#linuxcnc-devel Logs
Apr 30 2020
#linuxcnc-devel Calendar
11:31 AM sync: is there a way to disable the iptables thing in the hm2_eth driver?
11:36 AM jepler: only by editing the source.
11:36 AM jepler: using the same network interface for general networking, or trying to send/receive packets from the same hostmot2 board are both recipes for trouble, so we defacilitate it pretty hard
11:36 AM jepler: I'd sure consider a pull request that adds a commandline flag like: disable_iptables_not_for_production=1
11:39 AM sync: jepler: well sure, but there are good reasons why I'm doing it like this
12:40 PM rene_dev_: jepler did you look at the axis issue I opened?
01:59 PM sync: hmm, I think I have straightpiped the iptables and arp stuff enough but I get board fails HM2 registration and hm2_eth: rtapi_app_main: Resource temporarily unavailable (-11)
02:06 PM mozmck: sync: just curious, what are you trying to do with iptables and arp?
02:07 PM sync: well, the hm2_eth driver wants to block all traffic but his own on the interface
02:07 PM sync: but I don't want that
02:08 PM mozmck: I see.
02:08 PM mozmck: I just noticed that on my xubuntu 18.04 install here iptables commands are failing because they need root access. I don't remember having that problem before.
02:36 PM jepler: the iptables commands are supposed to be run as root (rtapi_spawn_as_root) and there's a test that this function works (tests/uspace/spawnv-root/test_uspace_spawnv.c). Perhaps something about it broke nevertheless.
02:37 PM jepler: if your system is not detected as having a compatible realtime kernel, I think that the necessary permissions to spawn-as-root may be dropped
02:38 PM mozmck: Hmm, where would I find the stuff that detects the realtime kernel?
02:38 PM jepler: `Note: Using POSIX non-realtime`
02:39 PM mozmck: hi by the way - good to see you back on here some again. I've been away quite a bit for a while myself.
02:39 PM jepler: if this is printed, then you're not getting realtime, for whatever reason. The explanation is not verbose, you have to follow the logic by hand. For instance, it could be non-matching uname, it could be rtaip_app is not setuid root, etc
02:40 PM jepler: likewise
02:40 PM mozmck: hmm, is rtaip_app setuid root as part of the *.deb install?
02:40 PM jepler: it should be
02:43 PM mozmck: It says "Note: Using POSIX realtime"
02:44 PM mozmck: if I setuid on /sbin/xtables-multi it will run iptables.
02:45 PM andypugh: POSIX realtime means preempt-rt (normally)
02:45 PM jepler: that is not a correct solution, it would allow any user to run any iptables command
02:46 PM mozmck: Yeah, just testing things out. ls -l shows -rwsr-xr-r 1 root root for /usr/bin/rtapi_app
02:47 PM mozmck: the 's' means setuid I believe.
02:47 PM jepler: what package version of linuxcnc?
02:47 PM mozmck: I'm using 2.7.14 I believe
02:47 PM jepler: This is ringing a vague bell (like there was something about permissions on ubuntu that was .. weirder than anticipated) but I can't drag the thought all the way out of wherever it got lost
02:49 PM jepler: mozmck: what is the specific error iptables prints?
02:50 PM mozmck: iptables v1.6.1: can't initialize iptables table 'filter': Permission denied (you must be root)
02:51 PM mozmck: "Perhaps iptables or your kernel needs to be upgraded."
02:53 PM mozmck: Hmm, the last answer here seems to work: https://unix.stackexchange.com/questions/385109/can-you-list-iptables-as-a-non-root-user-and-why/385361
02:53 PM mozmck: I just ran: sudo setcap CAP_NET_RAW,CAP_NET_ADMIN+ep /sbin/xtables-multi
02:54 PM jepler: also not a good solution, it allows anyone who can execute that program the ability to do those actions including changing iptables
02:54 PM mozmck: Huh.
02:55 PM mozmck: I get a different error after that: sysctl: permission denied on key 'net.ipv6.conf.enp0s25.disable_ipv6"
02:55 PM jepler: same underlying cause explains it: rtapi failing to execute commands as root
02:55 PM mozmck: Sounds like something is not running setuid as it should maybe?
03:03 PM jepler: All I can contribute is, on debian buster with a RIP build I'm not having that type of problem ... and the tickle in the back of my brain that this is something we dealt with in the long ago..
03:04 PM jepler: but searching mailing list archives and google didn't turn it up
03:06 PM sync: ah, rip, I was running into some timeout
03:06 PM sync: I guess it does not happen in a less-yolo setup than mine but a debug message would have been nice :)
03:07 PM pcw_home: IICRC the iptables thing got fixed in 2.8
03:08 PM mozmck: I'll see if I can find the fix in 2.8 then - thanks for the pointer.
03:08 PM pcw_home: it seems to come back if I run 2.7 on this (mint 19.3 = sort of buster) machine
03:11 PM jepler: aha https://bugs.launchpad.net/ubuntu/+source/dash/+bug/1215660
03:17 PM jepler: possibly ecde556204e407b40b3ff35e287e5887558c2cd7
05:19 PM jepler: skunkworks: think you'd have the time to try some new pi4 images if I produce some tomorrow? I hope to have the kernel upgrade bug that bit seb_kuzminsky fixed..
05:37 PM jepler: I think that I now have a kernel package with all the "stuff" so it won't have to worry about conflicting with raspberrypi-kernel or getting stomped on by it. Downside, it'll only boot on pi4. Earlier images would have booted on pi1/2/3/zero but without RT support.
07:55 PM sync: turns out when you want to use a mesa card over WiFi you need to increase the timeout some as I found out before
09:46 PM skunkworks: jepler: sure - If not tomorrow - this weekend.
09:47 PM skunkworks: So - You can do a apt-get update/upgrade with out it trashing the system?
09:50 PM skunkworks: (I didn't try it on your previous builds as the ones I created had the problem)
09:55 PM jepler: Yeah that's the dea
09:55 PM jepler: idea
09:56 PM jepler: having trouble getting the kernel version to be what it needs so the version is higher than the last one though
09:56 PM skunkworks: I got side tracked when I all of a sudden had latency errors.. (finally figured out the update pushed the normal kernel)
09:56 PM jepler: once that's done then I can build a fresh image hopefully tomorrow
09:57 PM jepler: at least your system ended up bootable, apparently seb's didn't
09:57 PM skunkworks: jepler: thanks for your work! It really looks like the pi4 is a decent machine control. (I have been running it for a while now with no suprises..
09:58 PM jepler: sure thing, but all I did was follow JT's instructions and add a little extra sauce to make it a debian package
09:59 PM skunkworks: jepler: yes - JT's inital work was awesome - got me going.
09:59 PM seb_kuzminsky: the little fan on my p4 died after something like a month of on-time
09:59 PM skunkworks: (and I haven't been doing 'trivial' machine control.
10:00 PM seb_kuzminsky: i'm running with no fan and no heat sink now and /sys/class/thermal/thermal_zone0/temp says 56-58 C
10:00 PM skunkworks: seb_kuzminsky: I have been running one of those heatsink cases.. It has been working good - with an overclock.
10:00 PM seb_kuzminsky: (with no load)
10:00 PM seb_kuzminsky: how does the heatsink case protect against chips?
10:00 PM seb_kuzminsky: i've been thinking of printing a case with a 40mm fan mount over the cpu
10:01 PM skunkworks: seb_kuzminsky: not very well.. But it is stuck up behind the monitor.. so far so good.
10:01 PM seb_kuzminsky: maybe that's good enough
10:02 PM skunkworks: http://electronicsam.com/images/greenmachine/IMG_20191211_200010.jpg
10:02 PM skunkworks: I mean - they could get in there..
10:03 PM jepler: I have one with heatsink case that I use for kernel building and one bare one with adhesive heat sink in the CPU. But no chips in my house....
10:04 PM skunkworks: http://electronicsam.com/images/greenmachine/IMG_20200119_160436.jpg
10:04 PM jepler: Not sure how to get air flow but no particles entering
10:05 PM skunkworks: That is pretty much how it is now.. I have to finish it...
10:05 PM seb_kuzminsky: it's like the masks, you try for some balance between airflow and protection
10:05 PM seb_kuzminsky: https://www.thingiverse.com/thing:3721616
10:06 PM skunkworks: seb_kuzminsky: I started with a 3d printed case.. But like you - the fan stopped working after a month
10:06 PM skunkworks: month
10:07 PM seb_kuzminsky: i have some high-quality 40mm fans that ran for years (i think?) on the odroid u3's that were the buildbot armhf slaves, they still spin fine, i'm hoping to reuse them
10:07 PM skunkworks: seb_kuzminsky: http://electronicsam.com/images/greenmachine/IMG_20190924_180846.jpg
10:08 PM skunkworks: ah - there is a better picture
10:08 PM skunkworks: http://electronicsam.com/images/greenmachine/IMG_20190831_204957.jpg
10:08 PM seb_kuzminsky: http://highlab.com/occasional-thoughts//pics//2017/02/23/open-source-cad-cam-mc/IMG_20170223_125140.jpg
10:08 PM seb_kuzminsky: oh nice
10:09 PM seb_kuzminsky: it triggers my ocd how much forking there is on thingiverse, and how little merging :-(
10:09 PM skunkworks: I remember that :)
10:09 PM seb_kuzminsky: the world doesn't need 1,000,000 pi4 cases, we need one (or maybe 10) really good ones
10:10 PM skunkworks: You have a label maker.. ;)
10:10 PM seb_kuzminsky: it goes well with my poor memory :-)
10:11 PM skunkworks: we were pulling network cables out of a ceiling that I had no recolection of running...
10:11 PM * skunkworks needs to map the network one of these days
10:12 PM Tom_L: i think andy should make that aluminum one he did for the pi3 for the pi4
10:12 PM skunkworks: In case you didn't see it on linuxcnc...
10:12 PM Tom_L: with all the vent holes
10:12 PM skunkworks: http://electronicsam.com/images/greenmachine/IMG_20200430_214406.jpg
10:12 PM skunkworks: http://electronicsam.com/images/greenmachine/IMG_20200430_214323.jpg
10:13 PM seb_kuzminsky: that's awesome skunkworks !
10:13 PM seb_kuzminsky: lathe-mode for your polygonal boring?
10:13 PM seb_kuzminsky: Tom_L: do you have a pic of andy's Al pi-case?
10:13 PM skunkworks: seb_kuzminsky: yes
10:14 PM skunkworks: I have these http://electronicsam.com/images/greenmachine/IMG_20191119_161842.jpg
10:14 PM skunkworks: but again - fan.
10:17 PM seb_kuzminsky: these have lasted much longer than the slightly cheaper alternatives, for me: https://noctua.at/en/products/fan
10:20 PM seb_kuzminsky: 6 year mfg warranty
10:20 PM seb_kuzminsky: this is the specific model i used on the u3's: https://noctua.at/en/nf-a4x10-5v
10:40 PM Tom_L: i'm looking
10:49 PM Tom_L: seb_kuzminsky, i can't find it (i'm sure andy can) but it uses this grid pattern: https://www.youtube.com/watch?v=518AWHLn3ZU
10:50 PM Tom_L: not the video, the first image
10:50 PM Tom_L: or approx 12:40
10:53 PM seb_kuzminsky: andy milled one like that out of Al for the pi4? neat :-)
10:53 PM Tom_L: for the pi3
10:53 PM Tom_L: offset rows of holes cut halfway both front and back
10:54 PM Tom_L: i just can't find the article
10:54 PM seb_kuzminsky: i get the idea from the pictures
10:54 PM seb_kuzminsky: looks cool
10:55 PM Tom_L: https://www.thingiverse.com/thing:3731685
10:55 PM Tom_L: one like it but not the one i saw