From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 583AC21F21C for ; Sun, 20 Oct 2013 06:12:51 -0700 (PDT) Received: from compute5.internal (compute5.nyi.mail.srv.osa [10.202.2.45]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 30EBF20C9B; Sun, 20 Oct 2013 09:12:50 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Sun, 20 Oct 2013 09:12:50 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=imap.cc; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s=mesmtp; bh=8HYgcJF1Jt5naBF7m8b24aj19PE=; b=r+1dhTlXMS9th9h2LXiWnTQf95Oa 7DZ5EfdN+aAwH9UEoExSaGL0bkCSsjYEcmIJLAbdv2ilvQtNMOC5qVQNZBc1R1Wl xHLC3heIsEgHSIrPSFK5S9hruP3H7lFrED6Mzv4mDxhdXISaUifErEpxzftWFLeU bxyvKCFGofKa6Xk= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=8HYgcJF1Jt5naBF7m8b24a j19PE=; b=bWOSekVSf87IHDUhRLcEYWl6R2YFAZkgRa3SxKLyRlan6PBMSZ+eSn BUoxxUaQzoh2flP56XjWeBiWCW55HJ/KcGBDnlIKt5bZjoNBnsFiIhFiFxAQfoKI nxUkIMBgrR76QxFpbWG1GpzilX/GWwTvvKEDib8A2DKnGxOiFXHUc= X-Sasl-enc: 8VZLN/sDci2NvFFx44JArvRKX+hvxrbne8D2ySDsgMk8 1382274769 Received: from [172.30.42.8] (unknown [2.96.52.198]) by mail.messagingengine.com (Postfix) with ESMTPA id B1AB568013B for ; Sun, 20 Oct 2013 09:12:49 -0400 (EDT) Message-ID: <5263D6D0.6090800@imap.cc> Date: Sun, 20 Oct 2013 14:12:48 +0100 From: Fred Stratton User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Cerowrt-devel] development build 3.10.17-1 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Oct 2013 13:12:51 -0000 Spoke too soon . Machine running OS X 10.8.5 cannot obtain wireless DHCP lease. Machine running 10.7.5 has no problem. On 20/10/13 06:41, Dave Taht wrote: > + sync with openwrt > + dnsmasq 2.67rc4 > + get_cycles() and /dev/random fixes > + mild firewall changes > + actually sort of tested > - sysupgrade still busted > - didn't package the jitter rng > > The simple expedient of putting a script in /etc/rc.local to restart > pimd, minissdpd, and dnsmasq 60 seconds after boot appears to get us a > working dhcp/dns on the wifi interfaces once again. > > dnsmasq wasn't busted, it was how it interfaces to netifd. the march > down to something deployable resumes with rc4. > > This is the first test that I know of, of some of the RNG fixes > upstream, notably the mips code does the right thing with a highly > optimized "get_cycles()". > > There are two changes to the firewall code > > 1) There has been a long-standing error in not blocking port 161 > (snmp) from the outside world. It is now blocked by default. > > Although I am not aware of any exploits of this (besides the > information leakage) I would recommend blocking this port by default > on your existing builds, also, or disabling the snmp daemon entirely > if you do not use it. > > 2) Usage of the "pattern matching syntax" on various firewall rules. > > Instead of 3 rules for se00,sw00,sw10, and 4 for gw00,gw10,gw01,gw11 > there are now 1 rule for s+ and one rule for gw+ > > This does not show up in the web interface correctly. I'd also like to > get to a more efficient rule set for the blocked ports, perhaps with > ipset... > > ... > > It's sort of my hope that with these fixes that the march towards a > stable release can resume, and we get some fresh shiny new bugs out of > this. > > Upcoming next are a revised version of pie, more random number fixes, > and I forget what else. > > > 3) >