From: Dave Taht <dave.taht@gmail.com>
To: "cerowrt-devel@lists.bufferbloat.net"
<cerowrt-devel@lists.bufferbloat.net>
Subject: [Cerowrt-devel] development build 3.10.17-1 released
Date: Sat, 19 Oct 2013 22:41:05 -0700 [thread overview]
Message-ID: <CAA93jw4xL1yKm=nxya9YG288puja8e5UoK7u8Op2+g3zmZMKWA@mail.gmail.com> (raw)
+ sync with openwrt
+ dnsmasq 2.67rc4
+ get_cycles() and /dev/random fixes
+ mild firewall changes
+ actually sort of tested
- sysupgrade still busted
- didn't package the jitter rng
The simple expedient of putting a script in /etc/rc.local to restart
pimd, minissdpd, and dnsmasq 60 seconds after boot appears to get us a
working dhcp/dns on the wifi interfaces once again.
dnsmasq wasn't busted, it was how it interfaces to netifd. the march
down to something deployable resumes with rc4.
This is the first test that I know of, of some of the RNG fixes
upstream, notably the mips code does the right thing with a highly
optimized "get_cycles()".
There are two changes to the firewall code
1) There has been a long-standing error in not blocking port 161
(snmp) from the outside world. It is now blocked by default.
Although I am not aware of any exploits of this (besides the
information leakage) I would recommend blocking this port by default
on your existing builds, also, or disabling the snmp daemon entirely
if you do not use it.
2) Usage of the "pattern matching syntax" on various firewall rules.
Instead of 3 rules for se00,sw00,sw10, and 4 for gw00,gw10,gw01,gw11
there are now 1 rule for s+ and one rule for gw+
This does not show up in the web interface correctly. I'd also like to
get to a more efficient rule set for the blocked ports, perhaps with
ipset...
...
It's sort of my hope that with these fixes that the march towards a
stable release can resume, and we get some fresh shiny new bugs out of
this.
Upcoming next are a revised version of pie, more random number fixes,
and I forget what else.
3)
--
Dave Täht
Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html
next reply other threads:[~2013-10-20 5:41 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-20 5:41 Dave Taht [this message]
2013-10-20 8:35 ` Fred Stratton
2013-10-20 13:12 ` Fred Stratton
2013-10-20 13:17 ` David Personette
2013-10-20 13:41 ` Fred Stratton
2013-10-20 13:55 ` David Personette
2013-10-21 4:11 ` Michael Richardson
2013-10-21 9:26 ` David Personette
2013-10-21 12:22 ` David Personette
2013-10-21 13:50 ` [Cerowrt-devel] development build 3.10.17-2 released Fred Stratton
2013-10-21 14:46 ` David Personette
2013-10-21 15:39 ` Fred Stratton
2013-10-21 16:38 ` Fred Stratton
2013-10-21 17:18 ` David Personette
2013-10-21 18:23 ` Dave Taht
2013-10-21 1:22 ` [Cerowrt-devel] development build 3.10.17-1 released Dave Taht
[not found] <5264020C.2030203@imap.cc>
2013-10-20 16:18 ` Fred Stratton
2013-10-20 16:25 ` Fred Stratton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAA93jw4xL1yKm=nxya9YG288puja8e5UoK7u8Op2+g3zmZMKWA@mail.gmail.com' \
--to=dave.taht@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox