From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 8D3DB21F209 for ; Sun, 20 Oct 2013 01:35:23 -0700 (PDT) Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 6A6B120495; Sun, 20 Oct 2013 04:35:20 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Sun, 20 Oct 2013 04:35:20 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=imap.cc; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s=mesmtp; bh=jRhrjKJuFavAhy+bKMSvXHlE6Uk=; b=qxgytIIk54O7Rk2VSbjZT4ktkLBm CVTvydMC30RiDvZFRG14PZnbSiFZfjwhJMl4McSchgaCdJg3lbbnMY17aksV12m4 TBu6YlaSh/tlzMaxaOxPDD0K5nC4YR0Ek66TGlmLtKMG+P9SNbmR/iGcqQKIIMqZ UJP8ahan98fR1tM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=jRhrjKJuFavAhy+bKMSvXH lE6Uk=; b=Yr+y6VVV2UkZRXGd5fvkGadKeNnn325bEuvHxE684m0rgtAU1Vn+ts P0mOIYXumS2jjcg8qY/Z95w3kQphLugo8mtWzxm1P/X9OgVhMqI5ecrTq1j3FVsG +nNOy2YnNAZdXWS4RL2/nDZDYWluyHfR66wR+sSQM30a2P8wX1oMs= X-Sasl-enc: bjQjORBZUIhwYE6FHKOF3IytblJj6oI0bp+e+A8fgdGL 1382258120 Received: from [172.30.42.8] (unknown [2.96.62.76]) by mail.messagingengine.com (Postfix) with ESMTPA id EB431680096 for ; Sun, 20 Oct 2013 04:35:19 -0400 (EDT) Message-ID: <526395C7.7030403@imap.cc> Date: Sun, 20 Oct 2013 09:35:19 +0100 From: Fred Stratton User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Cerowrt-devel] development build 3.10.17-1 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Oct 2013 08:35:24 -0000 Works correctly here. Thank you for your efforts. On 20/10/13 06:41, Dave Taht wrote: > + sync with openwrt > + dnsmasq 2.67rc4 > + get_cycles() and /dev/random fixes > + mild firewall changes > + actually sort of tested > - sysupgrade still busted > - didn't package the jitter rng > > The simple expedient of putting a script in /etc/rc.local to restart > pimd, minissdpd, and dnsmasq 60 seconds after boot appears to get us a > working dhcp/dns on the wifi interfaces once again. > > dnsmasq wasn't busted, it was how it interfaces to netifd. the march > down to something deployable resumes with rc4. > > This is the first test that I know of, of some of the RNG fixes > upstream, notably the mips code does the right thing with a highly > optimized "get_cycles()". > > There are two changes to the firewall code > > 1) There has been a long-standing error in not blocking port 161 > (snmp) from the outside world. It is now blocked by default. > > Although I am not aware of any exploits of this (besides the > information leakage) I would recommend blocking this port by default > on your existing builds, also, or disabling the snmp daemon entirely > if you do not use it. > > 2) Usage of the "pattern matching syntax" on various firewall rules. > > Instead of 3 rules for se00,sw00,sw10, and 4 for gw00,gw10,gw01,gw11 > there are now 1 rule for s+ and one rule for gw+ > > This does not show up in the web interface correctly. I'd also like to > get to a more efficient rule set for the blocked ports, perhaps with > ipset... > > ... > > It's sort of my hope that with these fixes that the march towards a > stable release can resume, and we get some fresh shiny new bugs out of > this. > > Upcoming next are a revised version of pie, more random number fixes, > and I forget what else. > > > 3) >