Re: [Cerowrt-devel] development build 3.10.17-1 released

[Dave Taht <dave.taht@gmail.com>]

On Sun, Oct 20, 2013 at 6:17 AM, David Personette <dperson@gmail.com> wrote:
> I have a laptop running 10.8.5 that's working. I had to remove the
> /overlay/etc/rc.local file and reboot before Dave's /etc/fixdaemons would
> show up. My saved configuration was stopping it from working.

I usually backup /overlay and restore it carefully after doing a diff.

As for using rc.local here rather than creating a package, Sorry! it was a
"simple expedient"... I'd rather have it work right on boot.

But:

There are a few other things that I'd like to start or restart after
the device has gathered some entropy.  Notably cero is now generating
certs for the web interface but not apparently in a form lighttpd can
parse. (make_certs.sh)

So anyway it seems sane to have a new package deferred_start? to fire
off stuff like that, too, and not do anything in rc.local as part of
the distro.

> --
> David P.
>
>
> On Sun, Oct 20, 2013 at 9:12 AM, Fred Stratton <fredstratton@imap.cc> wrote:
>>
>> Spoke too soon . Machine running OS X 10.8.5 cannot obtain wireless DHCP
>> lease. Machine running 10.7.5 has no problem.
>>
>>
>> On 20/10/13 06:41, Dave Taht wrote:
>>>
>>> + sync with openwrt
>>> + dnsmasq 2.67rc4
>>> + get_cycles() and /dev/random fixes
>>> + mild firewall changes
>>> + actually sort of tested
>>> -  sysupgrade still busted
>>> - didn't package the jitter rng
>>>
>>> The simple expedient of putting a script in /etc/rc.local to restart
>>> pimd, minissdpd, and dnsmasq 60 seconds after boot appears to get us a
>>> working dhcp/dns on the wifi interfaces once again.
>>>
>>> dnsmasq wasn't busted, it was how it interfaces to netifd. the march
>>> down to something deployable resumes with rc4.
>>>
>>> This is the first test that I know of, of some of the RNG fixes
>>> upstream, notably the mips code does the right thing with a highly
>>> optimized "get_cycles()".
>>>
>>> There are two changes to the firewall code
>>>
>>> 1) There has been a long-standing error in not blocking port 161
>>> (snmp) from the outside world. It is now blocked by default.
>>>
>>> Although I am not aware of any exploits of this (besides the
>>> information leakage) I would recommend blocking this port by default
>>> on your existing builds, also, or disabling the snmp daemon entirely
>>> if you do not use it.
>>>
>>> 2) Usage of the "pattern matching syntax" on various firewall rules.
>>>
>>> Instead of 3 rules for se00,sw00,sw10, and 4 for gw00,gw10,gw01,gw11
>>> there are now 1 rule for s+ and one rule for gw+
>>>
>>> This does not show up in the web interface correctly. I'd also like to
>>> get to a more efficient rule set for the blocked ports, perhaps with
>>> ipset...
>>>
>>> ...
>>>
>>> It's sort of my hope that with these fixes that the march towards a
>>> stable release can resume, and we get some fresh shiny new bugs out of
>>> this.
>>>
>>> Upcoming next are a revised version of pie, more random number fixes,
>>> and I forget what else.
>>>
>>>
>>> 3)
>>>
>>
>> _______________________________________________
>> Cerowrt-devel mailing list
>> Cerowrt-devel@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html