SpongeB0B

cross-posted from: https://programming.dev/post/24356655

Hi,

I would like to forward packets that come from a wireguard connection to a local subnet

environment

• Client: connected to server trough wireguard IP 192.168.X.2
• server: connected to Client trough wireguard IP 192.168.X.1 and 192.168.Y.1 ( it's not systemd free ¯\(ツ)/¯  )
• aMachine: on the same subnet as server IP 192.168.Y.2

   

on the server I've done

#I don't know if this is necessary ?
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl --system

I've added the following rule to my nftables config but it seem the packet get lost ?

#added inside existing table `table ip Tip {}`
chain chPreRoute {
type nat hook prerouting priority 0; policy accept;
iif wg0 icmp type echo-request dnat to 192.168.Y.2
}

Hi,

I would like to forward packets that come from a wireguard connection to a local subnet

environment

• Client: connected to server trough wireguard IP 192.168.X.2
• server: connected to Client trough wireguard IP 192.168.X.1 and 192.168.Y.1 ( it's not systemd free ¯\(ツ)/¯  )
• aMachine: on the same subnet as server IP 192.168.Y.2

on the server I've done

#I don't know if this is necessary ?
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl --system

I've added the following rule to the nftables config on server but it seem the packet get lost ?

#added inside existing table `table ip Tip {}`
chain chPreRoute {
type nat hook prerouting priority 0; policy accept;
iif wg0 icmp type echo-request dnat to 192.168.Y.2
}

Hi,

I would like to pass the arguments to apt trough a .sh script.

apt install "${1}/opensnitch_${1}_amd64.deb" "${1}/python3-opensnitch-ui_${1}_all.deb"

so for example if I launch test.sh 1.6.5 the script should run apt install 1.6.5/opensnitch_1.6.5_amd64.deb 1.6.5/python3-opensnitch-ui_1.6.5_all.deb

but it's not wokring it pass to apt only 1.6.5 and not the rest of the string... any ideas ?

Hi,

On my Debian 12 Bookworm ( raspberry pi )

My nftables do not block DHCP packets ! according to this basic rules

nft -y list rulesset

table ip Tip {

	chain chIN {
		type filter hook input priority 0; policy drop;
		ct state established,related accept
	}
	chain chFW {
		type filter hook forward priority 0; policy drop;
	}
	chain chOUT {
		type filter hook output priority 0; policy drop;
		udp dport 67 drop #DHCP
		udp dport 53 accept
		tcp dport { 80, 443} accept
		ct state established,related accept
	}

}

DHCP should be blocked... but it's not as I get an IP from it..

Any ideas ?

Thanks.

cross-posted from: https://programming.dev/post/23945016

Hi,

I've recompiled my kernel[^moreinfo] of my raspberry pi 4 than run under Devuan rpi

some of the command used on the rpi to compile

apt install build-essential libncurses-dev bison flex libssl-dev libelf-dev
mkdir /RaspKernel_6_1_y && cd /RaspKernel_6_1_y
git clone --depth=1 --branch rpi-6.1.y https://github.com/raspberrypi/linux
cd linux
cp /boot/config-6.1.93 /RaspKernel_6_1_y/linux/.config
KERNEL=kernel8
make menuconfig
time make -j$((`nproc` - 2)) Image.gz modules dtbs
make -j$((`nproc` - 2)) modules_install
cp arch/arm64/boot/Image.gz /boot/broadcom/$KERNEL.img
cp arch/arm64/boot/dts/broadcom/*.dtb /boot/broadcom/
cp arch/arm64/boot/dts/overlays/*.dtb* /boot/firmware/overlays/
cp arch/arm64/boot/dts/overlays/README /boot/firmware/overlays/
reboot
apt install cryptsetup

In addition to have enabled some cipher/algorithm in the kernel config I have set a string ( TESTversionA ) in CONFIG_LOCALVERSION , may be I shouldn't have :/ ?

I'm currently following this guide LUKS on Raspberry Pi ( for context my related lemmy post )

So now that the kernel has been updated, the cryptsetup benchmark -c xchacha20,aes-adiantum-plain64 command is successful

So in order to enable luks in initramfs I'm following the preparing-linux section of this guide.

we can read:

initramfs has to be recreated

I followed the guidance and edited the initramfs-rebuild file to match my setup

initramfs-rebuild file

#!/bin/sh -e

# Rebuild initrd.gz after kernel upgrade to include new kernel's modules.
# https://github.com/Robpol86/robpol86.com/blob/master/docs/_static/initramfs-rebuild.sh
# Save as (chmod +x): /etc/kernel/postinst.d/initramfs-rebuild

# Remove splash from cmdline.
if grep -q '\bsplash\b' /boot/cmdline.txt; then
  sed -i 's/ \?splash \?/ /' /boot/cmdline.txt
fi

# Exit if not building kernel for this Raspberry Pi's hardware version.
version="$1"
current_version="$(uname -r)"
case "${current_version}" in
  *-v7+)
    case "${version}" in
      *-v7+) ;;
      *) exit 0
    esac
  ;;
  *+)
    case "${version}" in
      *-v7+) exit 0 ;;
    esac
  ;;
esac

# Exit if rebuild cannot be performed or not needed.
[ -x /usr/sbin/mkinitramfs ] || exit 0
[ -f /boot/broadcom/initrd.gz ] || exit 0
lsinitramfs /boot/broadcom/initrd.gz |grep -q "/$version$" && exit 0  # Already in initramfs.

# Rebuild.
mkinitramfs -o /boot/broadcom/initrd.gz "$version"

and when I run mkinitramfs -o /boot/broadcom/initrd.gz I got

grep: /boot/config-6.1.93TEST+: No such file or directory

I've did

cp /RaspKernel_6_1_y/linux/.config /boot/config-6.1.93TEST+
mkinitramfs -o /boot/broadcom/initrd.gz

and it seemed worked. I've edit the remaining files

• /boot/broadcom/cmdline.txt
• /etc/fstab
• /etc/crypttab

rebooted. Landed in the initramfs shell as expected

but benchmark -c xchacha20,aes-adiantum-plain64 is no longer successful :'(

Cipher xchacha20,aes-adiantum-plain64 (with 256 bit key) is not available

Any ideas where might lay the problem ?

Thanks.

[^moreinfo]: --branch rpi-6.1.y https://github.com/raspberrypi/linux

Hi,

I've recompiled my kernel[^moreinfo] of my raspberry pi 4 that run under Devuan rpi

apt install build-essential libncurses-dev bison flex libssl-dev libelf-dev
mkdir /RaspKernel_6_1_y && cd /RaspKernel_6_1_y
git clone --depth=1 --branch rpi-6.1.y https://github.com/raspberrypi/linux
cd linux
cp /boot/config-6.1.93 /RaspKernel_6_1_y/linux/.config
KERNEL=kernel8
make menuconfig
time make -j$((`nproc` - 2)) Image.gz modules dtbs
make -j$((`nproc` - 2)) modules_install
cp arch/arm64/boot/Image.gz /boot/broadcom/$KERNEL.img
cp arch/arm64/boot/dts/broadcom/*.dtb /boot/broadcom/
cp arch/arm64/boot/dts/overlays/*.dtb* /boot/firmware/overlays/
cp arch/arm64/boot/dts/overlays/README /boot/firmware/overlays/
reboot
apt install cryptsetup

I'm currently following this guide LUKS on Raspberry Pi ( for context my related lemmy post )

So now that the kernel has been updated, the cryptsetup benchmark -c xchacha20,aes-adiantum-plain64 command is successful

So in order to enable luks in initramfs I'm following the preparing-linux section of this guide.

we can read:

initramfs has to be recreated

I followed the guidance and edited the initramfs-rebuild file to match my setup

#!/bin/sh -e

# Rebuild initrd.gz after kernel upgrade to include new kernel's modules.
# https://github.com/Robpol86/robpol86.com/blob/master/docs/_static/initramfs-rebuild.sh
# Save as (chmod +x): /etc/kernel/postinst.d/initramfs-rebuild

# Remove splash from cmdline.
if grep -q '\bsplash\b' /boot/cmdline.txt; then
  sed -i 's/ \?splash \?/ /' /boot/cmdline.txt
fi

# Exit if not building kernel for this Raspberry Pi's hardware version.
version="$1"
current_version="$(uname -r)"
case "${current_version}" in
  *-v7+)
    case "${version}" in
      *-v7+) ;;
      *) exit 0
    esac
  ;;
  *+)
    case "${version}" in
      *-v7+) exit 0 ;;
    esac
  ;;
esac

# Exit if rebuild cannot be performed or not needed.
[ -x /usr/sbin/mkinitramfs ] || exit 0
[ -f /boot/broadcom/initrd.gz ] || exit 0
lsinitramfs /boot/broadcom/initrd.gz |grep -q "/$version$" && exit 0  # Already in initramfs.

# Rebuild.
mkinitramfs -o /boot/broadcom/initrd.gz "$version"

grep: /boot/config-6.1.93TEST+: No such file or directory

I've did

cp /RaspKernel_6_1_y/linux/.config /boot/config-6.1.93TEST+
mkinitramfs -o /boot/broadcom/initrd.gz

and it seemed worked. I've edit the remaining files

• /boot/broadcom/cmdline.txt
• /etc/fstab
• /etc/crypttab

rebooted. Landed in the initramfs shell as expected

but benchmark -c xchacha20,aes-adiantum-plain64 is no longer successful :'(

Cipher xchacha20,aes-adiantum-plain64 (with 256 bit key) is not available

Any ideas where might lay the problem ?

Thanks.

[^moreinfo]: --branch rpi-6.1.y https://github.com/raspberrypi/linux

Hi,

I'm trying to encrypt the root filesystem / of a raspberry pi 4 device running under Devuan rpi ( custom kernel )

I'm following LUKS on Raspberry Pi 2021 guide

That explain step by step how achieve this.

But the guide use initramfs and my distro seem to use initrd

So the question, is: should I migrate to initramfs ? and how check whats is inside my current initrd

or keep-up with initrd but then how insert the necessary to enable LUKS drive to be mounted by it ( initrd ) ?

Thanks.

Hi,

I have a great piece of software, that apparently need HAVE_KPROBES_ON_FTRACE

To config the kernel option I'm using :

make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- menuconfig

The Kernel is Linux/arm64 6.6.63

When I'm doing a search inside menuconfig i get:

Symbol: HAVE_KPROBES_ON_FTRACE [=n]
Type  : bool
Defined at arch/Kconfig:223


Symbol: KPROBES_ON_FTRACE [=n]
Type  : bool
Defined at arch/Kconfig:117
 Depends on: KPROBES [=y] && HAVE_KPROBES_ON_FTRACE [=n] && DYNAMIC_FTRACE_WITH_REGS [=n]

But I found it no where in the menu... and if I add it mannuly in the .config file, then make some more other adapations in menuconfig my manual entry disappear..

Any ideas ?

Maybe HAVE_KPROBES_ON_FTRACE is not supported in 6.6.63 ?

Thanks

Hi,

The SBC Raspberry Pi 4 boot on an sdcard with two partition /boot and /

So I managed to encrypt the partition / with cryptsetup

Here the partition of my sd-card

I've modified the /boot/cmdline.txt

to ( on one line )

console=serial0,115200
console=tty1
root=UUID=#If I try the UUID of sdb2 it fail and also the UUID when I use `cryptsetup luksOpen /dev/sdb2 b2open`
rootfstype=ext4
fsck.repair=yes
loglevel=5
net.ifnames=0
firmware_class.path=/lib/firmware/updates/brcm
rootwait
cryptdevice=UUID=#I dont know which one:b2open

any ideas ?

Thanks.

Hi,

I have an air gaped[^1] device. ( Devuan )

How do you manage to install packages/software on off-line[^1] device ?

I've heard of apt-offline but it seem to bug and I don't know if it's still maintained (last release two years ago)

of course I've tried manually but the dependencies relations are too crazy to do that fully manually

├── Depends
│   ├── Depends
│   │   ├── Depends
│   │   │   ├── Depends
│   │   │   │   └── python3-dbg_3.9.2-3_amd64.deb
│   │   │   ├── libcurl4-gnutls-dev_7.74.0-1.3+deb11u14_amd64.deb
│   │   │   ├── python3-pycurl-dbg_7.43.0.6-5_amd64.deb
│   │   │   └── python-pycurl-doc_7.43.0.6-5_all.deb
│   │   ├── python3-httplib2_0.18.1-3_all.deb
│   │   └── python3-pycurl_7.43.0.6-5_amd64.deb
│   ├── iso-codes_4.6.0-1_all.deb
│   ├── python3-pysimplesoap_1.16.2-3_all.deb
│   └── python-apt-common_2.2.1_all.deb
├── python3-apt_2.2.1_amd64.deb
└── python3-debianbts_3.1.0_all.deb

Any ideas ?

Thanks.

[^1]: air gaped, off-line
https://en.wikipedia.org/wiki/Air_gap_(networking)

cross-posted from: https://programming.dev/post/18448635

Hi,

I was a very long time I didn't need to created a animated gif... I had a program before to take a static images (.jpg, .png etc..) and convert then into an animated gif..

All the web search engine push for online (aka SaaSS) tool 🤮

Do you know a program that do that ( Linux )

Thanks.

Hi,

I was a very long time I didn't need to created a animated gif... I had a program before to take a static images (.jpg, .png etc..) and convert then into an animated gif..

All the web search engine push for online (aka SaaSS) tool 🤮

Do you know a program that do that ( Linux )

Thanks.