Updated OpenWrt/muvirt/kernels + SFP info for LuCI

Hi all,

I have gone through and updated all our OpenWrt and kernel builds in the last few days.
This includes:

• OpenWrt 21.02 (with 5.10 backport)
• OpenWrt 22.03+rc5
• muvirt with 22.03+rc5
• Kernel 5.10.128, 5.15.52 and 5.19.0-rc5 packages for Debian

Download links are on the front page of archive.traverse.com.au

All these include a bugfix for the real time clock driver, which did not properly read and set the 12/24 hour mode. The patch has been submitted upstream.

If you are upgrading from OpenWrt 21.02 to 22.03, be aware that 22.03 migrates to the new nftables based firewall4. You may need to take action if you have custom iptables rules (e.g /etc/firewall.user), or applications that interact with iptables rather than nftables (see openwrt/packages: Certain upstream switch to firewall4 aka nftables instead of iptables)

Note: due to a compile breaking change in recent 5.10.12x kernels, the xtables-addons package has been removed from our 21.02 builds.

I am going on vacation for the next couple of weeks, so there won’t be any updates during that time, except for a major security issues.

SFP information/statistics for LuCI

Also included in the OpenWrt/muvirt 22.03 builds is a new SFP information module for LuCI:

OpenWrt-LuCI-SFP952×692 120 KB

This is basically a nice interace to the ethtool -m command.

The code for this module currently lives in muvirt-feed/sfp-diagnostics-luci. It also requires an addition to board.d to add the SFP slot info to board.json.

This depends on a patch I developed for ethtool that adds JSON export support for it’s -m / --module-info command:
https://patchwork.kernel.org/project/netdevbpf/cover/20220704054114.22582-1-matt@traverse.com.au/

Once the ethtool patches are upstreamed I will look into getting the module itself added to LuCI.
Any feedback on this would be much appreciated.

Currently running 22.03 on my Ten64. Working great so far. (Just had to rebuild dropbear to add full ECC support so I can SSH in from my MacBook)

Looking at the “sftp-diagnostics-luci”, it seems it will only ever read board.json, which is probably fine for most boards, however due to the fact I run a customized DPL, my SFPs are eth4 and eth5 and not 8 and 9.
There is currently no “/etc/config/sfp-diagnostics” or similar to be able to override the board definitions.
For now I have manually edited board.json to fit my setup, but some overrides might be nice, especially for upstreaming this for devices that might have full PCIe slots so you can add custom NICs etc.

Also, on another note: This might be better moved under the “Status” tab in LuCi, rather than “Network”, following the pattern of where all other things go.

Thanks for the feedback!

Yes, the interfaces are ‘hardcoded’ by board and I would like to fix this.
In the meantime you can edit /etc/board.d/73_sfp so it refers to the correct interfaces in your case.

The problem in my way at the moment is that there doesn’t seem to be a way to find out (from userspace, like sysfs) what network interface the SFP driver is ultimately controlling. We can figure it out on the Ten64 using restool but I would like a generic solution.

Didn’t realise there were updates: I’ve just sysupgraded and am running OpenWrt 22.03.0-rc5+traverse 585453076 / LuCI openwrt-22.03 branch git-22.167.28394-8a4486a

Initially I’d lost luci, but I’d used the ‘keep list of installed packages’ option so I could fix it via opkg install $(cat /etc/backup/installed_packages.txt | awk '{print $1}')

Missing certain things like upnp from the archive but otherwise it seems fine.

The /data mountpoint that I’ve been using on the NVMe drive was missing but the partition was there and untouched.

Crap, /proc is missing - is this intended?

Phew, rebooted and we’re back.

Missing packages - samba, upnp etc

Hi all,

Updated OpenWrt builds are out:
21.02
22.03
master

muvirt will follow, I want to fix a few bugs that have been reported here. As will a new recovery firmware.

I am still tweaking the master branch a bit so it’s package selection is slightly out of sync with the others.
(example: the ethtool json patches, SFP LuCI and DPAA2 crypto packages are not there yet)

Hi Matt,

Do you know if these builds include SSL support in iperf? I noticed that (previous) builds of Traverse OpenWRT included iperf but without SSL support which is available in the iperf-ssl package selection.

SSL support is used for iperf server authentication. Not a huge deal to compile from source but curious on the choice of defaults

Regards
Tony

Not at the moment, but I’ll add iperf3-ssl into the selection. Thanks for the suggestion!

Just updated my Ten64 to this, working well so far.

If you’re looking for more possible packages, here’s the ones I’m currently installing that your repo does not have (not sure how important any of those are to other users):

• 6in4 (most packages needed for this are already in repo, but that one package in base is not)
• Stubby: getdns / stubby (DNS-TLS proxy and its library)
• Prometheus node exporter: luasocket / uhttpd-mod-lua / prometheus-node-exporter-lua (plus every package beginning with prometheus-node-exporter-lua-, as in, its submodules)

Also, I have to recompile Dropbear to add support for all the public keys (since I use Secretive on macOS which can only generate ecdsa-sha2-nistp keys, you might be in the same boat considering the uVirt version of dropbear includes this support out of the box)

Other packages I’m interested in, but not currently using, because they need kmods which are annoying to compile in my setup:

• iPhone tethering (possibly not exhaustive): kmod-usb-net-ipheth usbmuxd libimobiledevice usbutils

I’d really love to be able to set up openvpn with tun/tap as well.

Hmm, not sure how OpenVPN fell out of the build. I’ve added a check to the build script now to ensure it says in.

Here is an updated 22.03 with OpenVPN and some of the packages @Doridian asked for:
https://archive.traverse.com.au/pub/traverse/ls1088firmware/openwrt/branches/22_03/641853167/image/
Also fixed a versioning issue, the last couple were showing as 22.03-rc5 despite being newer.

Hi @mcbridematt,

muVirt 2022-09-26 (as listed at https://archive.traverse.com.au/) is based on OpenWrt 22.03 exactly, or some few commits later? Is it recommended to install?

It’s a few commit’s ahead of 22.03 (to include a mac80211 fix) but still on the same kernel and other versions. So good to use.

Hi all,

OpenWrt 22.03.2 builds are available. These include security fixes for the WiFi issues reported in the last few days.

• OpenWrt
• muvirt

Hey @mcbridematt ,

I’ve just upgraded from 22.02 and realised that I can no longer create a k3os cluster. Muvirt k3os’ master node fails to return the clustertoken plus I cannot connect to the console it seems that even though I can make a dhcp reservation from lan network the eth0 interface gets an 169.254.x.x IP.

Could you please help on this?

I found the cause. There have been some changes to OpenWrt’s firewall4 in this release which broke a DHCP fix needed by k3os or others.

If you want to fix it now, edit the file /usr/share/firewall4/templates/ruleset.uc, and move line 386:

oifname "br-lan" udp dport 68 udp checksum set 0 comment "muvirt: checksum fix for VM DHCP"

to be under line 410:

{% for (let rule in fw4.rules("mangle_postrouting")): %}
    {%+ include("rule.uc", { fw4, rule }) %}
{% endfor %}
oifname "br-lan" udp dport 68 udp checksum set 0 comment "muvirt: checksum fix for VM DHCP

The new version of firewall4 provides a better way to add hooks so I will look into that for the next build.

Gotcha! Thank you!!

btw: BlueKrypto is maintaining k3os upgrades, and it performs well with 5.15 kernel, could be of interest to update k3os downloadurl from k3os-cluster-wizard

here is the image I used: https://github.com/BlueKrypto/k3os/releases/download/v0.24.4-k3s1-r0/k3os-arm64.iso

Unfortunately yet I cannot connect to the console nor via ssh, after adding my public key, something weird is going on…