From: "Toke Høiland-Jørgensen" <toke@toke.dk>
To: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] BCP38 implementation
Date: Thu, 20 Mar 2014 14:07:45 +0100 [thread overview]
Message-ID: <87ior9ow66.fsf@toke.dk> (raw)
In-Reply-To: <87pplh9q09.fsf@toke.dk> ("Toke =?utf-8?Q?H=C3=B8iland-J?= =?utf-8?Q?=C3=B8rgensen=22's?= message of "Thu, 20 Mar 2014 10:29:58 +0100")
[-- Attachment #1: Type: text/plain, Size: 1479 bytes --]
So, another new version that should now be relatively feature-complete.
It should be possible to just install these two packages:
http://archive.tohojo.dk/cerowrt/wndr/3.10.32-9-tohojo/packages/bcp38_4-1_ar71xx.ipk
http://archive.tohojo.dk/cerowrt/wndr/3.10.32-9-tohojo/packages/luci-app-bcp38_2-1_all.ipk
and have everything enabled and working. This version does away with the
firewall rules in the config (so no need to add them; if they exist it
shouldn't hurt, I think, but might as well just remove them) in favour
of inserting a whole separate iptables chain to do the matching on.
There's now also an auto-detection feature for the upstream network,
which should automatically whitelist it when the rules are set up. It
does this by looking at the routing table for the upstream interface,
and testing all 'scope link' routes against the configured ipset, adding
exceptions if they match. There's a config toggle to turn off this
behaviour, and manual exceptions can be added instead of (or in addition
to) the auto-detection.
Since this detection is done at every run time, it should also include
hotplugging; the firewall is reloaded every time an interface is
hotplugged, which also reloads the bcp38 configuration and re-does the
auto-detection.
Testing is very much appreciated; until some of you tell me different, I
believe this version is suitable for inclusion in cerowrt. At least all
the issues on my own previous lists have been fixed AFAIK. :)
-Toke
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 489 bytes --]
next prev parent reply other threads:[~2014-03-20 13:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-19 20:59 Toke Høiland-Jørgensen
2014-03-19 21:44 ` Dave Taht
2014-03-19 22:31 ` Toke Høiland-Jørgensen
2014-03-20 9:29 ` Toke Høiland-Jørgensen
2014-03-20 13:07 ` Toke Høiland-Jørgensen [this message]
2014-03-20 17:38 ` Dave Taht
2014-03-20 18:14 ` Toke Høiland-Jørgensen
2014-03-22 20:04 ` Norman Yarvin
[not found] ` <532AB801.6050702@openwrt.org>
2014-03-20 10:28 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ior9ow66.fsf@toke.dk \
--to=toke@toke.dk \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox