[Cerowrt-devel] cerowrt 3.10.17-3 released

[Cerowrt-devel] cerowrt 3.10.17-3 released

[Dave Taht]

+ this fixes the lighttppd bug noted in -2.
+ has support for signed packages
+ better random support
+ tested long enough to check for the -2 regression

- doesn't do https yet
- still abuses rc.local for starting up late daemons
- sysupgrade still busted, please use this to upgrade:

mtd -r write openwrt-ar71xx-generic-wndr3700v2-squashfs-sysupgrade.bin
firmware # but with the correct firmware name

Get it at:

http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.17-3/


-- 
Dave Täht

Re: [Cerowrt-devel] cerowrt 3.10.17-3 released

[Dave Taht]

On Mon, Oct 21, 2013 at 1:45 PM, Dave Taht <dave.taht@gmail.com> wrote:
> + this fixes the lighttppd bug noted in -2.
> + has support for signed packages
> + better random support
> + tested long enough to check for the -2 regression
>
> - doesn't do https yet
> - still abuses rc.local for starting up late daemons
> - sysupgrade still busted, please use this to upgrade:
>
> mtd -r write openwrt-ar71xx-generic-wndr3700v2-squashfs-sysupgrade.bin
> firmware # but with the correct firmware name
>
> Get it at:
>
> http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.17-3/
>
>
> --
> Dave Täht

Also, I added optional support for the mildly misnamed port-mirroring package

http://code.google.com/p/port-mirroring/

It's not very fast so I don't think it's useful for much on this arch.

I have tagged and pushed out the sources for this release also. There
are very few things left that are truly bothersome (besides
sysupgrade), and most are landing this week (notably pie).

Re: [Cerowrt-devel] cerowrt 3.10.17-3 released

[Richard E. Brown]

I have updated my configuration script for CeroWrt so that I can use it as a secondary router. I'm currently using CeroWrt 3.7.5-2 as my primary router, and want to make changes to the new router so the addresses/SSIDs etc. don't conflict.

The file "cerowrt-config-secondary.sh" script at http://www.bufferbloat.net/attachments/download/173/cerowrt-config-secondary.sh is a shell script that has sections for consistently configuring aspects of your router. This makes it easy to install new firmware and set all your custom configs in a single file.

This script also gives examples of using a UCI command line instead of the GUI to configure the router.

I have tested this script briefly with the new 3.10.17-3, and it seems fine. The script changes:

# - Set the IP subnets to 172.30.43.x (instead of 172.30.42.x)
# - Set the SSIDs to CeroWrt+... (instead of the default CeroWrt-...)
# - Set the 5GHz radio to channel 44 (instead of 36)
# - Set a WPA2-PSK password of 'Beatthebloat' on all SSIDs
# - Set the AQM parameters for 6500/700 kbps down/upload speeds
# - Enable mDNS on the ge00 (wan) interface - only do this for secondary router

I would love to have comments on this. Thanks.

Rich

Re: [Cerowrt-devel] cerowrt 3.10.17-3 released

[Stephen Hemminger]

On Mon, 21 Oct 2013 14:04:24 -0700
Dave Taht <dave.taht@gmail.com> wrote:

> On Mon, Oct 21, 2013 at 1:45 PM, Dave Taht <dave.taht@gmail.com> wrote:
> > + this fixes the lighttppd bug noted in -2.
> > + has support for signed packages
> > + better random support
> > + tested long enough to check for the -2 regression
> >
> > - doesn't do https yet
> > - still abuses rc.local for starting up late daemons
> > - sysupgrade still busted, please use this to upgrade:
> >
> > mtd -r write openwrt-ar71xx-generic-wndr3700v2-squashfs-sysupgrade.bin
> > firmware # but with the correct firmware name
> >
> > Get it at:
> >
> > http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.17-3/
> >
> >
> > --
> > Dave Täht
> 
> Also, I added optional support for the mildly misnamed port-mirroring package
> 
> http://code.google.com/p/port-mirroring/
> 
> It's not very fast so I don't think it's useful for much on this arch.
> 
> I have tagged and pushed out the sources for this release also. There
> are very few things left that are truly bothersome (besides
> sysupgrade), and most are landing this week (notably pie).
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel

This is the slowest way to implement SPAN, in userspace using libpcap.
The fastest is to use tc mirred action but no one seems to know about it.

Re: [Cerowrt-devel] cerowrt 3.10.17-3 released

[Dave Taht]

On Mon, Oct 21, 2013 at 6:34 PM, Stephen Hemminger
<stephen@networkplumber.org> wrote:
> On Mon, 21 Oct 2013 14:04:24 -0700
> Dave Taht <dave.taht@gmail.com> wrote:
>
>> On Mon, Oct 21, 2013 at 1:45 PM, Dave Taht <dave.taht@gmail.com> wrote:
>> > + this fixes the lighttppd bug noted in -2.
>> > + has support for signed packages
>> > + better random support
>> > + tested long enough to check for the -2 regression
>> >
>> > - doesn't do https yet
>> > - still abuses rc.local for starting up late daemons
>> > - sysupgrade still busted, please use this to upgrade:
>> >
>> > mtd -r write openwrt-ar71xx-generic-wndr3700v2-squashfs-sysupgrade.bin
>> > firmware # but with the correct firmware name
>> >
>> > Get it at:
>> >
>> > http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.17-3/
>> >
>> >
>> > --
>> > Dave Täht
>>
>> Also, I added optional support for the mildly misnamed port-mirroring package
>>
>> http://code.google.com/p/port-mirroring/
>>
>> It's not very fast so I don't think it's useful for much on this arch.
>>
>> I have tagged and pushed out the sources for this release also. There
>> are very few things left that are truly bothersome (besides
>> sysupgrade), and most are landing this week (notably pie).
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
> This is the slowest way to implement SPAN, in userspace using libpcap.
> The fastest is to use tc mirred action but no one seems to know about it.

And still don't... unless you elucidate?! Do you mean the TEE target?

In this case I was looking to get data from the wifi interfaces to a
server on the
lan, and tzsp seemed the best approach... until it benchmarked out so
darn slow. I don't mind losing the raw data and using the TEE
target...

It would be cool to have a tzsp target though, as that can run on an AP far, far
away from the server.


-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] cerowrt 3.10.17-3 released

[Stephen Hemminger]

With TC you can apply an action to packets coming in.
One of those actions is mirred (not a typo) which mirrors the packet
to another device. There is both mirror and redirect possible.

Jamal invented this years ago, but actions are not widely used.

Inside Vyatta CLI wrappers, the port-mirroring capability converts to tc
commands. For example doing SPAN equivalent from eth0 to eth1 is:

  tc filter add dev eth0 parent ffff: \
     protocol all prio 10 u32 \
     match u32 0 0 flowid 1:1 \
     action mirred egress mirror dev eth1

The actions apply to a filter, and this seemed to be a workable (match all)
filter.

     

Re: [Cerowrt-devel] cerowrt 3.10.17-3 released

[Dave Taht]

On Tue, Oct 22, 2013 at 4:12 PM, Stephen Hemminger
<stephen@networkplumber.org> wrote:
> With TC you can apply an action to packets coming in.
> One of those actions is mirred (not a typo) which mirrors the packet
> to another device. There is both mirror and redirect possible.
>
> Jamal invented this years ago, but actions are not widely used.

I use this technique for an input redirect into ifb for cerowrt's
shaper. It works
well.

> Inside Vyatta CLI wrappers, the port-mirroring capability converts to tc
> commands. For example doing SPAN equivalent from eth0 to eth1 is:
>
>   tc filter add dev eth0 parent ffff: \
>      protocol all prio 10 u32 \
>      match u32 0 0 flowid 1:1 \
>      action mirred egress mirror dev eth1

In this case the device on eth1 would have to be an entirely passive
device otherwise it will attempt to interact with that traffic (?) In
the case of cero, it has two ethernet devices available, one hooked
directly into a switch, and as many wifi ones as you want. What would
probably work would be to split off a dedicated vlan port for the
mirror and send stuff to dev eth1.4 - (for example) so long as the
listening server was entirely passive.

 tc filter add dev sw00 parent ffff: \
       protocol all prio 10 u32 \
       match u32 0 0 flowid 1:1 \
      action mirred egress mirror dev se00.4

but you'd also want to do it on ingress too. (?)

I forget the syntax for splitting off a vlan port in cero...

> The actions apply to a filter, and this seemed to be a workable (match all)
> filter.

Both directions?

>
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] cerowrt 3.10.17-3 released

[Stephen Hemminger]

On Tue, 22 Oct 2013 16:27:02 -0700
Dave Taht <dave.taht@gmail.com> wrote:

> On Tue, Oct 22, 2013 at 4:12 PM, Stephen Hemminger
> <stephen@networkplumber.org> wrote:
> > With TC you can apply an action to packets coming in.
> > One of those actions is mirred (not a typo) which mirrors the packet
> > to another device. There is both mirror and redirect possible.
> >
> > Jamal invented this years ago, but actions are not widely used.
> 
> I use this technique for an input redirect into ifb for cerowrt's
> shaper. It works
> well.
> 
> > Inside Vyatta CLI wrappers, the port-mirroring capability converts to tc
> > commands. For example doing SPAN equivalent from eth0 to eth1 is:
> >
> >   tc filter add dev eth0 parent ffff: \
> >      protocol all prio 10 u32 \
> >      match u32 0 0 flowid 1:1 \
> >      action mirred egress mirror dev eth1
> 
> In this case the device on eth1 would have to be an entirely passive
> device otherwise it will attempt to interact with that traffic (?) In
> the case of cero, it has two ethernet devices available, one hooked
> directly into a switch, and as many wifi ones as you want. What would
> probably work would be to split off a dedicated vlan port for the
> mirror and send stuff to dev eth1.4 - (for example) so long as the
> listening server was entirely passive.

Yes, eth1 was assumed passive. 

> 
>  tc filter add dev sw00 parent ffff: \
>        protocol all prio 10 u32 \
>        match u32 0 0 flowid 1:1 \
>       action mirred egress mirror dev se00.4

That should work but doing mirror from se00 to se00.4 would create
a death spiral.

> 
> but you'd also want to do it on ingress too. (?)
> 
> I forget the syntax for splitting off a vlan port in cero...
> 
> > The actions apply to a filter, and this seemed to be a workable (match all)
> > filter.
> 
> Both directions?

This was done on ingress only.