OpenWrt/LEDE v17.01.5 service release

Pilot6 · July 23, 2018, 5:49pm

openwrt/target/linux/generic/patches-4.4/001-Revert-sit-reload-iphdr-in-ipip6_rcv.patch

diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index dec4e7b..11282ff 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -692,7 +692,6 @@ static int ipip6_rcv(struct sk_buff *skb)
 
 		if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6)))
 			goto out;
-		iph = ip_hdr(skb);
 
 		err = IP_ECN_decapsulate(iph, skb);
 		if (unlikely(err)) {

Don't forget to remove it when kernel updates. But if you stay on 17.01.5 source, you can leave it.

anon80727944 · July 23, 2018, 11:42pm

Some clients would not stay connected to 5 GHz AC on WRT3200ACMv1 running 17.01.5.

I've since moved on to 18.06.0rc2 on both WRT1900ACSv1 and WRT3200ACMv1. Seems stable and clients do not drop connection.

patrikx3 · July 24, 2018, 6:46am

@anon80727944 Then, 18.06.0rc2 is stable totally?

patrikx3 · July 24, 2018, 7:30am

@anon80727944 do you use OpenVpn and tunnelbroker? Because that is gone wrong. The others are stable.

Klingon · July 24, 2018, 10:56am

I've noticed something curious in my C7 v2. I have one device connected 24h/365d to my wifi (mobile phone).

Mon Jul 23 23:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Mon Jul 23 23:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Mon Jul 23 23:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Mon Jul 23 23:43:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Mon Jul 23 23:53:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:03:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:43:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 00:53:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:03:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:43:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 01:53:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:03:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:43:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 02:53:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 03:03:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 03:13:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 03:23:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)
Tue Jul 24 03:33:39 2018 daemon.info hostapd: wlan0: STA XX:XX:XX:XX:f8:44 WPA: group key handshake completed (RSN)

And every 10 minutes is "handshaking".
In previous firmware versions I never saw something like that. It's not a problem because everything works fine.

The same is happening with other wifi devices, every 10 minutes handshake.

Thanks,

eduperez · July 24, 2018, 11:40am

That "group key handshake" is part of the WPA protocol, and is a security feature, those messages are completely normal. You can change the interval, and 10 minutes is the default value. You probably did not notice those messages before, of your previous firmware was silent about that feature, or perhaps it was disabled for some reason.

lleachii · July 24, 2018, 1:35pm

I've changed this value to 24 hours; under your wifi-iface:

    option wpa_group_rekey '86400'

This fixed a lot of rekeying issues I experienced in areas with a highly-congested 2.4 GHz WiFi band.

Klingon · July 24, 2018, 1:36pm

Thanks @eduperez and @lleachii for your info!!!

I'll change the default value indeed.

ledes · July 24, 2018, 9:05pm

I wonder if increasing this value some how makes KRACK easier, or is the patch on 17.x solid enough?

ledes · July 24, 2018, 9:05pm

Tunnelbroker is still broken in 18.06.0rc2 ??

slh · July 24, 2018, 10:01pm

Changing the rekeying intervalls to long intervalls (10 minutes are chosen for a reason, if you make it 5, 15 or 20 minutes would be fine), orders of magnitude beyond its defaults, you do make cracking the encryption significantly easier.

Per · July 24, 2018, 10:36pm

Why is the Wiki still referring everyone to the 17.01.4 version? https://openwrt.org/toh/start

lleachii · July 25, 2018, 12:41am

Group keys are only for multicast; but I do agree.

patrikx3 · July 25, 2018, 5:12am

dunno, still waiting until it is stable

tmomas · July 25, 2018, 5:52am

Because 18.06.0 is scheduled for 27.07.2018, see https://openwrt.org/releases/18.06/start#roadmap

mbo2o · July 25, 2018, 6:54am

I think he may be referring to 17.01.5 vs 17.01.4, currently get no results when filtering for 17.01.5

hnyman · July 25, 2018, 7:23am

I think that tmomas was trying to indicate that it makes no sense to mass-update all links for 17.01.5 for just a few days before 18.06.0 gets released.

jow · July 25, 2018, 7:57am

I think it does as there will be devices which will not be supported by 18.06 anymore. Otherwise, if updating the micro versions is deemed too much effort then we should drop them as they provide little value. A mere 17.01.x or 17.01 might be more useful then.

Per · July 25, 2018, 8:15am

But surely it must have been a lot more work making 17.01.5 than updating the links for it? I think most people will assume 17.01.4 is the newest and use that one without them. Personally I will probably use 17 for a while longer on my main router until the 18 branch is more stable. 18.06.1 is scheduled in August already.

tmomas · July 25, 2018, 8:55am

Exactly.

I will take care of that and set those devices to 17.01.5.