Page MenuHomeVyOS Platform

marekm (Marek Michałkiewicz)
User

Projects

User does not belong to any projects.

User Details

User Since
Aug 22 2020, 1:26 PM (215 w, 1 d)

Recent Activity

Wed, Oct 2

marekm added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.

The fix is still work in progress, I need to dig deeper into accel-ppp history that predates the github repo. Not sure why some code was commented out over 10 years ago, IPV6CP restart timer is not stopped and disconnects in 3 seconds. Looking at older history in sourceforge but not sure if the answer is even there, sourceforge seems to have lost old history before 2011 (broken links).

Wed, Oct 2, 11:44 AM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Tue, Oct 1

marekm added a comment to T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error.
Tue, Oct 1, 5:45 PM · VyOS 1.4 Sagitta

Tue, Sep 24

marekm added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.

Yes I am overloaded (who isn't), and yes I plan to make a PR but want to test it a bit more first, to be reasonably sure it causes no regression (potential resource leak if something allocated by the incomplete IPv6 configuration is not freed - not sure enough about accel-ppp internals). I'm working to rebuild replacement accel-ppp package (based on the same commit as in equuleus with just my patch applied, no other changes) and run it for a week or two while watching memory usage. Testing a fairly complex config in production environment, so not brave enough to try rolling or even sagitta just yet.

Tue, Sep 24, 5:45 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Tue, Sep 17

marekm added a comment to T2825: Support for x32 user space ABI (32-bit pointers) on x86-64 arch.

Not sure if still relevant after these years, as hardware has progressed to larger RAM sizes, but Debian x32 port doesn't seem to be very active anymore.

Tue, Sep 17, 7:24 AM · Restricted Project, VyOS 2.0.x
marekm changed Issue type from unspecified to optimization on T2825: Support for x32 user space ABI (32-bit pointers) on x86-64 arch.
Tue, Sep 17, 7:09 AM · Restricted Project, VyOS 2.0.x

Aug 2 2024

marekm added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.

https://github.com/xebd/accel-ppp/pull/186

Aug 2 2024, 4:03 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Jul 12 2024

marekm added a comment to T5797: MSS Clamping Not Applied to VRF Interface from MPLS Cloud.

Hmmm... nothing before today in this task seems related to ddclient at all, isn't this task referenced by mistake?
BTW, does anyone know what happened that Debian un-released ddcilent 3.10.0-3 (reverted to 3.10.0-2.1)?

Jul 12 2024, 10:23 PM · Restricted Project, VyOS 1.5 Circinus

Jul 3 2024

marekm added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.

I think it's not yet ready for PR - needs review by someone more experienced with accel-ppp internals.
Issue already reported there - https://github.com/accel-ppp/accel-ppp/issues/57
Isn't upstream effectively the same now (accel-ppp owned by VyOS)?
Some issues I reported in accel-ppp were moved to discussions but met with silence otherwise. It might (or not, I don't know) have to do with some personal disagreements - someone other than me might have better luck.

Jul 3 2024, 10:57 AM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Jul 2 2024

marekm updated subscribers of T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.

Hello @dmbaturin - it's now about 2 years since I've discovered this bug, any chances to review my patch?
I don't claim it's 100% correct, in simple tests it does prevent LCP termination but the closing IPV6CP part (after "else") needs review by someone with better understanding of accel-ppp internals.
I still have a few users of these buggy routers in my network, can help with testing and possibly backporting the fix to Equuleus.
Thanks!

Jul 2 2024, 8:41 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Jun 29 2024

marekm added a comment to T6483: Please include corresponding source packages for all .deb packages in APT repo.

Would the project accept community contributions to Debianize more of the packages?
It is not clear what "no plans" really means - simply "no time for it right now, but community help is welcome" (understandable) or "we don't want it because ..." (please explain the reasons).

Jun 29 2024, 7:21 PM · VyOS 1.5 Circinus
marekm added a comment to T6483: Please include corresponding source packages for all .deb packages in APT repo.

According to https://forum.vyos.io/t/building-rolling-apt-repo-with-deb-packages-from-source/14651/7 (I can't reply there - that thread is locked, and my account silenced) - "Jenkins build system is in process of deprecation."
This is news to me. Whatever the replacement will be, this feature request is not about deprecating Jenkins, but rather about Debianizing all of the source packages in the VyOS APT repo, in the same way some packages already are.
Search for *.dsc files in the current rolling-packages APT repo finds 21 of them, this is only a small part, it would be nice to see all packages there Debianized like this - this is what this feature request is about.
Then standard Debian tools can be used to rebuild *.deb packages from source packages. No need to search all of GitHub and assemble all parts.
Debian doesn't say "all source is in GitHub". Debian handles source packages as part of the standard packaging system. Debian is good. Please be like Debian. Thank you.

Jun 29 2024, 5:50 PM · VyOS 1.5 Circinus

Jun 28 2024

marekm added a comment to T6451: Please consider removing trademarked logo/artwork in public build scripts.

True, it is the user's responsibility to comply, no disagreement on that.
But a fairly simple change would make user's compliance easier, and it would be a win-win for everyone - why not?
Users who spend less time navigating a minefield of legal issues, could spend more doing useful things for the project.
It's not Invalid by any means. At least in my humble opinion - if you disagree, that's fine but please provide reasoned counter-arguments.

Jun 28 2024, 6:05 PM · VyOS 1.5 Circinus
marekm added a comment to T6483: Please include corresponding source packages for all .deb packages in APT repo.

This was not about .deb packages in Debian itself, but from the VyOS APT repo used for building the rolling images.
Wishlist priority previously triaged (just 2 weeks ago) was fine, it's not Invalid - or at least have some civil discussion if we disagree on some points.
Quoting the GPL below, of course it's not legally required for other licenses like BSD, but still a good thing for any open source project anyway.

Jun 28 2024, 5:45 PM · VyOS 1.5 Circinus

Jun 13 2024

marekm created T6483: Please include corresponding source packages for all .deb packages in APT repo.
Jun 13 2024, 11:44 AM · VyOS 1.5 Circinus

Jun 9 2024

marekm added a comment to T6450: Use http instead of https for rolling apt repo access.

@blueish - thanks! Yes, apt-mirror works now - but will it continue to work with the new storage too?
BTW, good to see "deb-src" - but only a few source packages are in there. I think it would be great to have corresponding source for all these *.deb packages in the Debian source package format, then anyone who wants to contribute will be able to use dpkg-buildpackage to rebuild them.

Jun 9 2024, 11:32 PM

Jun 6 2024

marekm added a comment to T6450: Use http instead of https for rolling apt repo access.

I see. Thank you for explaining this.
Will this new storage continue to be public - or only for those with paid subscriptions?
If it will be public - will it be possible to mirror, to serve plain http to those who need it?

Jun 6 2024, 2:41 PM
marekm created T6451: Please consider removing trademarked logo/artwork in public build scripts.
Jun 6 2024, 1:04 PM · VyOS 1.5 Circinus
marekm created T6450: Use http instead of https for rolling apt repo access.
Jun 6 2024, 12:25 PM

May 13 2024

marekm added a comment to T4453: dhclient fails to renew DHCP lease with VRF.

Many thanks. I think it was actually fixed earlier than 1.3.7 - I've been using VRF to allow SSH access only from a separate private management network, on a router that routes only public IP addresses (BGP, OSPF, PPPoE) otherwise, since about 1.3.5 or so.

May 13 2024, 6:45 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta

May 9 2024

marekm added a comment to T6322: Include microcode update packages for both intel and amd64 cpus.

Please consider making the microcode updates optional, and possible to load a specified file downloaded separately from the CPU vendor, independent of VyOS updates.
Some possible edge cases:

  • running VyOS in a VM (microcode update has no effect in the guest anyway, needs to be done in the hypervisor)
  • microcode update released in a hurry breaks something, need to revert to an older one
  • microcode update reduces performance, doesn't improve security of VyOS (because it's not a typical multi-user system with untrusted users who can run any programs)
  • microcode update has important fixes, but it will take time before a new LTS is released, or VyOS can't be updated because the subscription has expired
May 9 2024, 9:52 AM · Restricted Project, VyOS 1.5 Circinus

Apr 29 2024

marekm awarded T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error a Like token.
Apr 29 2024, 5:22 PM · VyOS 1.4 Sagitta
marekm awarded T6224: More easily produceable source builds a Like token.
Apr 29 2024, 5:05 PM · VyOS 1.5 Circinus
marekm added a comment to T6224: More easily produceable source builds.

It would be useful for 1.4 as well, to be able to rebuild the LTS with local patches to some packages but otherwise unmodified, for example to make it easier to test bug fixes in a single package (such as accel-ppp https://vyos.dev/T4600 ) without much risk to introduce new bugs.

Apr 29 2024, 5:04 PM · VyOS 1.5 Circinus
marekm added a comment to T2820: BGP crash in if_destroy_via_zapi.

I can (carefully) say it's probably fixed in 1.3.x with newer FRR (compared to 1.2.x in the original report) - I've moved the two PPPoE servers to the same two boxes running BGP (still using OSPF to redistribute routes, at few hundreds of them scalability is probably not an issue yet that would require BGP) and they don't seem to crash anymore.
Not tested in 1.4.x yet - I may test it some time after the 1.4 final release, if I will still be able to get it.

Apr 29 2024, 4:43 PM · VyOS 1.2 Crux

Apr 25 2024

marekm added a comment to T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error.

If all of this would be done by the build script (download sources, apply patches, build binary packages and copy them to a local filesystem) there would be no problem.
I can't even see the list of packages in that 403 Forbidden repo - all of it blocked completely, not just access to binary packages.

Apr 25 2024, 6:45 PM · VyOS 1.4 Sagitta
marekm added a comment to T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error.

OK, so where can I find the source (without the artwork) with the necessary patches and working build scripts (to build from the LTS, not rolling branch - just to be clear)? No problem to use my own CPU cycles and bandwidth and disk space, I can wait longer for the build to finish, sometimes (on sunny days) I even have some free electricity :) - in fact I would even prefer to build the binaries myself (of any packages not directly copied from Debian) rather than trust an external repo. And no problem, you've just got the 868th star from me, I simply didn't know this is something that matters. I have never distributed the LTS images to third parties, just using them internally. Yes, for some small scale production use (single-person business, running a very small local ISP for a few hundreds of customers) as a BGP router and PPPoE server (the latter replacing MikroTik because of their unfinished IPv6 support), not big enough to be able to afford a subscription.

Apr 25 2024, 2:34 PM · VyOS 1.4 Sagitta
marekm added a comment to T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error.

Sorry about the priority, but it may be quite serious for those who will lose access due to end of program "images for donations" on May 1, and would like to be able to build stable images from source.

Apr 25 2024, 10:04 AM · VyOS 1.4 Sagitta
marekm added a comment to T6249: ISO builder fails because of changed buster-backport repository.

Unfortunately not yet resolved for 1.4 - now reported separately here https://vyos.dev/T6264

Apr 25 2024, 9:43 AM · VyOS 1.3 Equuleus (1.3.6)
marekm triaged T6264: ISO builder fails to build 1.4 because of sagitta-packages repo 403 error as Urgent! priority.
Apr 25 2024, 9:41 AM · VyOS 1.4 Sagitta

Apr 24 2024

marekm added a comment to T6249: ISO builder fails because of changed buster-backport repository.

Meanwhile, trying to build 1.4 fails for a different reason - Debian 12 (bookworm) is still where it was, but sagitta-packages.vyos.net gives a 403 error:

Apr 24 2024, 7:36 PM · VyOS 1.3 Equuleus (1.3.6)

Mar 21 2024

marekm added a project to T6154: Installer should ask for password twice: VyOS 1.4 Sagitta (1.4.0-epa2).
Mar 21 2024, 9:07 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
marekm created T6154: Installer should ask for password twice.
Mar 21 2024, 9:06 PM · VyOS 1.4 Sagitta (1.4.0-epa3)
marekm changed Difficulty level from unknown to easy on T6153: Installer offers RAID-1 without excluding the USB install media.
Mar 21 2024, 8:32 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)
marekm created T6153: Installer offers RAID-1 without excluding the USB install media.
Mar 21 2024, 8:28 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

May 8 2023

marekm created T5211: route-map allows both IPv4 and IPv6 in one rule which never match.
May 8 2023, 4:54 PM

Feb 27 2023

marekm added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.

As a temporary workaround, I use the script below. For some reason /etc/rc.local no longer runs automatically on VyOS 1.3.2, so I run it manually after each reboot for now. Until it is run, Phicomm routers keep disconnecting due to failed IPV6CP negotiation incorrectly triggering complete PPPoE session termination. I have two PPPoE servers at different locations for redundancy, both rebooting at the same time is very unlikely, so I can live with it for now.

Feb 27 2023, 3:38 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Aug 8 2022

marekm added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.

See also https://github.com/accel-ppp/accel-ppp/issues/57
Testing this patch, PPPoE session with the Phicomm router now stays up, the missing part after "else" is to remove IPv6 configuration from ppp interface (not sure how to do it properly).

diff
diff --git a/accel-pppd/ppp/ppp_ipv6cp.c b/accel-pppd/ppp/ppp_ipv6cp.c
index 1194b31..2bac31b 100644
--- a/accel-pppd/ppp/ppp_ipv6cp.c
+++ b/accel-pppd/ppp/ppp_ipv6cp.c
@@ -738,7 +738,10 @@ static void ipv6cp_recv(struct ppp_handler_t*h)
                        if (conf_ppp_verbose)
                                log_ppp_info2("recv [IPV6CP TermReq id=%x]\n", hdr->id);
                        ppp_fsm_recv_term_req(&ipv6cp->fsm);
-                       ap_session_terminate(&ipv6cp->ppp->ses, TERM_USER_REQUEST, 0);
+                       if (conf_ipv6 == IPV6_REQUIRE)
+                               ap_session_terminate(&ipv6cp->ppp->ses, TERM_USER_REQUEST, 0);
+                       else
+                               ppp_layer_passive(ipv6cp->ppp, &ipv6cp->ld);
                        break;
                case TERMACK:
                        if (conf_ppp_verbose)
Aug 8 2022, 10:01 AM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Aug 7 2022

marekm added a comment to T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.

Log messages - http://91.224.224.43/phicomm/phicomm6.log
PPPoE server config:

Aug 7 2022, 6:24 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)
marekm created T4600: Closing IPV6CP by client closes PPPoE link completely, even if IPv6 is optional.
Aug 7 2022, 3:21 PM · Restricted Project, VyOS 1.4 Sagitta (1.4.1)

Jul 4 2022

marekm added a comment to T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.

@marekm Did you set a proper listen to address for it?

set system ntp listen-address x.x.x.x
Jul 4 2022, 9:23 AM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta

Jun 2 2022

marekm created T4456: NTP client in VRF tries to bind to interfaces outside VRF, logs many messages.
Jun 2 2022, 3:30 PM · VyOS 1.3 Equuleus (1.3.2), VyOS 1.4 Sagitta

Jun 1 2022

marekm updated the task description for T4453: dhclient fails to renew DHCP lease with VRF.
Jun 1 2022, 3:39 PM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta
marekm created T4453: dhclient fails to renew DHCP lease with VRF.
Jun 1 2022, 8:38 AM · VyOS 1.3 Equuleus (1.3.7), VyOS 1.5 Circinus, VyOS 1.4 Sagitta

Oct 14 2020

marekm added a comment to T2060: source-validation will be configured at different locations and could lead to massive confusion.

Just my thoughts - there are situations where rp_filter is not sufficient, and it was not clear to me how to do this cleanly with the zone firewall, so I ended up hacking a few iptables commands in rc.local instead.

Oct 14 2020, 6:59 PM · VyOS 1.3 Equuleus (1.3.6), VyOS-1.2.0-GA

Oct 2 2020

marekm added a comment to T2829: PPPoE server: mppe setting is implemented as node instead of leafNode.
In T2829#73944, @c-po wrote:

There can not be a config migrator, thus the setting will be changed to "prefer" (default) which will not break any client implementations

Oct 2 2020, 2:16 AM · VyOS 1.3 Equuleus (1.3.0), VyOS 1.2 Crux (VyOS 1.2.6)

Sep 9 2020

marekm triaged T2869: Intel ethernet driver defaults sub-optimal as Wishlist priority.
Sep 9 2020, 10:00 PM · VyOS 1.3 Equuleus (1.3.8), VyOS 1.4 Sagitta (1.4.0-GA), VyOS 1.2 Crux (VyOS 1.2.9), test

Aug 31 2020

marekm added a comment to T2820: BGP crash in if_destroy_via_zapi.

Even with customers routes redistributed by OSPF instead of iBGP, it has just crashed again:

Aug 31 2020, 2:28 PM · VyOS 1.2 Crux
marekm added a comment to T2820: BGP crash in if_destroy_via_zapi.

I tried unit-cache earlier but it seems to have issues too - I've seen duplicate routes if the same client (all have static IP assigned by RADIUS based on username) connects to a different PPPoE server and the old route is not removed, as if the cached (not removed) PPPoE interfaces were not seen as removed in FRR. But I haven't investigated this in more detail as it's a production setup, can't experiment too much on live customers.
I'm considering if I could go back to redistributing PPPoE customers /32 routes in OSPF instead of iBGP - it has been that way for a few years (using MikroTik, before moving to VyOS), but I've recently changed it following "BGP Best Current Practices" http://www.bgp4all.com.au/pfs/_media/workshops/05-bgp-bcp.pdf which recommends using OSPF only for infrastructure, not customers - seems logical to me as BGP was designed for much larger routing tables (all of the Internet), but perhaps OSPF is still good enough for just a few hundreds of customers.

Aug 31 2020, 9:00 AM · VyOS 1.2 Crux

Aug 30 2020

marekm added a comment to T2820: BGP crash in if_destroy_via_zapi.

I've just had two different routers (one bare metal and one VM) crash roughly at the same time, triggered by many PPPoE sessions disconnecting at the same time due to a short power failure (routers itself had power all the time, but power was interrupted for about a minute to a switch on the network between the routers and PPPoE clients). Stack traces are very similar (absolute addresses differ, but the same functions and offsets in them). And again, each time watchfrr restarted bgpd but it was not working until reboot. No problems so far with two other BGP routers running a similar configu but without any dynamic interfaces (only OSPF and BGP, no PPPoE servers).

Aug 30 2020, 1:44 PM · VyOS 1.2 Crux

Aug 28 2020

marekm added a comment to T2820: BGP crash in if_destroy_via_zapi.
Aug 28 2020, 10:10 AM · VyOS 1.2 Crux

Aug 27 2020

marekm changed Version from 1.2.5 to 1.2.6-epa1 on T2820: BGP crash in if_destroy_via_zapi.
Aug 27 2020, 6:21 PM · VyOS 1.2 Crux
marekm added a comment to T2820: BGP crash in if_destroy_via_zapi.

It crashed again after 5 days in 1.2.6-epa1, in the same function, also when a dynamic PPPoE interface was deleted.
It happens less frequently after the former customers who repeatedly failed authentication have been physically disconnected.
Again, BGP no longer works after watchfrr has restarted the bgpd process. All works again after reboot.

Aug 27 2020, 6:20 PM · VyOS 1.2 Crux

Aug 25 2020

marekm updated the task description for T2825: Support for x32 user space ABI (32-bit pointers) on x86-64 arch.
Aug 25 2020, 9:09 AM · Restricted Project, VyOS 2.0.x
marekm changed Difficulty level from unknown to hard on T2825: Support for x32 user space ABI (32-bit pointers) on x86-64 arch.
Aug 25 2020, 8:53 AM · Restricted Project, VyOS 2.0.x
marekm created T2825: Support for x32 user space ABI (32-bit pointers) on x86-64 arch.
Aug 25 2020, 8:50 AM · Restricted Project, VyOS 2.0.x

Aug 22 2020

marekm added a comment to T2820: BGP crash in if_destroy_via_zapi.

Maybe related - https://github.com/FRRouting/frr/issues/6439

Aug 22 2020, 2:50 PM · VyOS 1.2 Crux
marekm created T2820: BGP crash in if_destroy_via_zapi.
Aug 22 2020, 2:21 PM · VyOS 1.2 Crux