Re: [LEDE-DEV] Bug? Routes of disabled interfaces appear in routing table
Hallo, Am 2018-01-08 um 16:41 schrieb Jo-Philipp Wich: > Hi yanosz, > > "option enabled" is not defined for /etc/config/network, config > interface as far as I know. Maybe you meant "option auto 0" instead? Interesting. Looking at the docs it is supported: https://lede-project.org/docs/user-guide/network_configuration#options_valid_for_all_protocol_types If you're we should update the docs. Greetz, yanosz > -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
[LEDE-DEV] Bug? Routes of disabled interfaces appear in routing table
Hello, I discovered an issue with disabled interfaces propagating routes to sepcified tables. Given: config interface 'internet_share' option ifname '@wan' option proto 'dhcp' option ip4table '65' config interface 'internet_share6' option ifname '@wan' option proto 'dhcpv6' option ip6table '65' This config duplicates all WAN-Routes to table 65 and works as intended, in my freifunk policy routing setup. However, adding option enabled '0' doesn't seem to have any effect. The routes appear anyway. Am I missing sth.? Thanks, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] SDK Error: Makefile:48: *** DESCRIPTION:= is obsolete
Hello, thanks - works. Greetz, yanosz Am 2017-10-16 um 11:57 schrieb Jo-Philipp Wich: > Hi, > > try using "define Build/Compile" instead of "define > Package/helloworld/compile". > > ~ Jo > > ___ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev > -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
[LEDE-DEV] SDK Error: Makefile:48: *** DESCRIPTION:= is obsolete
Hello, I'm trying to create a package following: https://lede-project.org/docs/guide-developer/helloworld/start When I do make -j1 V=99 package/hellowold/compile I get: make[3]: Entering directory '/tmp/lede-sdk-17.01.3-x86-64_gcc-5.4.0_musl-1.1.16.Linux-x86_64/build_dir/target-x86_64_musl-1.1.16/helloworld-1.0' Makefile:48: *** DESCRIPTION:= is obsolete, use Package/PKG_NAME/description. Stop. [...] The Makefile is at: https://gist.github.com/yanosz/09198538d019d393f5e571d1a573a2c7 Notice, that DESCRIPTION:= is unset, thus the warning appears to be false. It seems, that the DESCRIPTION is set during the built, causing the error. When removing the check, the makefile seems to in into an endless recursion: shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory make: getcwd: No such file or directory make[153]: Entering directory '/tmp/lede-sdk-17.01.3-x86-64_gcc-5.4.0_musl-1.1.16.Linux-x86_64/build_dir/target-x86_64_musl-1.1.16/helloworld-1.0' I quit after 153 tries, ending the loop. What may be wrong here? Thanks, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] tagged vlans on a TP-Link 841n v9
Hello, Am 06/19/2017 um 09:14 AM schrieb Mikael Bak: > Hi, > > On 2017-06-19 08:52, yanosz wrote: >> Hei folks, >> >> I've some issues setting up a tagged vlan on a TP-Link 841n v9 router. >> The vlan (tag 23) should spawn all ports (lan, wan) having a dedictated >> interface. >> >> For doing so in luci I add a new vlan, name it 23 and enable all >> drop-down boxes (incl. cpu) as checked. >> >> After applying, the system becomes unreachable (v4, v6) on any interface. >> >> What's wrong here? How can I enable the vlan? >> > > On my 841n (v10) the WAN port is not part of the switch and thus cannot > be used as a trunk port. Perhaps this is true for v9 too. > > You should however be able to configure one of the LAN ports to act as > WAN and carry VLAN23. In this case the real WAN port is useless. Yes, guess you're right. Anyway, it ought to be possible to defined tagged vlan on both interfaces and bridge 'em afterwards - isn't it? Greetz. -- For those of you without hope, we have rooms with color TV, cable and air conditioning signature.asc Description: OpenPGP digital signature ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] tagged vlans on a TP-Link 841n v9
Hello, here we go - the system is no longer reachable using IPv6 link local or 192.168.1.1. I changed the swtich configuration, only. Screenshot: http://jluehr.de/owncloud/index.php/s/DtjWvXzhQV30FbM /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd92:ca4c:8920::/48' config interface 'lan' option type 'bridge' option ifname 'eth0' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' config interface 'wan' option ifname 'eth1' option proto 'dhcp' config interface 'wan6' option ifname 'eth1' option proto 'dhcpv6' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '0 1 2 3 4' option vid '1' config switch_vlan option device 'switch0' option vlan '2' option ports '0t 1t 2t 3t 4t' option vid '23' Am 06/19/2017 um 09:03 AM schrieb Jo-Philipp Wich: > Hi. > > Please make a screenshot of your settings or paste the generated > /etc/config/network here. > > Also consider doing the switch config via wireless, this allows for simpler > recovery after a config mistake. > > ~ Jo > > ___ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev > -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
[LEDE-DEV] tagged vlans on a TP-Link 841n v9
Hei folks, I've some issues setting up a tagged vlan on a TP-Link 841n v9 router. The vlan (tag 23) should spawn all ports (lan, wan) having a dedictated interface. For doing so in luci I add a new vlan, name it 23 and enable all drop-down boxes (incl. cpu) as checked. After applying, the system becomes unreachable (v4, v6) on any interface. What's wrong here? How can I enable the vlan? Thanks, Greetz, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
[LEDE-DEV] CVE-2016-10229 Remote code execution vulnerability in kernel networking subsystem
Hello, CVE-2016-10229 was patched in android recently. While some distributions (ie Debian: https://security-tracker.debian.org/tracker/CVE-2016-10229) are not vulnerable due to having backported parts of the kernel code before, I wonder about the status in Lede (and OpenWRT). There are some rumors, that MSG_PEEK might be used in dnsmasq, but I don't know any details here. What's the current status in lede? Thanks, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] [PATCH ubox] kmodloader: modprobe: return 0 for loaded modules
Hei,
Am 03/03/2017 um 03:32 AM schrieb Yousong Zhou:
> This is the default behaviour with modprobe from kmod package [1] unless
> it is explicitly told that the module is to be loaded for --first-time
>
> [1] http://www.kernel.org/pub/linux/utils/kernel/kmod/
>
> Fixes FS#433
>
> Signed-off-by: Yousong Zhou <yszhou4t...@gmail.com>
> ---
> kmodloader.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kmodloader.c b/kmodloader.c
> index 892ddd8..ed8f833 100644
> --- a/kmodloader.c
> +++ b/kmodloader.c
> @@ -837,7 +837,7 @@ static int main_modprobe(int argc, char **argv)
> if (m && m->state == LOADED) {
> if (!quiet)
> ULOG_ERR("%s is already loaded\n", name);
> - return -1;
> + return 0;
> } else if (!m) {
> if (!quiet)
> ULOG_ERR("failed to find a module named %s\n", name);
Thanks for picking this up.
What about returning 1 in the "} else if (!m) {" case, this is
mobprobe's behaviour, afaik.
Greetz, yanosz
--
For those of you without hope, we have rooms with color TV,
cable and air conditioning
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] LEDE v17.01.0 final
Hello, Am 02/22/2017 um 06:47 PM schrieb Jo-Philipp Wich: > Hi, > > The LEDE Community is proud to announce the first stable version of the > LEDE 17.01 version series. > > LEDE 17.01.0 "Reboot" incorporates thousands of commits over the last > nine months of effort. With this release, the LEDE development team > closes out an intense effort to modernize many parts of OpenWrt and > incorporate many new modules, packages, and technologies. Thanks a lot! I'm really happy about LEDE having a stable release. You guys rock! Greetz, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] kmod-ebtables: install fails
Hello, Am 02/20/2017 um 04:09 PM schrieb Baptiste Jonglez: > On Sun, Feb 19, 2017 at 01:48:04PM +0100, yanosz wrote: >> Hello, >> >> I've some trouble installing kmod-ebtables on lede 17.01 rc2. >> >> root@Node-2:/etc/config# opkg install kmod-ebtables >> Package kmod-ebtables (4.4.47-1) installed in root is up to date. > > It looks like kmod-ebtables is already installed in your system? well ... didn't install it. On a fresh 17.02 rc I did: $ ssh node Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts. BusyBox v1.25.1 () built-in shell (ash) _ //\ ____ ___ ___ / LE/ \| | | __| \| __| /DE /\ | |__| _|| |) | _| // LE \ ||___|___/|___| lede-project.org \\ DE / \LE \/ --- \ DE\ /Reboot (17.01.0-rc2, r3131-42f3c1f) \\/ --- === WARNING! = There is no root password defined on this device! Use the "passwd" command to set up a new password in order to prevent unauthorized SSH logins. -- root@LEDE:~# opkg update Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/targets/ar71xx/generic/packages/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_core Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/targets/ar71xx/generic/packages/Packages.sig Signature check passed. Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/base/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_base Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/base/Packages.sig Signature check passed. Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/luci/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_luci Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/luci/Packages.sig Signature check passed. Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/packages/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_packages Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/packages/Packages.sig Signature check passed. Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/routing/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_routing Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/routing/Packages.sig Signature check passed. Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/telephony/Packages.gz Updated list of available packages in /var/opkg-lists/reboot_telephony Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/telephony/Packages.sig Signature check passed. root@LEDE:~# opkg install ebtables Installing ebtables (2.0.10-4-5) to root... Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/packages/mips_24kc/base/ebtables_2.0.10-4-5_mips_24kc.ipk Installing kmod-ebtables (4.4.47-1) to root... Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/targets/ar71xx/generic/packages/kmod-ebtables_4.4.47-1_mips_24kc.ipk Installing kmod-bridge (4.4.47-1) to root... Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/targets/ar71xx/generic/packages/kmod-bridge_4.4.47-1_mips_24kc.ipk Installing kmod-stp (4.4.47-1) to root... Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/targets/ar71xx/generic/packages/kmod-stp_4.4.47-1_mips_24kc.ipk Installing kmod-llc (4.4.47-1) to root... Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/targets/ar71xx/generic/packages/kmod-llc_4.4.47-1_mips_24kc.ipk Installing kmod-br-netfilter (4.4.47-1) to root... Downloading http://downloads.lede-project.org/releases/17.01.0-rc2/targets/ar71xx/generic/packages/kmod-br-netfilter_4.4.47-1_mips_24kc.ipk Configuring kmod-llc. Configuring kmod-stp. Configuring kmod-bridge. Configuring kmod-br-netfilter. Configuring kmod-ebtables. ebtable_broute is already loaded ebtable_filter is already loaded ebtable_nat is already loaded ebt_802_3 is already loaded ebt_among is already loaded ebt_limit is already loaded ebt_mark_m is already loaded ebt_pkttype is already loaded ebt_stp is already loaded ebt_vlan is already loaded ebt_mark is already loaded ebt_redirect is already loaded Configuring ebtables. Collected errors: * pkg_run_script: package "kmod-ebtables" postinst script returned status 255. * opkg_configure: kmod-ebtables.postinst returned 255. -- For those of you with
[LEDE-DEV] LXC cgroups / Was: Re: Working with network namespaces?
Hello, Am 02/13/2017 um 04:38 PM schrieb Jeff Ahrenholz: > yanosz, > >> Getting back to this: >> IMHO I'd be cool, to set option namespace 'ns4711' for interfaces and >> routes in /etc/config/network. > >> Is there anything happening related to network namespaces in lede? > > Not sure what else is happening with netns, but I use the following to turn > on namespace support: > > config CORE_KERNEL_OPTIONS > bool "Enable kernel support for containers" > default y > select PACKAGE_lxc > select LXC_KERNEL_OPTIONS > select PACKAGE_veth > select PACKAGE_kmod-veth > help > Select the LXC_KERNEL_OPTIONS config to enable namespaces support in > the Linux kernel. > > This goes into a custom feed config, turns on LXC options including network > namespaces. > I’m using this in conjunction with CORE [1] utilities. Thanks for your response .. however, I', still puzzling with lxc. - In stock 17.01 (rc2) there are packages lxc-cgroup, lxc-execute. - But from my understanding linux cgroup may be missing, causing lxc-execute to fail: root@Node-2:/rom# lxc-execute -n test /bin/sh lxc-execute: start.c: must_drop_cap_sys_boot: 583 failed to clone (0x2012): Invalid argument lxc-execute: cgfs.c: cgfs_init: 2246 cgroupfs failed to detect cgroup metadata lxc-execute: start.c: lxc_spawn: 948 failed initializing cgroup support lxc-execute: start.c: __lxc_start: 1192 failed to spawn 'test' Intuitively, I expected lxc-cgroup to depend on sth. like kmod-cgroup, but there's no such thing. Did you recompile lede? I need to do this with lede (stock). Thanks, Greetz, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
[LEDE-DEV] kmod-ebtables: install fails
Hello, I've some trouble installing kmod-ebtables on lede 17.01 rc2. root@Node-2:/etc/config# opkg install kmod-ebtables Package kmod-ebtables (4.4.47-1) installed in root is up to date. Configuring kmod-ebtables. ebtable_broute is already loaded ebtable_filter is already loaded ebtable_nat is already loaded ebt_802_3 is already loaded ebt_among is already loaded ebt_limit is already loaded ebt_mark_m is already loaded ebt_pkttype is already loaded ebt_stp is already loaded ebt_vlan is already loaded ebt_mark is already loaded ebt_redirect is already loaded Collected errors: * pkg_run_script: package "kmod-ebtables" postinst script returned status 255. * opkg_configure: kmod-ebtables.postinst returned 255. uname -a root@Node-2:/etc/config# uname -a Linux Node-2 4.4.47 #0 Mon Feb 6 21:34:28 2017 mips GNU/Linux I don't know what went wrong .. ebtables looks usable ... It seems like kmod-ebtables is suprised by its modules already been loaded ... Greetz, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning signature.asc Description: OpenPGP digital signature ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] Working with network namespaces?
Hello folks,
Am 09/08/2016 um 05:50 PM schrieb yanosz:
> Hello folks,
>
> I'm thinking about hacking around with Linux network namespaces.
>
> Is it possible to assign a designated namespaces to a interface or link
> configuration in /etc/config/{network,wireless}?
Getting back to this:
IMHO I'd be cool, to set option namespace 'ns4711' for interfaces and
routes in /etc/config/network.
Is there anything happening related to network namespaces in lede?
Thanks,
Greetz, yanosz
--
For those of you without hope, we have rooms with color TV,
cable and air conditioning
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] Stability & release plans -- CVE-2016-5195
Hello, Am 10/29/2016 um 03:18 AM schrieb J Mo: > > On 10/28/2016 11:39 AM, yanosz wrote: >> 1. I'm unhappy with the state of OpenWRT at the moment. I see some >> trouble in building and releasing. The current code base has some bugs. >> I'ven't seen a fix for "mad cow" yet. For me it is hard to estimate >> whether OpenWRT is able to include, build and release critical patches >> over the next months in a timely fashion. > > My impression is that CVE-2016-5195 (also known by it's marketing name > for low-intellect individuals as "dirty COW") is mostly a non-issue on > OpenWRT/LEDE. This is why you have not heard much about a response for it. > > The exploit is a privilege escalation. However, almost everything on a > standard LEDE/OpenWRT system already runs as root anyway, since these > kinds of systems are not designed for multi-user scenarios. Depends :-). OpenWRT has a big package repository, offering dozens applications. I guess, that you're right for about > 80% of all OpenWRT users, but there are others. As far as I'm aware of, discussions on CVE-2016-5195 are taking place https://forum.openwrt.org/viewtopic.php?id=68181 so some people do care - some discussions are happening on openwrt-dev, too. However, I'm neither interested in discussing the impact of a local root exploit, nor the urgency for this kind of fix. I'm trying to estimate the liveliness and its future impact for OpenWRT. Take https://lists.openwrt.org/pipermail/openwrt-devel/2016-July/041987.html for instance. Please don't get me wrong: I'm not saying that OpenWRT is unable to do releases, but "KanjiMonster" statements, make me worry about the shape of OpenWRT-Setup when something bigger happens. Greetz, yanosz -- For those of you without hope, we have rooms with color TV, cable and air conditioning ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
[LEDE-DEV] Working with network namespaces?
Hello folks,
I'm thinking about hacking around with Linux network namespaces.
Is it possible to assign a designated namespaces to a interface or link
configuration in /etc/config/{network,wireless}?
Thanks,
Greetz, yanosz
--
For those of you without hope, we have rooms with color TV,
cable and air conditioning
___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
