search

ericpaulbishop / gargoyle

Gargoyle Router Management Utility
http://www.gargoyle-router.com
468 stars 221 forks source link

1.11.X laundry list #749

Closed lantis1008 closed 4 years ago

lantis1008 commented 6 years ago

1 large issue to track what is currently broken

lantis1008 commented 6 years ago

Currently testing solution to IMQ issues, looks like iptables patch for IMQ was dropped accidentally.

Hook chains and hook tables patched back in. QoS issues solved by upcoming MR

lantis1008 commented 6 years ago

Backups fixed

lantis1008 commented 6 years ago

Plugin installation fixed

lantis1008 commented 6 years ago

When we open up more targets for building, we'll need to expand the IMQ patch to cater for Kernel 4.14 as well. Should be right to stick in the same patch and target it at hack-4.14

ericpaulbishop commented 6 years ago

I figured this was as good a place as any to post/ask you this: Have you by any chance tested the update for the IMQ patch for 4.14 I pushed last week?

I don't have a mvebu router (most of my testing has been ar71xx), so if you could let me know if that patch fixes some of the issues being reported with IMQ, that would be helpful.

lantis1008 commented 6 years ago

I’ve been busy upstream fumbling with Openwrt’s patch submission process. Thanks for making contributing to Gargoyle so simple 👍

I will test today and let you know.

Also, did you want a WRT3200ACM? I got one for free from Linksys for dev work and most of the time it sits in the cupboard now that I’ve finished that.

lantis1008 commented 6 years ago

Looks like similar (same?) trace as before

Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.242812] ------------[ cut here ]------------
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.247458] WARNING: CPU: 1 PID: 12208 at net/netfilter/core.c:319 __nf_unregister_net_hook+0xa0/0xa8
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.256727] hook not found, pf 2 num 0
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.256728] Modules linked in: qcserial pppoe ppp_async option cdc_mbim uvcvideo usb_wwan sierra_net sierra rndis_host qmi_wwan pptp pppox ppp_mppe ppp_generic nf_nat_pptp nf_conntrack_pptp nf_conntrack_ipv6 ipt_REJECT ipt_MASQUERADE huawei_cdc_ncm gspca_zc3xx gspca_ov534 gspca_main ebtable_nat ebtable_filter ebtable_broute cdc_ncm cdc_ether xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_recent xt_quota xt_pkttype xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_iprange xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connlabel xt_connbytes xt_comment xt_addrtype xt_TCPMSS xt_REDIRECT xt_NETMAP xt_LOG xt_HL xt_DSCP xt_CLASSIFY videobuf2_v4l2 usbserial usbnet usblp ums_usbat ums_sddr55 ums_sddr09 ums_karma ums_jumpshot ums_isd200 ums_freecom
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.331328]  ums_datafab ums_cypress ums_alauda ts_fsm ts_bm slhc nft_set_rbtree nft_set_hash nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir_ipv4 nft_redir nft_quota nft_numgen nft_nat nft_meta nft_masq_ipv4 nft_masq nft_log nft_limit nft_exthdr nft_ct nft_counter nft_chain_route_ipv6 nft_chain_route_ipv4 nft_chain_nat_ipv4 nf_tables_ipv6 nf_tables_ipv4 nf_tables_inet nf_tables nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv4 nf_nat_irc nf_conntrack_ipv4 nf_nat_ipv4 nf_nat_h323 nf_nat_ftp nf_nat_amanda nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.402585]  nf_conntrack_broadcast ts_kmp nf_conntrack_amanda nf_conntrack iptable_mangle iptable_filter ipt_ECN ip_tables input_core ebtables ebt_vlan ebt_stp ebt_snat ebt_redirect ebt_pkttype ebt_mark_m ebt_mark ebt_limit ebt_ip ebt_dnat ebt_arpreply ebt_arp ebt_among ebt_802_3 crc_ccitt cdc_wdm cdc_acm br_netfilter fuse em_cmp sch_teql em_nbyte cls_basic sch_dsmark sch_pie sch_codel sch_gred em_meta act_ipt sch_multiq sch_prio act_police em_text sch_sfq sch_fq sch_red act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_tbf sch_htb sch_hfsc sch_ingress videobuf2_vmalloc videobuf2_memops videobuf2_core v4l2_common videodev mwlwifi mac80211 cfg80211 compat xt_set ip_set_list_set ip_set_hash_netiface ip_set_hash_netport ip_set_hash_netnet ip_set_hash_net ip_set_hash_netportnet
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.474201]  ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink xt_IMQ imq(-) ipt_weburl ipt_webmon ipt_timerange ipt_bandwidth ip6t_rt ip6t_frag ip6t_hbh ip6t_eui64 ip6t_mh ip6t_ah ip6t_ipv6header ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables x_tables nfsd nfs msdos ip_gre gre ip_tunnel tun vfat fat lockd sunrpc grace hfsplus nls_utf8 nls_koi8_r nls_iso8859_2 nls_iso8859_15 nls_iso8859_13 nls_iso8859_1 nls_cp866 nls_cp852 nls_cp850 nls_cp775 nls_cp437 nls_cp1251 nls_cp1250 dma_shared_buffer ecb ohci_platform ohci_hcd gpio_button_hotplug mii
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.538514] CPU: 1 PID: 12208 Comm: rmmod Not tainted 4.14.43 #0
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.544545] Hardware name: Marvell Armada 380/385 (Device Tree)
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.550502] [<c010f5c0>] (unwind_backtrace) from [<c010b2c8>] (show_stack+0x10/0x14)
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.558282] [<c010b2c8>] (show_stack) from [<c05f6f88>] (dump_stack+0x88/0x9c)
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.565538] [<c05f6f88>] (dump_stack) from [<c0121e00>] (__warn+0xe4/0x100)
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.572530] [<c0121e00>] (__warn) from [<c0121e54>] (warn_slowpath_fmt+0x38/0x48)
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.580046] [<c0121e54>] (warn_slowpath_fmt) from [<c0540470>] (__nf_unregister_net_hook+0xa0/0xa8)
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.589133] [<c0540470>] (__nf_unregister_net_hook) from [<c054055c>] (nf_unregister_net_hook+0xe4/0x108)
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.598769] [<c054055c>] (nf_unregister_net_hook) from [<bf23cfe8>] (imq_nf_unregister+0x28/0x40 [imq])
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.608276] unwind: Index not found bf23cfe8
Sun Jun  3 20:12:03 2018 kern.warn kernel: [ 1146.612571] ---[ end trace 4fc25e6432267102 ]---
Sun Jun  3 20:12:03 2018 kern.info kernel: [ 1146.713009] IMQ driver unloaded successfully.
Sun Jun  3 20:12:04 2018 kern.info kernel: [ 1146.803201]   Hooked IMQ after mangle on INPUT
Sun Jun  3 20:12:04 2018 kern.info kernel: [ 1146.883052]   Hooked IMQ after mangle on FORWARD
Sun Jun  3 20:12:04 2018 kern.info kernel: [ 1146.887616] IMQ driver loaded successfully. (numdevs = 1, numqueues = 1, imq_dev_accurate_stats = 1)
Sun Jun  3 20:12:04 2018 kern.info kernel: [ 1146.896801]   Hooking IMQ before NAT on PREROUTING.
Sun Jun  3 20:12:04 2018 kern.info kernel: [ 1146.901612]   Hooking IMQ after NAT on POSTROUTING.
lantis1008 commented 6 years ago

I think a hint might be here: [ 10.084587] IMQ driver loaded successfully. (numdevs = 2, numqueues = 1, imq_dev_accurate_stats = 1)

Loads with 2 devs, but subsequently loads with a single dev? I can't recall what expected behaviour is. I think it is using 2 because that is the number of CPUs on this device.

lantis1008 commented 6 years ago

@ericpaulbishop 18.06 rc1 tagged today. https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=13f64a1e597e00e7bc9cf73866533f668482c4fa

lantis1008 commented 6 years ago

@ericpaulbishop are ipv6 modules intentionally left in at this stage or just an oversight?

ericpaulbishop commented 6 years ago

They're not necessary, but I seem to remember there were some modules we do use that had at least one IPv6 dependencies (which is annoying). If you can get everything to compile without them, then by all means remove them.

lantis1008 commented 6 years ago

Looks like there will be an 18.06.1 tagged today/tomorrow to deal with a kernel CVE

lantis1008 commented 6 years ago

Even after my fix for the package sources they still aren't quite right now that the dust has settled. For example, mvebu now points to 

openwrt_18.06.1_base
http://downloads.openwrt.org/releases/18.06.1/base

but maybe should be

openwrt_18.06.1_base
http://downloads.openwrt.org/releases/packages-18.06/arm_cortex-a9_vfpv3/base/

i.e. https://downloads.openwrt.org/releases/packages-18.06/arm_cortex-a9_vfpv3/base/

obsy commented 5 years ago

@lantis1008

About: "connection basic page, many uci: not found errors indicating we may be feeding it obsolete network configuration. May try to clean these up eventually", see:

root@Gargoyle:/tmp# sh -x ./tmp.sh 
+ uci del wireless.stacfg
+ uci commit
+ uci del network.bridgecfg
uci: Entry not found
+ uci commit
+ uci del network.wwan
uci: Entry not found
+ uci commit
+ uci set 'network.wan=interface'
+ uci set 'wireless.stacfg=wifi-iface'
+ uci commit
+ uci del 'firewall.@defaults[0].force_router_dns'
uci: Entry not found
+ uci del network.wan.macaddr
uci: Entry not found
+ uci set 'wireless.stacfg=wifi-iface'
+ uci set 'wireless.stacfg.device=radio0'
+ uci set 'wireless.stacfg.mode=sta'
+ uci set 'wireless.stacfg.network=wan'
+ uci set 'wireless.stacfg.key=1234567890'
+ uci set 'wireless.stacfg.ssid=XXXXXXXXXXXXX'
+ uci set 'wireless.stacfg.encryption=psk2'
+ uci commit
+ /etc/init.d/dnsmasq enable
+ uci set 'gargoyle.connection.dhcp=200'
+ uci set 'gargoyle.firewall.portforwarding=100'
+ uci set 'gargoyle.firewall.restriction=125'
+ uci set 'gargoyle.firewall.quotas=175'
+ uci set 'qos_gargoyle.global.network=wan'
uci: Invalid argument
+ uci commit
+ sh /usr/lib/gargoyle/restart_network.sh
Error: There is no such init script like 'miniupnpd'.
udhcpc: started, v1.28.4
udhcpc: sending discover
udhcpc: no lease, failing
uci: Entry not found
ARPING to 10.1.1.1 from 10.1.1.148 via br-wan
Unicast reply from 10.1.1.1 [xxxxxx] 3.087ms
Unicast reply from 10.1.1.1 [xxxxxx] 818.841ms
Unicast reply from 10.1.1.1 [xxxxxx] 3.950ms
Sent 2 probe(s) (1 broadcast(s))
Received 3 reply (0 request(s), 0 broadcast(s))
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: seq=0 ttl=64 time=1.578 ms
64 bytes from 10.1.1.1: seq=1 ttl=64 time=1.504 ms

--- 10.1.1.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.504/1.541/1.578 ms
+ rm -rf /tmp/cached_basic_vars
+ /usr/lib/gargoyle/cache_basic_vars.sh
root@Gargoyle:/tmp#

"uci: not found" can be easy fix by adding "uci -q del". But this is wrong:

uci set 'qos_gargoyle.global.network=wan'

There is no such section "global" in qos_gargoyle.

https://github.com/ericpaulbishop/gargoyle/blob/master/package/gargoyle/files/www/js/basic.js#L663 https://github.com/ericpaulbishop/gargoyle/blob/master/package/gargoyle/files/www/js/basic.js#L853

obsy commented 5 years ago

Add to list: on some platform default mac addresses extracted from eeprom are stored in wan_dev/lan_dev section, not wan/lan itself. "Use Custom MAC Address:" should set mac in wan_dev section (if exists).

lantis1008 commented 5 years ago

Can you provide an example please?

obsy commented 5 years ago

Archer c7v2

network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan_dev=device
network.lan_dev.name='eth0.1'
network.lan_dev.macaddr='d4:6e:0e:d0:49:68'
network.wan_dev=device
network.wan_dev.name='eth0.2'
network.wan_dev.macaddr='d4:6e:0e:d0:49:69'
lantis1008 commented 5 years ago

Yep got it. I don’t have a device that works this way. Are you ok to test if I provide a solution?

obsy commented 5 years ago

Sure.