From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx.etorok.net (mx.etorok.net [62.113.205.31]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mx.etorok.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by huchra.bufferbloat.net (Postfix) with ESMTPS id EA91121F2D9 for ; Sat, 5 Apr 2014 01:34:22 -0700 (PDT) Received: by mx.etorok.net (OpenSMTPD) with ESMTP id 7acc29e0; Sat, 5 Apr 2014 11:34:16 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=etorok.net; h= message-id:date:from:mime-version:to:cc:references:in-reply-to :content-type:content-transfer-encoding; s=ml; l=1961; bh=kVyd7C JEOgNjJqrU2kpcUzKpRQo=; b=EmzbJ9GGgfdn1OsuplGN8NSnQYEfciH0qI5t3P OpUoc8JCc6tHm3TCSve6VD8MjfWagMzbcmK28p0N9ME6QYxWkdg9HPTFncQbCghM DOv3myJ41D6LF14x8+XYRUOKxO1q7huL2cioM/oTRaHmPgT42n+jFoQpsv4yLldw 8IRcg= Received: by mx.etorok.net (OpenSMTPD) with ESMTPSA id adf537f1; TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-SHA bits=128 verify=NO; Sat, 5 Apr 2014 11:34:16 +0300 (EEST) Message-ID: <533FC007.3010700@etorok.net> Date: Sat, 05 Apr 2014 11:34:15 +0300 From: =?ISO-8859-1?Q?T=F6r=F6k_Edwin?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.4.0 MIME-Version: 1.0 To: toke@toke.dk References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] cerowrt-3.10.34-4 dev build released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Apr 2014 08:34:23 -0000 Hi, On 04/03/2014 04:17 AM, Dave Taht wrote:> + resync with openwrt > they seem to be settling down... > + Toke's ntp + dnssec stuff > + Yet Another Patch to try and isolate the wireless hang problem > that happens to jg every day or so and nearly no-one else. > + Fix to babel's meshing interfaces > + dnsmasq updated to head (seems to be stabilizing) > + Tested for a couple hours Just upgraded to 3.10.34-4, works great! On 03/21/2014 07:47 PM, Dave Taht wrote: > + This is the first release with toke's bcp38 code installed (and > enabled by default). I am hoping people simply don't even notice it's > there... (it's off the firewall web page) I just tested BCP38, but it looks like it doesn't filter anything with PPPoE. My outgoing interface is actually called pppoe-ge00, so adding filter rules on ge00 doesn't have any impact. I hacked the script to set the interface name for iptables to pppoe-ge00 (not for uci, cause uci doesn't have an enabled=1 for pppoe): setup_ipset + interface=pppoe-ge00 setup_iptables "$interface" Any idea how to fix this properly without hardcoding the interface name? With this hack the bcp38 filtering works (10.0.0.1 is the P-t-P address on pppoe-ge00): # ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1): 56 data bytes ping: sendto: Operation not permitted # ipset list Name: bcp38-ipv4 Type: hash:net Revision: 4 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 8856 References: 2 Members: 127.0.0.0/8 192.0.2.0/24 203.0.113.0/24 0.0.0.0/8 192.168.0.0/16 198.51.100.0/24 169.254.0.0/16 10.0.0.0/8 10.0.0.1 nomatch 172.16.0.0/12 240.0.0.0/4 FWIW this is how my /etc/config/network entry looks like for PPPoE: config interface 'ge00' option ifname 'ge00' option _orig_ifname 'ge00' option _orig_bridge 'false' option proto 'pppoe' option username '' option password '' option ipv6 '1' Best regards, --Edwin