From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 1B0AD21F14E for ; Mon, 21 Apr 2014 12:42:14 -0700 (PDT) Received: by mail-wi0-f173.google.com with SMTP id z2so2232585wiv.12 for ; Mon, 21 Apr 2014 12:42:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=qmrmg+bdUupLJnT243hemvHY4TjWpVvN0+feJvuAvAg=; b=AwXIAOc6Yl1LBu/6+7YMoAvk26oz7pWYjqOq847HUHdFZ+vCxn7zd9lKF62PyKI7ZZ HDDjkXl0c9ZlMCTE+YzFuqZPyD8GP1zoce6UIy/f3hVXAYsK6/GWAaH1RnT1us0t3xwB oFU7MCKBS0kTkfkjANaJPnk3whq1AhQ8dlD6WvgE/LjFyyCm+sqtU/j8lKjOkZaAGaFm cvJgUP3j3FUmSlksZ3K+2t1mYJMEp4gwi1BPx8ZWlTO7iUDZxUMGNbvKY/rLfzOkI4b6 Nb1/muHyeyZII/YO/trQ3UNYy+uwcAU2efAG9URkjaJDAJfp7Hqbc6+DN0GfyevO1FFQ QrSg== MIME-Version: 1.0 X-Received: by 10.180.14.36 with SMTP id m4mr2678138wic.53.1398109333074; Mon, 21 Apr 2014 12:42:13 -0700 (PDT) Received: by 10.216.177.10 with HTTP; Mon, 21 Apr 2014 12:42:13 -0700 (PDT) In-Reply-To: <7AADF025-DEFA-4A21-8934-CB5188D1F882@gmx.de> References: <7AADF025-DEFA-4A21-8934-CB5188D1F882@gmx.de> Date: Mon, 21 Apr 2014 12:42:13 -0700 Message-ID: From: Dave Taht To: Sebastian Moeller Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] cerowrt-3.10.36-6 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2014 19:42:15 -0000 On Mon, Apr 21, 2014 at 12:18 PM, Sebastian Moeller wrote= : > Hi Dave, > > On Apr 21, 2014, at 21:09 , Dave Taht wrote: > >> On Sun, Apr 20, 2014 at 1:46 PM, Sebastian Moeller wro= te: >>> Hi Dave, >>> >>> >>> On Apr 19, 2014, at 22:01 , Dave Taht wrote: >>> >>>> + felix's wifi patch for bug #442 added >>>> please break wifi. >>>> >>>> + debloat qlens reduced again to 12 for be and bk wifi queues >>>> + heartbleed fix from -3 forward >>>> >>>> I note that nearly every "secured"-by-openssl network facing daemon ha= s been >>>> shown vulnerable to heartbleed. The hole in openvpn bit *me*, in >>>> particular. I've updated, rekeyed and re-certified the vpns I have in >>>> place, and you should too for any openvpn servers and clients you have >>>> too. >>>> >>>> It was a real PITA for me, and I only had a few boxes on it. >>>> >>>> For more details, see: http://community.openvpn.net/openvpn/wiki/heart= bleed >>>> >>>> For more details on the daemons potentially affected by heartbleed in >>>> cerowrt, openwrt, and others, see the advisory at: >>>> >>>> http://www.bufferbloat.net/news/50 >>>> >>>> + resync with openwrt >>>> notably there were updates to netifd, and a fix for a strongswan CVE >>>> >>>> + dnscrypt added as an optional package (thx stephen walker and "mailj= oe") >>>> + snort added as an optional package >>>> >>>> +/- full dnssec >>>> - upgrade to httping 2.x broke >>>> - no sqm auto tuning yet >>> >>> Note, all you need is to put the word "auto" (without the quotes= ) in the fields named: >>> Latency target for ingress, e.g 5ms [units: s, ms, or us]; leave empty = for default, or auto for automatic selection. >>> and >>> Latency target for egress, e.g. 5ms [units: s, ms, or us]; leave empty = for default, or auto for automatic selection.. >>> >>> The bigger caveat is that the current implementation probably is not id= eal and could need a bit of data guided optimization=E2=80=A6 >> >> And more eyeballs. > > Oh, sure! > >> >>> @Dave: if you think this is ready to be inflicted upon the greater cero= wrt community I can see what is required to actually make SQM default to th= at behavior.. >> >> Inflict away. > > Great, I just pushed a number of changes reworking the handling o= f IFB devices (WIP, lightly tested not fully complete but saner than the pr= evious hard coding). I also snuck in the change I believe to me the last mi= ssing piece to change the "default" behavior to auto. > How do I build an ilk packet from ceropackages? Then I could go a= nd test a fresh install to see whether the committed changes actually chanc= e the default ;). Well, it helps to have a buildable cerowrt of your own... OR, you can just bump up the version numbers in the makefiles like I just did, and do a new build of the "stable"-ish cerowrt (3.10.36-6), push it out, which I just did, and ask folk to make sure their /etc/opkg.conf points to the right 3.10.36-6 repo, and to then do a opkg update opkg upgrade luci-app-sqm sqm-scripts which should pick up and install those two packages for further testing. I do look forward to the day where the kernel settles down enough to be abl= e to incrementally improve/update/fix various packages and libraries only, or we come up with a way to make incremental updates work more often. ... in other news, making a little headway on the ubnt edgerouter: http://community.ubnt.com/t5/EdgeMAX/S-FQ-CoDel-Support-Possible/m-p/800436= /highlight/false#M28705 ... >Oh and I do hope you have/will have a great vacation. thx. turned out getting a hotel in SJDS on easter was too hard so I didn't jump on a plane this weekend. I went biking in SF instead. Fell and either bruised or broke a rib. Not sure if I'm going anywhere after that. It was nice to not think about the internet for a while anyway. > > Best Regards > Sebastian > >> >>> Best Regards >>> sebastian >>> >>>> - neither snort nor dnscrypt tested >>>> >>>> If you are not experiencing problems with wifi or with heartbleed >>>> there are few reasons to update to this release. >>>> >>>> I wanted to note to those that use sysupgrade without a clean reflash, >>>> in that the >>>> /etc/opkg.conf file is not re-written in this case, and still points >>>> to the old repository. >>>> If you wish to install additional packages after an inplace upgrade, >>>> you will have >>>> to also update /etc/opkg.conf to point to the right place. >>>> >>>> -- >>>> Dave T=C3=A4ht >>>> >>>> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_= 0296_indecent.article >>>> _______________________________________________ >>>> Cerowrt-devel mailing list >>>> Cerowrt-devel@lists.bufferbloat.net >>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >>> >> >> >> >> -- >> Dave T=C3=A4ht >> >> NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_02= 96_indecent.article > --=20 Dave T=C3=A4ht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_= indecent.article