From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 5FA6721F1DC for ; Sat, 19 Oct 2013 22:41:08 -0700 (PDT) Received: by mail-wg0-f42.google.com with SMTP id n12so3443846wgh.5 for ; Sat, 19 Oct 2013 22:41:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=AqHz7JN3i03Qfst/PKremS+oXi0KYhrTrBzkP80gFHg=; b=nggDuLrIrQQD35DDXhNid6VUYeXKFXxZ0xWvBJ3yk1DZy0ivurS0YmdIzsqsnQiTli 9NwcpHweU8yQTdAc/RuXD8l2goHC6Q4XVqzdd83RBQIZXkC6qyBeTWKXbxtwsLDYgeGj oXK6ZXceueJTUYrDAUXjkjt8zS9nE/mOIwh8wUFKen2vWgtKTPT+Mefg0LI9FCkuBJfW KBPK1a/EP25QHRzjtLC9oGIu4T1eSqXsZg9SeA+xpMarnAiJ2RY5tV31W1/MapbJOOKQ MPzvrI16NZl6UXL07W2+2w2hbqy/Yh1FiJpHRMfGpauWPT6QHDO1kuRVhL7hMn0EAcFb G29A== MIME-Version: 1.0 X-Received: by 10.180.98.105 with SMTP id eh9mr5072267wib.56.1382247665406; Sat, 19 Oct 2013 22:41:05 -0700 (PDT) Received: by 10.217.67.202 with HTTP; Sat, 19 Oct 2013 22:41:05 -0700 (PDT) Date: Sat, 19 Oct 2013 22:41:05 -0700 Message-ID: From: Dave Taht To: "cerowrt-devel@lists.bufferbloat.net" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] development build 3.10.17-1 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Oct 2013 05:41:08 -0000 + sync with openwrt + dnsmasq 2.67rc4 + get_cycles() and /dev/random fixes + mild firewall changes + actually sort of tested - sysupgrade still busted - didn't package the jitter rng The simple expedient of putting a script in /etc/rc.local to restart pimd, minissdpd, and dnsmasq 60 seconds after boot appears to get us a working dhcp/dns on the wifi interfaces once again. dnsmasq wasn't busted, it was how it interfaces to netifd. the march down to something deployable resumes with rc4. This is the first test that I know of, of some of the RNG fixes upstream, notably the mips code does the right thing with a highly optimized "get_cycles()". There are two changes to the firewall code 1) There has been a long-standing error in not blocking port 161 (snmp) from the outside world. It is now blocked by default. Although I am not aware of any exploits of this (besides the information leakage) I would recommend blocking this port by default on your existing builds, also, or disabling the snmp daemon entirely if you do not use it. 2) Usage of the "pattern matching syntax" on various firewall rules. Instead of 3 rules for se00,sw00,sw10, and 4 for gw00,gw10,gw01,gw11 there are now 1 rule for s+ and one rule for gw+ This does not show up in the web interface correctly. I'd also like to get to a more efficient rule set for the blocked ports, perhaps with ipset... ... It's sort of my hope that with these fixes that the march towards a stable release can resume, and we get some fresh shiny new bugs out of this. Upcoming next are a revised version of pie, more random number fixes, and I forget what else. 3) --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html