From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 7A4E821F175 for ; Sun, 20 Apr 2014 13:46:52 -0700 (PDT) Received: from hms-beagle.home.lan ([217.86.120.237]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0Mcmmn-1WKitv050j-00I0V7; Sun, 20 Apr 2014 22:46:50 +0200 Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) From: Sebastian Moeller In-Reply-To: Date: Sun, 20 Apr 2014 22:46:49 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Dave Taht X-Mailer: Apple Mail (2.1510) X-Provags-ID: V03:K0:Ug9lmpkHTvn6Ag+72bpGLUBXqua13TnukpoVjdq832G/kHSxmbW hkDHn+tyDsPBIVeTzSbH4IL50XrC0jT/9U8aMU9BY1YTl6xJSYEbKsUB190Xhd74dkRCPlI McqLnlP8jWFW/ehzwrXaZbj6OCCk7rb6LKRlOwTTSfuyDeH4ozuquLizd4EEE8FlEtrXR8I oRYWP+anY7FmZ4Z6ENVsg== Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] cerowrt-3.10.36-6 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2014 20:46:53 -0000 Hi Dave, On Apr 19, 2014, at 22:01 , Dave Taht wrote: > + felix's wifi patch for bug #442 added > please break wifi. >=20 > + debloat qlens reduced again to 12 for be and bk wifi queues > + heartbleed fix from -3 forward >=20 > I note that nearly every "secured"-by-openssl network facing daemon = has been > shown vulnerable to heartbleed. The hole in openvpn bit *me*, in > particular. I've updated, rekeyed and re-certified the vpns I have in > place, and you should too for any openvpn servers and clients you have > too. >=20 > It was a real PITA for me, and I only had a few boxes on it. >=20 > For more details, see: = http://community.openvpn.net/openvpn/wiki/heartbleed >=20 > For more details on the daemons potentially affected by heartbleed in > cerowrt, openwrt, and others, see the advisory at: >=20 > http://www.bufferbloat.net/news/50 >=20 > + resync with openwrt > notably there were updates to netifd, and a fix for a strongswan CVE >=20 > + dnscrypt added as an optional package (thx stephen walker and = "mailjoe") > + snort added as an optional package >=20 > +/- full dnssec > - upgrade to httping 2.x broke > - no sqm auto tuning yet Note, all you need is to put the word "auto" (without the = quotes) in the fields named: Latency target for ingress, e.g 5ms [units: s, ms, or us]; leave empty = for default, or auto for automatic selection. and Latency target for egress, e.g. 5ms [units: s, ms, or us]; leave empty = for default, or auto for automatic selection.. The bigger caveat is that the current implementation probably is not = ideal and could need a bit of data guided optimization=85 @Dave: if you think this is ready to be inflicted upon the greater = cerowrt community I can see what is required to actually make SQM = default to that behavior.. Best Regards sebastian > - neither snort nor dnscrypt tested >=20 > If you are not experiencing problems with wifi or with heartbleed > there are few reasons to update to this release. >=20 > I wanted to note to those that use sysupgrade without a clean reflash, > in that the > /etc/opkg.conf file is not re-written in this case, and still points > to the old repository. > If you wish to install additional packages after an inplace upgrade, > you will have > to also update /etc/opkg.conf to point to the right place. >=20 > --=20 > Dave T=E4ht >=20 > NSFW: = https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indec= ent.article > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel