|
|
Subscribe / Log in / New account

Two OpenWrt service releases

[Posted December 10, 2020 by corbet]

The OpenWrt project has released two updates: 18.06.9 and 19.07.5. Both contain a number of important fixes, including a few with CVE numbers attached. Also notable is that 18.06.9 is the last update for 18.06; users will need up upgrade to 19.07 for continued support.
to post comments

Two OpenWrt service releases

Posted Dec 10, 2020 17:23 UTC (Thu) by hmh (subscriber, #3838) [Link] (4 responses)

If you think your router is much slower on 19.07 than 18.06, make sure you did not enable IEEE-802.11w management frame protection.

YMMV, but here it tanks client throughput drastically. Might be a bug on the client, though, or on the supplicant.

Two OpenWrt service releases

Posted Dec 12, 2020 6:21 UTC (Sat) by mangix (guest, #126006) [Link] (3 responses)

Efficient 11w requires hardware support.

ath10k supports it. I believe mt76 does as well. With ath9k, the older stuff does not.

Two OpenWrt service releases

Posted Dec 12, 2020 18:03 UTC (Sat) by johill (subscriber, #25196) [Link] (2 responses)

However, very few frames are actually management frames, so the GP post doesn't really make any sense.

Not sure what's going on there, but MFP *shouldn't* cause data traffic slowdowns, unless somehow MFP is badly implemented in the driver and causes everything to fall back to software crypto? I'd have to check.

Two OpenWrt service releases

Posted Dec 14, 2020 17:17 UTC (Mon) by hmh (subscriber, #3838) [Link] (1 responses)

I am not sure the slowdown is caused router-side, it could be something in the *client* that gets triggered by the 802.11w support, for all I know...

ATM I do have two different routers here I can test OpenWRT on ( Archer C7v4(BR), Archer C6v2(US) ), but only one client that can handle fast enough connections over WiFi that the issue shows up. The routers are running recent openwrt-19.07 snapshot (ath79), default firmware for their models (I think it is the -ct firmware).

The client is running the standard Debian 10 kernel (up-to-date), the hardware is a Dell laptop, with a QCA6174 radio and the standard firmware:
ath10k_pci 0000:02:00.0: qca6174 hw3.2 target 0x05030000 chip_id 0x00340aff sub 1028:0310
ath10k_pci 0000:02:00.0: kconfig debug 0 debugfs 0 tracing 0 dfs 0 testmode 0
ath10k_pci 0000:02:00.0: firmware ver RM.4.4.1.c2-00057-QCARMSWP-1 api 6 features wowlan,ignore-otp,no-4addr-pad,raw-mode crc32 e061250a
ath10k_pci 0000:02:00.0: htt-ver 3.56 wmi-op 4 htt-op 3 cal otp max-sta 32 raw 0 hwcrypto 1

I did notice slowdowns on *both* bands (2.4GHz and 5GHz), but it is far more visible in 5GHz, since it reaches far higher throughput.

Two OpenWrt service releases

Posted Dec 15, 2020 22:00 UTC (Tue) by johill (subscriber, #25196) [Link]

Yeah, I'm beginning to think that somehow it tickles your client into doing software crypto entirely ... but it doesn't look that way in the ath10k code? But I'm far from familiar with this particular driver, even if I maintain the wireless stack :-) You should probably post to linux-wireless@vger.kernel.org with this.

Two OpenWrt service releases

Posted Dec 13, 2020 19:03 UTC (Sun) by wx (guest, #103979) [Link] (1 responses)

Can anyone comment on the effect the EOL of 18.06 will have on hardware support for resource-constrained devices, particularly 4/32 ones (MB flash/MB RAM)?

Are those devices a lost case anyway? Any recommendations for well-supported and easy to install and recover (serial, JTAG) OpenWRT hardware?

I've been eyeing a TP-Link TL-WR841N because that looks like it would blend in better with a living room environment than the more recent offerings which all appear to have sci-fi space ship/stealth fighter aesthetics. Business oriented hardware tends to be wall/ceiling mounted PoE designs which unfortunately aren't a good fit for my needs either.

Two OpenWrt service releases

Posted Dec 14, 2020 6:46 UTC (Mon) by eduperez (guest, #11232) [Link]

4/32 devices have been a dead alley for years, this is probably the last call to move over towards new hardware

Two OpenWrt service releases

Posted Dec 14, 2020 5:54 UTC (Mon) by ncm (guest, #165) [Link] (1 responses)

I got a new thermostat, with a new heating system, that phones home every two minutes via SSL to port 443 somewhere.

Is there a proxy that can log plaintext traffic, and already packaged for OpenWRT? I couldn't identify any. (I am betting the thermostat won't refuse to talk to a proxy whose cert it doesn't like.)

Two OpenWrt service releases

Posted Dec 22, 2020 11:14 UTC (Tue) by hummassa (subscriber, #307) [Link]

Honest question, not trying to start a war or something:

What happens if you block the IP and port?


Copyright © 2020, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds