**** BEGIN LOGGING AT Sun Nov 01 02:59:57 2020 Nov 01 11:16:19 A nice attack to circumvent NAT: NAT Slipstreaming: https://samy.pl/slipstream/ They use a bug in the tdts.ko kernel module, which is probably part of some vendors SDK Nov 01 11:25:03 heh, an while where such "inside network" stuff has been on the wild 🙂 or.. generally Nov 01 12:02:05 Hauke: From what I understand, the attack is only feasibly with automated loading of NAT helper modules. Nov 01 12:02:10 *feasible Nov 01 12:03:26 Also, lib/modules/2.6.36.4brcmarm+? I'm not losing my sleep over this one. :P Nov 01 12:59:47 rsalvaterra: yes the attack uses protocols where an extra channel is needed in this example SIP is used Nov 01 13:02:19 they make the browser send a HTTP request which the router interprets as a SIP REGISTER packet, the router parses it and opens the port which is used in the SIP REGISTER packet for the reverse conection Nov 01 13:03:14 The router has to detect that this is not the first packet of the conversation and not interpet it as SIP Nov 01 13:03:30 *interpret Nov 01 16:37:02 updated openwrt/upstream, https://sdwalker.github.io/uscan/index.html Nov 01 16:43:44 swalker: thanks for the update Nov 01 16:44:23 there is a problem with mbedtls, it thinks 2.7.17 is more recent Nov 01 16:54:45 watch file url needs fixed to not use the latest github tag Nov 01 16:55:30 uscan: Newest version of mbedtls on remote site is 2.24.0, local version is 2.16.8 Nov 01 17:49:30 swalker: no problem, if it is harder to fix just leave it like it is Nov 01 17:49:55 swalker: mbedtls releases are anyway starnge by now Nov 01 17:50:00 *strange Nov 01 19:19:46 any clue why sending to -ENODEV might not disable device/does not skips its init? https://gist.github.com/damex/a90fa1967ff57188e8d025286abfa829 Nov 01 19:20:10 it works for some interfaces but not for all Nov 01 19:21:35 there is some virtual interfaces that have no use (loop interfaces) - they won't get init. but if it is ones that and is part of qsgmii - they get initialized. Nov 01 19:22:01 that condition actually matches for them and it does not get further logic applied **** ENDING LOGGING AT Sun Nov 01 20:38:23 2020 **** BEGIN LOGGING AT Sun Nov 01 20:46:17 2020 Nov 01 21:00:25 sorted it out. seems like it easier to escape whole thing without need to initialize interface in the first place. makde much simpler patch that way https://github.com/openwrt/openwrt/pull/3531/commits/c87f6eb87bedd3608e38b0ee7f419ea4b60a2593 Nov 01 21:22:21 Hauke: do you know if mbedtls will have some wpa3 support? Nov 01 21:37:10 adrianschmutzler: when did you schedule the removal? https://downloads.openwrt.org/snapshots/targets/scheduled_for_removal/ Nov 01 21:55:29 aparcar[m]: whenever somebody with access to the actual data is available Nov 01 21:55:50 ynezz moved it because he had no rights to delete it AFAIR Nov 01 21:56:15 maybe move it to archive then? Nov 01 21:56:33 or to /dev/null ;)? Nov 01 21:56:35 no, these are snapshots Nov 01 21:56:42 they should be deleted Nov 01 21:57:22 so, if you know anybody who can delete them, tell him to delete Nov 01 21:58:43 jow: please delete Nov 01 21:58:55 I don't know who manages servers. Mirko? Nov 01 21:59:03 that's what ynezz wrote last time: "Yeah, still waiting for someone with access to archive.openwrt.org to move it over there, so it could be deleted from downloads.openwrt.org. Until then I prefer to keep it in this strange folder (naming is hard), unless there is strong reason to delete it ASAP." Nov 01 21:59:16 looks like he wanted to archive, too Nov 01 22:00:36 discussion was on the mailing list BTW Nov 01 22:01:10 never seen it Nov 01 22:04:08 at least brcm were simple renames of the target, so I don't see a reason to move that to archives Nov 01 22:04:18 one might argue different for targets that were actually removed Nov 01 22:06:09 I don't have that mail thread, can you just bump it? Nov 01 22:38:55 adrianschmutzler: https://github.com/openwrt/openwrt/pull/3556 Nov 01 22:38:59 please merge this Nov 01 23:16:12 aparcar[m]: hostapd's internal crypto code is not sufficient for WPA3, it needs a real crypto library, but mbedtls is not supported by hostapd. Nov 01 23:16:26 aparcar[m]: I am not aware that anyone is working on adding medtls support to hostapd Nov 01 23:17:09 aparcar[m]: wigyori has access to archive.openwrt.org Nov 01 23:17:19 adrianschmutzler: Nov 01 23:17:53 I think the old snapshots can be deleted, we have releas builds for most of them Nov 01 23:39:49 Hauke: I think so, too **** ENDING LOGGING AT Mon Nov 02 02:59:57 2020