From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 1E2BE21F20A for ; Mon, 21 Apr 2014 12:18:48 -0700 (PDT) Received: from hms-beagle.home.lan ([217.86.120.237]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0MLujU-1WZ1Pl2G3o-007jXS; Mon, 21 Apr 2014 21:18:45 +0200 Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Sebastian Moeller In-Reply-To: Date: Mon, 21 Apr 2014 21:18:33 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <7AADF025-DEFA-4A21-8934-CB5188D1F882@gmx.de> References: To: Dave Taht X-Mailer: Apple Mail (2.1510) X-Provags-ID: V03:K0:le/L+QMPITkqFwQgyxY23z+mX3pj9AsWcNSPrLLUxFu9mVljDXg 01OUgriW8GxY/liRAWEPKSi3SevhPTxn0dLXFm8d1Qv+NsnAjUgHoEHBxvaiNjCaJ5zLF8R ofz3wlHojomlW3hVkaW8ZbRMOXA4Jy2RMl6OC3U6gW4KDj2SJ+gyucmr7p4oRu3E53tPnW7 aUPNQdXgWFmpOw00kK63Q== Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] cerowrt-3.10.36-6 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2014 19:18:48 -0000 Hi Dave, On Apr 21, 2014, at 21:09 , Dave Taht wrote: > On Sun, Apr 20, 2014 at 1:46 PM, Sebastian Moeller = wrote: >> Hi Dave, >>=20 >>=20 >> On Apr 19, 2014, at 22:01 , Dave Taht wrote: >>=20 >>> + felix's wifi patch for bug #442 added >>> please break wifi. >>>=20 >>> + debloat qlens reduced again to 12 for be and bk wifi queues >>> + heartbleed fix from -3 forward >>>=20 >>> I note that nearly every "secured"-by-openssl network facing daemon = has been >>> shown vulnerable to heartbleed. The hole in openvpn bit *me*, in >>> particular. I've updated, rekeyed and re-certified the vpns I have = in >>> place, and you should too for any openvpn servers and clients you = have >>> too. >>>=20 >>> It was a real PITA for me, and I only had a few boxes on it. >>>=20 >>> For more details, see: = http://community.openvpn.net/openvpn/wiki/heartbleed >>>=20 >>> For more details on the daemons potentially affected by heartbleed = in >>> cerowrt, openwrt, and others, see the advisory at: >>>=20 >>> http://www.bufferbloat.net/news/50 >>>=20 >>> + resync with openwrt >>> notably there were updates to netifd, and a fix for a strongswan = CVE >>>=20 >>> + dnscrypt added as an optional package (thx stephen walker and = "mailjoe") >>> + snort added as an optional package >>>=20 >>> +/- full dnssec >>> - upgrade to httping 2.x broke >>> - no sqm auto tuning yet >>=20 >> Note, all you need is to put the word "auto" (without the = quotes) in the fields named: >> Latency target for ingress, e.g 5ms [units: s, ms, or us]; leave = empty for default, or auto for automatic selection. >> and >> Latency target for egress, e.g. 5ms [units: s, ms, or us]; leave = empty for default, or auto for automatic selection.. >>=20 >> The bigger caveat is that the current implementation probably is not = ideal and could need a bit of data guided optimization=85 >=20 > And more eyeballs. Oh, sure! >=20 >> @Dave: if you think this is ready to be inflicted upon the greater = cerowrt community I can see what is required to actually make SQM = default to that behavior.. >=20 > Inflict away. Great, I just pushed a number of changes reworking the handling = of IFB devices (WIP, lightly tested not fully complete but saner than = the previous hard coding). I also snuck in the change I believe to me = the last missing piece to change the "default" behavior to auto. How do I build an ilk packet from ceropackages? Then I could go = and test a fresh install to see whether the committed changes actually = chance the default ;). Oh and I do hope you have/will have a great = vacation. Best Regards Sebastian >=20 >> Best Regards >> sebastian >>=20 >>> - neither snort nor dnscrypt tested >>>=20 >>> If you are not experiencing problems with wifi or with heartbleed >>> there are few reasons to update to this release. >>>=20 >>> I wanted to note to those that use sysupgrade without a clean = reflash, >>> in that the >>> /etc/opkg.conf file is not re-written in this case, and still points >>> to the old repository. >>> If you wish to install additional packages after an inplace upgrade, >>> you will have >>> to also update /etc/opkg.conf to point to the right place. >>>=20 >>> -- >>> Dave T=E4ht >>>=20 >>> NSFW: = https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indec= ent.article >>> _______________________________________________ >>> Cerowrt-devel mailing list >>> Cerowrt-devel@lists.bufferbloat.net >>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >>=20 >=20 >=20 >=20 > --=20 > Dave T=E4ht >=20 > NSFW: = https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indec= ent.article