Oct 24 15:34:39 to make it standalone that is Oct 24 15:35:10 the difference is that the host utils and toolchain are prebuilt and binary patched in a way that makes them relocatable and executable on other linux distributions Oct 24 15:35:40 i see, now I will use SDK and set STAGING_DIR to my build-tree then, so far worked fine Oct 24 15:36:07 then why don't use the buildroot in the first place? Oct 24 15:36:15 using the sdk like that makes no sense at all Oct 24 15:36:40 it's just faster for quick code development, once all is working i will move them inside the build-tree Oct 24 15:37:51 writing some fastcgi small binaries and all I need is the gcc and fcgi library to generate small executables, no need to invoke the whole process per se Oct 24 15:39:17 still need figure out the difference between the popular method, i.e. json-rpc used on openwrt for frontend, vs fastcgi approach Oct 24 15:39:18 yeah but why don't invoke gcc in the buildroot? Oct 24 15:39:49 instead of building the sdk with the buildroot, then unpack the sdk, symlink it to the buildroot and invoke the gcc in the sdk (which has been coied from buildroot) Oct 24 15:40:46 anyhow, bbl Oct 24 15:40:49 yeah both should work indeed, maybe i want to skip makefile for fast experiments for now Oct 24 18:46:43 jow: and we want the cdn only for downloads.openwrt.org which is hosted by them under cdn.openwrt.org right? Oct 24 18:46:45 or the entire website? Oct 24 18:51:02 jow: can you add the following sentence to the very bottom of the downloads area? Open source downloads supported by KeyCDN Oct 24 18:55:51 jow: please ack once you added it then I'll notify them Oct 24 21:12:08 ynezz: https://patchwork.ozlabs.org/patch/1181966/ would this conflict with any of your pending patches moving the stuff to a git ? Oct 24 21:12:14 or can i merge it ? Oct 24 21:14:15 nbd: https://patchwork.ozlabs.org/patch/1174992/ thoughts ? Oct 24 21:16:55 I'd sugest the naming of the later (mount hooks) could be improved, to make it obvious they are pre, not post hooks? Oct 24 21:17:14 or, better, make them "compatible" with the hotplug hooks that have vars saying the action being taken? Oct 24 21:18:18 karlp: mind putting that into a reply on the ML ? Oct 24 21:18:43 i understand his usecase but somehow i am not happy woth the patch, cant put my finger on it though Oct 24 21:19:18 let me find it on the ml, sure. Oct 24 21:21:56 thx Oct 24 21:24:11 do we have a channel with git commits ? Oct 24 21:58:10 blogic: sorry, bombadil.infradead.org is using some spam lists with (IMO) false positives (what a surprise) Oct 24 21:58:41 might work if I turned off ipv6 on the host, and it used the v4 address instead Oct 24 21:58:53 but not a game I'm playing with mail servers tonight Oct 24 21:59:10 _hopefully_ alin got the mail at least... Oct 24 22:00:18 I've requested delistings from SPLCSS before, but if they won't ever tell me what I've allegedly done... fuckem. Oct 24 22:00:37 this world of "use google/office/hotmail or stop thinking you're allowed to send mail" sucks. Oct 25 01:35:29 Hauke: I see that you were the first one on the mailing list, who wanted to enable CONFIG_BRIDGE_VLAN_FILTERING ( https://lists.openwrt.org/pipermail/openwrt-devel/2018-April/011715.html ) do you think it will be possible to backport this commit https://github.com/openwrt/openwrt/commit/51c094e7032b45522cc7060858196881e161e615 to openwrt-18.06? It can be cherry-picked. It applies.Hauke: I Oct 25 01:35:31 see that you were the first one on the mailing list, who wanted to enable CONFIG_BRIDGE_VLAN_FILTERING ( https://lists.openwrt.org/pipermail/openwrt-devel/2018-April/011715.html ) do you think it will be possible to backport this commit https://github.com/openwrt/openwrt/commit/51c094e7032b45522cc7060858196881e161e615 to openwrt-18.06? It can be cherry-picked. It applies. **** ENDING LOGGING AT Fri Oct 25 03:00:03 2019