From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 880B621F231 for ; Mon, 21 Apr 2014 12:09:11 -0700 (PDT) Received: by mail-wg0-f42.google.com with SMTP id y10so2944252wgg.13 for ; Mon, 21 Apr 2014 12:09:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=If24sf1oX6rR71dYsNphi3pJf/rRRLN1zRW+AZqnn5k=; b=Rcf/9kluV28GxCUVih39luAzlt1aruuYWOOaj2J7NamYFqoSh7vieZtcc99lOD3iGS FSYoYRYxhJSJSSXttHTSczeBbRweC8c/JMmsFzWLTsZsYjVXgQwvvbvYjilTz73DzF/x Pr9QXciKrXapCS2oGJx80xAGPqHNtFvbNZ5FT2Lr+OWtfXnPM/il8wQey1AG7Fii+Dz4 XutCT11xA1c6up8FYgEaWRGKU1bb2IPHAqrmlYZL5Mf20iXVd0qNABhQz4tr5geM/dTc bplth25SZ2FbOQWkj9m7CufwVydA8UYrTlftfIDgOU8SPIYdfV8T32D0tMn/QJryiDd3 e4Jw== MIME-Version: 1.0 X-Received: by 10.194.6.106 with SMTP id z10mr29535184wjz.1.1398107349074; Mon, 21 Apr 2014 12:09:09 -0700 (PDT) Received: by 10.216.177.10 with HTTP; Mon, 21 Apr 2014 12:09:09 -0700 (PDT) In-Reply-To: References: Date: Mon, 21 Apr 2014 12:09:09 -0700 Message-ID: From: Dave Taht To: Sebastian Moeller Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] cerowrt-3.10.36-6 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2014 19:09:12 -0000 On Sun, Apr 20, 2014 at 1:46 PM, Sebastian Moeller wrote: > Hi Dave, > > > On Apr 19, 2014, at 22:01 , Dave Taht wrote: > >> + felix's wifi patch for bug #442 added >> please break wifi. >> >> + debloat qlens reduced again to 12 for be and bk wifi queues >> + heartbleed fix from -3 forward >> >> I note that nearly every "secured"-by-openssl network facing daemon has = been >> shown vulnerable to heartbleed. The hole in openvpn bit *me*, in >> particular. I've updated, rekeyed and re-certified the vpns I have in >> place, and you should too for any openvpn servers and clients you have >> too. >> >> It was a real PITA for me, and I only had a few boxes on it. >> >> For more details, see: http://community.openvpn.net/openvpn/wiki/heartbl= eed >> >> For more details on the daemons potentially affected by heartbleed in >> cerowrt, openwrt, and others, see the advisory at: >> >> http://www.bufferbloat.net/news/50 >> >> + resync with openwrt >> notably there were updates to netifd, and a fix for a strongswan CVE >> >> + dnscrypt added as an optional package (thx stephen walker and "mailjoe= ") >> + snort added as an optional package >> >> +/- full dnssec >> - upgrade to httping 2.x broke >> - no sqm auto tuning yet > > Note, all you need is to put the word "auto" (without the quotes)= in the fields named: > Latency target for ingress, e.g 5ms [units: s, ms, or us]; leave empty fo= r default, or auto for automatic selection. > and > Latency target for egress, e.g. 5ms [units: s, ms, or us]; leave empty fo= r default, or auto for automatic selection.. > > The bigger caveat is that the current implementation probably is not idea= l and could need a bit of data guided optimization=E2=80=A6 And more eyeballs. > @Dave: if you think this is ready to be inflicted upon the greater cerowr= t community I can see what is required to actually make SQM default to that= behavior.. Inflict away. > Best Regards > sebastian > >> - neither snort nor dnscrypt tested >> >> If you are not experiencing problems with wifi or with heartbleed >> there are few reasons to update to this release. >> >> I wanted to note to those that use sysupgrade without a clean reflash, >> in that the >> /etc/opkg.conf file is not re-written in this case, and still points >> to the old repository. >> If you wish to install additional packages after an inplace upgrade, >> you will have >> to also update /etc/opkg.conf to point to the right place. >> >> -- >> Dave T=C3=A4ht >> >> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_02= 96_indecent.article >> _______________________________________________ >> Cerowrt-devel mailing list >> Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel > --=20 Dave T=C3=A4ht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_= indecent.article